varnish / docker-varnish

Official docker image
https://hub.docker.com/_/varnish
82 stars 34 forks source link

I need to use Non root user in container #28

Closed jbrunetext closed 3 years ago

jbrunetext commented 3 years ago

I need to create a non root user in container . Like This :

RUN useradd -c 'varnish user' -m -d /home/varnish -s /bin/bash varnish RUN chown -R varnish.varnish /src USER varnish ENV HOME /home/varnish COPY client/docker/varnish/conf /etc/varnish CMD ["bash", "-c", "varnishd -F -f /etc/varnish/default.vcl -p http_req_hdr_len=65536 -p http_req_size=98304 -p workspace_backend=256k -p workspace_client=256k -p shm_reclen=1024 -p max_retries=1 & varnishncsa -b -c -t off"]

Does it work ?

gquintard commented 3 years ago

you can actually do something way simpler than this. The only issue with running with an unprivileged user is that /var/lib/varnish belongs to root, so you can either chmod it, or tell varnish to use something else (with -n /tmp/varnish):

docker run -u varnish varnish -n /tmp/varnish -p http_req_hdr_len=65536 -p http_req_size=98304 -p workspace_backend=256k -p workspace_client=256k -p shm_reclen=1024 -p max_retries=1

the varnish user already exists, so no need to do anything

I would note that the running two processes isn't very "docker-like" and that you should instead run a side car container mounting /tmp/varnish so it can access the logs.

Does that help?

jbrunetext commented 3 years ago

thanks for your feedback i will try these tips and techniques on next deployement