From: Your Name Date: Wed, 29 Apr 2020 09:50:20 +0000 (+0200) Subject: unprivilidged user, port 8080, docs X-Git-Tag: 4.2.0~60 X-Git-Url: https://git.p6c8.net/jirafeau_project.git/commitdiff_plain/e91b93baaaa5e4bb1baa2e565c2db4776c211039?ds=sidebyside;hp=b7cba998a553a2c2050a44161c08e2cdb507b514 unprivilidged user, port 8080, docs --- diff --git a/Dockerfile b/Dockerfile index 848048d..e88b532 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM php:7.3-fpm-alpine MAINTAINER "Jérôme Jutteau " -ARG USER_UID=0 +ARG USER_UID=2009 # install base RUN apk update && \ diff --git a/docker/README.md b/docker/README.md index 5dc4c2c..432c351 100644 --- a/docker/README.md +++ b/docker/README.md @@ -20,17 +20,26 @@ docker build -t mojo42/jirafeau:latest . Once you have your Jirafeau's image, you can run a quick & dirty Jirafeau using: ``` -docker run -d -p 8000:80 mojo42/jirafeau +docker run -d -p 8080:8080 mojo42/jirafeau ``` -and then connect on [locahost:8000](http://localhost:8000) and proceed to installation. +and then connect on [locahost:8080](http://localhost:8080) and proceed to installation. An other way to run Jirafeau (in a more controlled way) is to mount your Jirafeau's reprository in /www folder so your data are outside the container. This way, you will be able to easily make backups, upgrade Jirafeau, change configuration and develop Jirafeau. ``` -docker run -d -p 8000:80 -v$(pwd):/www mojo42/jirafeau +docker run -d -p 8080:8080 -v$(pwd):/www mojo42/jirafeau ``` There are also other ways to manage your container (like docker's volumes) but this is out of the scope of this documentation. +## Security + +Jirafeau is run without privilidges with user id 2009. To make it able to open privilidged ports you can pass the capability, just stay with 8080 and use a reverse proxy or map the port 80:8080. +``` +docker run -d -p 80:80 --sysctl net.ipv4.ip_unprivileged_port_start=80 mojo42/jirafeau +docker run -d -p 8080:8080 mojo42/jirafeau +docker run -d -p 80:8080 mojo42/jirafeau +``` + ## Few notes - SSL is currently not enabled in docker's image for the moment diff --git a/docker/lighttpd.conf b/docker/lighttpd.conf index 0e4bb5d..b7032d9 100644 --- a/docker/lighttpd.conf +++ b/docker/lighttpd.conf @@ -2,6 +2,7 @@ var.basedir = "/www" var.logdir = "/var/log/lighttpd" var.statedir = "/var/lib/lighttpd" +server.port = 8080 server.modules = ( "mod_access", "mod_usertrack", @@ -12,8 +13,8 @@ server.modules = ( include "mime-types.conf" include "mod_fastcgi_fpm.conf" -server.username = "lighttpd" -server.groupname = "lighttpd" +#server.username = "lighttpd" +#server.groupname = "lighttpd" server.pid-file = "/run/lighttpd.pid" server.errorlog = var.logdir + "/error.log"