From 36f89e306c32dd4346d3a8dc563b85c4882ae71d Mon Sep 17 00:00:00 2001 From: Sebastian Gottling Date: Mon, 23 Mar 2026 14:23:09 +0100 Subject: [PATCH 1/3] Fixed Dockerfiles to make ownership gid 0 --- debian-dev/Dockerfile | 3 +++ debian/Dockerfile | 4 +++- redhat/Dockerfile | 3 +++ ubuntu/Dockerfile | 4 +++- 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/debian-dev/Dockerfile b/debian-dev/Dockerfile index adb0e8e5..d6935fbd 100644 --- a/debian-dev/Dockerfile +++ b/debian-dev/Dockerfile @@ -53,6 +53,9 @@ RUN apt-get -y update --fix-missing \ COPY --from=build /usr/local/apisix /usr/local/apisix COPY --from=build /usr/bin/apisix /usr/bin/apisix +RUN chgrp -R 0 /usr/local/apisix \ + && chmod -R g=u /usr/local/apisix + ENV DEBIAN_FRONTEND noninteractive RUN apt-get -y update --fix-missing \ && apt-get install -y \ diff --git a/debian/Dockerfile b/debian/Dockerfile index f624ec50..b51fbcc0 100644 --- a/debian/Dockerfile +++ b/debian/Dockerfile @@ -53,7 +53,9 @@ ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/ RUN groupadd --system --gid 636 apisix \ && useradd --system --gid apisix --no-create-home --shell /usr/sbin/nologin --uid 636 apisix \ - && chown -R apisix:apisix /usr/local/apisix + && chown -R apisix:apisix /usr/local/apisix \ + && chgrp -R 0 /usr/local/apisix \ + && chmod -R g=u /usr/local/apisix USER apisix diff --git a/redhat/Dockerfile b/redhat/Dockerfile index 7ef439bd..27fdf663 100644 --- a/redhat/Dockerfile +++ b/redhat/Dockerfile @@ -35,6 +35,9 @@ WORKDIR /usr/local/apisix ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin +RUN chgrp -R 0 /usr/local/apisix \ + && chmod -R g=u /usr/local/apisix + # forward request and error logs to docker log collector RUN ln -sf /dev/stdout /usr/local/apisix/logs/access.log \ && ln -sf /dev/stderr /usr/local/apisix/logs/error.log \ diff --git a/ubuntu/Dockerfile b/ubuntu/Dockerfile index 98cc717e..cd0f3e66 100644 --- a/ubuntu/Dockerfile +++ b/ubuntu/Dockerfile @@ -53,7 +53,9 @@ ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/ RUN groupadd --system --gid 636 apisix \ && useradd --system --gid apisix --no-create-home --shell /usr/sbin/nologin --uid 636 apisix \ - && chown -R apisix:apisix /usr/local/apisix + && chown -R apisix:apisix /usr/local/apisix \ + && chgrp -R 0 /usr/local/apisix \ + && chmod -R g=u /usr/local/apisix USER apisix From 3375893e0cef36cd25d35c43e6f1ea622a9bb4b2 Mon Sep 17 00:00:00 2001 From: Sebastian Gottling Date: Mon, 23 Mar 2026 14:32:35 +0100 Subject: [PATCH 2/3] Remove for debian-dev --- debian-dev/Dockerfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/debian-dev/Dockerfile b/debian-dev/Dockerfile index d6935fbd..adb0e8e5 100644 --- a/debian-dev/Dockerfile +++ b/debian-dev/Dockerfile @@ -53,9 +53,6 @@ RUN apt-get -y update --fix-missing \ COPY --from=build /usr/local/apisix /usr/local/apisix COPY --from=build /usr/bin/apisix /usr/bin/apisix -RUN chgrp -R 0 /usr/local/apisix \ - && chmod -R g=u /usr/local/apisix - ENV DEBIAN_FRONTEND noninteractive RUN apt-get -y update --fix-missing \ && apt-get install -y \ From b104dd39dc4e64fe2139a1086d522cc31e45b210 Mon Sep 17 00:00:00 2001 From: Sebastian Gottling Date: Thu, 26 Mar 2026 12:49:24 +0100 Subject: [PATCH 3/3] Align redhat dockerfile with ubuntu and debian dockerfile --- redhat/Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/redhat/Dockerfile b/redhat/Dockerfile index 27fdf663..f6b4dcf9 100644 --- a/redhat/Dockerfile +++ b/redhat/Dockerfile @@ -35,7 +35,10 @@ WORKDIR /usr/local/apisix ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin -RUN chgrp -R 0 /usr/local/apisix \ +RUN groupadd --system --gid 636 apisix \ + && useradd --system --gid apisix --no-create-home --shell /usr/sbin/nologin --uid 636 apisix \ + && chown -R apisix:apisix /usr/local/apisix \ + && chgrp -R 0 /usr/local/apisix \ && chmod -R g=u /usr/local/apisix # forward request and error logs to docker log collector @@ -43,6 +46,8 @@ RUN ln -sf /dev/stdout /usr/local/apisix/logs/access.log \ && ln -sf /dev/stderr /usr/local/apisix/logs/error.log \ && rm /usr/local/openresty/bin/etcdctl +USER apisix + EXPOSE 9080 9443 COPY ./docker-entrypoint.sh /docker-entrypoint.sh