Open edheliel opened 5 days ago
Hey @edheliel, thank you for bringing this up.
The image has nginx bundled originally out of two reasons:
I agree with the point of running an unpriviliged user and an overall smaller image.
This might cause a problem that I want to avoid: breaking backwards compability. So that An Otterwiki user breaks an existing installation because of a change in ports.
Thinking about it: Maybe an extra released "slim" image, with a matching tag like otterwiki:2.x.y-slim
would be a conceivable middle ground?
Hi @redimp,
Sorry for the late reply, life happened. I agree that maybe going for 2 different versions of the docker image is the way to go so everyone can choose what they feel is the right thing for them.
Current State
The docker image comes with
nginx
reverse proxy baked in and opens container port80
.Issue description
kubernetes
withrunAsUser
as you won't have those privilegesproduction
like deployments or microservice based deployments you usually have anIngressController
or a separate reverse proxy that would deal with SSL terminationConclusion
docker
container would improve the state of the application in several waysotterwiki
PS: Unless there is some other reason why
nginx
is inside of the docker image, for me seems reasonable to not ship the container withnginx
and rather use smaller more secure container image likealpine
or the likesIf this is on your radar I am also happy to help