Closed jbrunetext closed 3 years ago
you can actually do something way simpler than this. The only issue with running with an unprivileged user is that /var/lib/varnish
belongs to root
, so you can either chmod it, or tell varnish
to use something else (with -n /tmp/varnish
):
docker run -u varnish varnish -n /tmp/varnish -p http_req_hdr_len=65536 -p http_req_size=98304 -p workspace_backend=256k -p workspace_client=256k -p shm_reclen=1024 -p max_retries=1
the varnish
user already exists, so no need to do anything
I would note that the running two processes isn't very "docker-like" and that you should instead run a side car container mounting /tmp/varnish
so it can access the logs.
Does that help?
thanks for your feedback i will try these tips and techniques on next deployement
I need to create a non root user in container . Like This :
RUN useradd -c 'varnish user' -m -d /home/varnish -s /bin/bash varnish RUN chown -R varnish.varnish /src USER varnish ENV HOME /home/varnish COPY client/docker/varnish/conf /etc/varnish CMD ["bash", "-c", "varnishd -F -f /etc/varnish/default.vcl -p http_req_hdr_len=65536 -p http_req_size=98304 -p workspace_backend=256k -p workspace_client=256k -p shm_reclen=1024 -p max_retries=1 & varnishncsa -b -c -t off"]
Does it work ?