Clarify how to use the different base image versions.

[PositivPy]

There seems to be multiple options for the base image. However it is unclear how to use them. Furthermore, the alpine folder image is build from alpine-slim while the Dockerfile in /alpine-slim/ is using the base alpine image.

A clear and concise description of how you should use the alpine-slim version in the docs would be nice.

Furthermore both nginxinc/nginx-unprivileged:1.24.0-alpine-slim and nginxinc/nginx-unprivileged:alpine-slim gives: Error response from daemon: unable to find user www-data (or any other user): no matching entries in passwd file. But using the base nginxinc/nginx-unprivileged works as expected.

[alessfg]

Hey @syker-uk!

Both images seem to be running correctly on my end and I can't reproduce your issue. There is supposed to be no user since these are unprivileged images (the system running the container decides what the user is). Are you perhaps changing the default config file?

Re how to use the alpine-slim version, I am not entirely sure we need to add more info? I am not entirely sure what shape that info would take? It's as simple as running docker run -d nginxinc/nginx-unprivileged:1.24.0-alpine-slim -- and I am a bit wary of adding docs re how to use Docker to this repo since this is not the place such docs should live. I can add a little table detailing which tags are available but that's about the extent of what I want to do.

Re how the images are built, I am hoping to do a more detailed write up re how to locally build and test the images, but I don't have a realistic ETA for it. The tl;dr is that the alpine-perl image uses the alpine NGINX image to speed up the build process. Same thing happens between the alpine NGINX image and the alpine-slim image.

[seangnhs]

I have the same issue that user www-data isn't present in the alpine image and has to be added specifically. But is present on the Debian based image.

1.27.2 tag

$ cat /etc/passwd | sort
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
games:x:5:60:games:/usr/games:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
nginx:x:101:101:nginx user:/nonexistent:/bin/false
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
root:x:0:0:root:/root:/bin/bash
sync:x:4:65534:sync:/bin:/bin/sync
sys:x:3:3:sys:/dev:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin

1.27.2-alpine tag

/ $ cat /etc/passwd | sort
bin:x:1:1:bin:/bin:/sbin/nologin
cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
ftp:x:21:21::/var/lib/ftp:/sbin/nologin
games:x:35:35:games:/usr/games:/sbin/nologin
guest:x:405:100:guest:/dev/null:/sbin/nologin
halt:x:7:0:halt:/sbin:/sbin/halt
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
mail:x:8:12:mail:/var/mail:/sbin/nologin                                   
news:x:9:13:news:/usr/lib/news:/sbin/nologin
nginx:x:101:101:nginx:/var/cache/nginx:/sbin/nologin
nobody:x:65534:65534:nobody:/:/sbin/nologin
ntp:x:123:123:NTP:/var/empty:/sbin/nologin
root:x:0:0:root:/root:/bin/sh
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
sshd:x:22:22:sshd:/dev/null:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin

[alessfg]

Alpine images don't have a www-data user by default, and these images don't go out of their way to create the user.

If you'd like to see it be created by default, I would suggest opening an issue in the upstream Docker NGINX repo to discuss the idea, but you should also be able to easily tweak the Alpine image and/or Dockerfiles to have it be present.

[seangnhs]

Thanks for the clarification @alessfg