Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid running api and worker as root #153

Merged
merged 1 commit into from Mar 12, 2019
Merged

Avoid running api and worker as root #153

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
8 changes: 4 additions & 4 deletions docker-compose.yml
View file
Open in desktop
Expand Up @@ -44,10 +44,10 @@ services:
- ${APP_PORT}:80
environment:
DNS_RESOLVER: 127.0.0.11
HOSTNAME_CLIENT_READ: api
HOSTNAME_CLIENT_WRITE: api
HOSTNAME_EMAIL_RECEIVE: api
HOSTNAME_CLIENT_REGISTER: api
HOSTNAME_CLIENT_READ: api:8080
HOSTNAME_CLIENT_WRITE: api:8080
HOSTNAME_EMAIL_RECEIVE: api:8080
HOSTNAME_CLIENT_REGISTER: api:8080
REGISTRATION_USERNAME: admin
REGISTRATION_PASSWORD: password
depends_on:
Expand Down
12 changes: 9 additions & 3 deletions docker/app/Dockerfile
View file
Open in desktop
Expand Up @@ -21,17 +21,23 @@ RUN apt-get update \
COPY opwen_email_server /app/opwen_email_server
COPY docker/app/run-gunicorn.sh /app/run-gunicorn.sh
COPY docker/app/run-celery.sh /app/run-celery.sh
COPY docker/docker-entrypoint.sh /docker-entrypoint.sh
COPY docker/docker-entrypoint.sh /app/docker-entrypoint.sh

RUN groupadd -r opwen \
&& useradd -r -s /bin/false -g opwen opwen \
&& chown -R opwen:opwen /app

USER opwen

ENV TESTING_UI="False"
ENV CONNEXION_SERVER="tornado"
ENV CONNEXION_SPEC="SET_ME"
ENV SERVER_WORKERS="1"
ENV QUEUE_WORKERS="1"
ENV LOKOLE_LOG_LEVEL="INFO"
ENV PORT=80
ENV PORT=8080

EXPOSE ${PORT}
WORKDIR /app
ENTRYPOINT ["/docker-entrypoint.sh"]
ENTRYPOINT ["/app/docker-entrypoint.sh"]
CMD ["bash"]
2 changes: 1 addition & 1 deletion helm/templates/api-deployment.yaml
View file
Open in desktop
Expand Up @@ -43,7 +43,7 @@ spec:
name: cloudflare
key: LOKOLE_CLOUDFLARE_KEY
ports:
- containerPort: 80
- containerPort: 8080
resources: {}
restartPolicy: Always
status: {}
8 changes: 4 additions & 4 deletions helm/templates/nginx-deployment.yaml
View file
Open in desktop
Expand Up @@ -24,13 +24,13 @@ spec:
- name: DNS_RESOLVER
value: 127.0.0.1:53 ipv6=off
- name: HOSTNAME_CLIENT_READ
value: api
value: api:8080
- name: HOSTNAME_CLIENT_WRITE
value: api
value: api:8080
- name: HOSTNAME_EMAIL_RECEIVE
value: api
value: api:8080
- name: HOSTNAME_CLIENT_REGISTER
value: api
value: api:8080
- name: REGISTRATION_USERNAME
valueFrom:
secretKeyRef:
Expand Down