From 9854c45fb2893b999980f9eb0bad2fa87a20aa11 Mon Sep 17 00:00:00 2001 From: Jinna Kiisuo Date: Mon, 29 Jan 2024 23:04:28 +0200 Subject: [PATCH 1/2] Ensure the Docker nginx user can write servers.json. Fixes #1046 --- Dockerfile | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 27c59d85..448ec8ff 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,13 @@ ARG UID=101 LABEL maintainer="Alejandro Celaya " USER root RUN rm -r /usr/share/nginx/html && rm /etc/nginx/conf.d/default.conf -USER $UID COPY config/docker/nginx.conf /etc/nginx/conf.d/default.conf COPY scripts/docker/servers_from_env.sh /docker-entrypoint.d/30-shlink-servers-json.sh COPY --from=node /shlink-web-client/build /usr/share/nginx/html + +# Allow the nginx user to create new files in the html dir, but not modify existing files. +# This is required by 30-shlink-servers-json.sh +RUN chown :$UID /usr/share/nginx/html && chmod g+wx /usr/share/nginx/html + +# Switch to non-privileged UID as the last step +USER $UID From 75f87692a237520443ad7f5a6cefdb4f0d6586cd Mon Sep 17 00:00:00 2001 From: Jinna Kiisuo Date: Tue, 30 Jan 2024 13:10:13 +0200 Subject: [PATCH 2/2] Instead of wider perms, create and chown only servers.json --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 448ec8ff..5821dcd0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,9 +13,9 @@ COPY config/docker/nginx.conf /etc/nginx/conf.d/default.conf COPY scripts/docker/servers_from_env.sh /docker-entrypoint.d/30-shlink-servers-json.sh COPY --from=node /shlink-web-client/build /usr/share/nginx/html -# Allow the nginx user to create new files in the html dir, but not modify existing files. -# This is required by 30-shlink-servers-json.sh -RUN chown :$UID /usr/share/nginx/html && chmod g+wx /usr/share/nginx/html +# This is required by 30-shlink-servers-json.sh to be writable for UID +RUN echo '[]' > /usr/share/nginx/html/servers.json \ + && chown $UID:0 /usr/share/nginx/html/servers.json # Switch to non-privileged UID as the last step USER $UID