cwinfo/powerdns-admin
4
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2025-07-30 17:23:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

USER instruction enabled in Dockerfile

Browse Source 
- avoid running gunicorn as root user
- use setcap to allow gunicorn starting with a privileged port
- write permission only on /app/configs folder
- su command removed from entrypoint.sh, because it runs as pda user
This commit is contained in:
Birk Bohne
2020-09-19 19:58:51 +02:00
parent 4e63f8380b
commit 9228128907
2 changed files with 14 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docker/entrypoint.sh
View File

@@ -7,13 +7,9 @@ GUNICORN_WORKERS="${GUNICORN_WORKERS:-4}"
GUNICORN_LOGLEVEL="${GUNICORN_LOGLEVEL:-info}"
BIND_ADDRESS="${BIND_ADDRESS:-0.0.0.0:80}"
cat ./powerdnsadmin/default_config.py ./configs/docker_config.py > ./powerdnsadmin/docker_config.py
GUNICORN_ARGS="-t ${GUNICORN_TIMEOUT} --workers ${GUNICORN_WORKERS} --bind ${BIND_ADDRESS} --log-level ${GUNICORN_LOGLEVEL}"
if [ "$1" == gunicorn ]; then
# run as user pda so that if a SQLite database is generated it is writeable
# by that user
su pda -s /bin/sh -c "flask db upgrade"
/bin/sh -c "flask db upgrade"
exec "$@" $GUNICORN_ARGS
else