Skip to content

Update to run container as non-root user and other security updates#4

Open
m4rc77 wants to merge 6 commits intoMorbZ:masterfrom
m4rc77:master
Open

Update to run container as non-root user and other security updates#4
m4rc77 wants to merge 6 commits intoMorbZ:masterfrom
m4rc77:master

Conversation

@m4rc77
Copy link

@m4rc77 m4rc77 commented Jan 16, 2020

This pull request contains the following changes:

  • Update to run container as non-root user for security reasons.
  • Changed default port to 8080
  • Update to nginx 1.17.
  • Using https:// as default redirect target instead of http://.

This change might brake existing clients. Maybe a new release/branch is advised.

Marc Schmid (mschmid) and others added 6 commits January 16, 2020 11:17
wirespecter
wirespecter reviewed Apr 13, 2022
View reviewed changes
Dockerfile
EXPOSE 80
EXPOSE 8080

USER 1000
Copy link

@wirespecter wirespecter Apr 13, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have a question. Even if you switched to a non-root user here, wouldn't nginx still be running as root in the background?

My point is: if an attacker finds a way to exploit nginx he will be root.
To avoid this: a new non-root user must be created and add user nonroot_username; in nginx conf so that nginx is not run as root too :)

@leMaik leMaik mentioned this pull request Mar 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@wirespecter wirespecter wirespecter left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@m4rc77 @wirespecter @herrfinke