From c54740125d0ba9967a474f5a853236e0a79f765b Mon Sep 17 00:00:00 2001 From: Bryan Latten Date: Mon, 16 May 2016 13:58:34 -0400 Subject: [PATCH] Dockerfile: changing to non-privileged port --- Dockerfile | 5 +++-- container/root/etc/nginx/sites-available/default | 2 +- container/root/run.d/99-nginx.sh | 3 --- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 00784c9..b77d88d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:16.04 +FROM ubuntu:14.04 MAINTAINER Bryan Latten # Use in multi-phase builds, when an init process requests for the container to gracefully exit, so that it may be committed @@ -48,7 +48,8 @@ COPY ./container/root / RUN tar xzf /tmp/s6-overlay-amd64.tar.gz -C / && \ rm /tmp/s6-overlay-amd64.tar.gz -EXPOSE 80 +# Using a non-privileged port to prevent having to use setcap internally +EXPOSE 8080 # NOTE: intentionally NOT using s6 init as the entrypoint # This would prevent container debugging if any of those service crash diff --git a/container/root/etc/nginx/sites-available/default b/container/root/etc/nginx/sites-available/default index 4d85a31..56a5532 100644 --- a/container/root/etc/nginx/sites-available/default +++ b/container/root/etc/nginx/sites-available/default @@ -1,5 +1,5 @@ server { - listen 80; + listen 8080; # Doesn't broadcast version level of server software server_tokens off; diff --git a/container/root/run.d/99-nginx.sh b/container/root/run.d/99-nginx.sh index 711f83e..1f48286 100644 --- a/container/root/run.d/99-nginx.sh +++ b/container/root/run.d/99-nginx.sh @@ -5,9 +5,6 @@ if [ $CONTAINER_ROLE == 'web' ] then echo '[run] enabling web server' - # Unfortunately, until Dockerhub supports this operation...it has to be done here - setcap cap_net_bind_service=+ep /usr/sbin/nginx - # Enable nginx as a supervised service if [ -d /etc/services.d/nginx ] then