Run as non root by default

macbre / docker-nginx-http3

Stable and up-to-date root-less nginx with quic + http/3, google brotli compression, njs, GeoIP2, and Grade A+ SSL config

https://hub.docker.com/r/macbre/nginx-http3

159 stars 52 forks source link

Run as non root by default #92

Closed macbre closed 1 year ago

macbre commented 1 year ago

Running containers as root is not the best practice (it violates the Principle of Least Privilege (PoLP) when superuser permissions are not strictly required) and nginx does not need to listen on ports from the range of 1-1023.

http://pjdietz.com/2016/08/28/nginx-in-docker-without-root.html

macbre commented 1 year ago

$ docker run --rm ghcr.io/macbre/nginx-http3:latest id nginx
uid=100(nginx) gid=101(nginx) groups=101(nginx),101(nginx)