about nginx-unprivileged #153

xwen222 · 2023-08-10T14:28:25Z

xwen222
Aug 10, 2023

So since docker can port map any port to a container, I just need to map the port to one that the nginx user is allowed to access right?
But I still don't quite understand that
The default NGINX user directive /etc/nginx/nginx.conf has been removed.
The default NGINX PID has been moved from /var/run/nginx.pid to /tmp/nginx.pid.
_temp_path changed the variable to /tmp/
Now that these have gone to the tmp folder, will the files be lost for long runs?
What does the deleted default user directive refer to and what does it do?
What is the NGINX PID?
What is temp_path?

Answered by alessfg

Aug 11, 2023

All the changes that have been made to this image have been made to ensure that the image will run in unprivileged environments. The easiest/safest way to achieve this in a container involves moving most of the files/processes/paths/etc that require privileged rights to the /tmp directory, since that directory is traditionally reserved for temporary files and most "restricted" environments allow r/w access to it. As long as you use the container the way it's meant to be used and do not run any additional software, running NGINX from that directory should not be an issue.

Now that these have gone to the tmp folder, will the files be lost for long runs?

Nope, unless you delete/remove the …

View full answer

alessfg · 2023-08-11T12:59:26Z

alessfg
Aug 11, 2023
Maintainer

All the changes that have been made to this image have been made to ensure that the image will run in unprivileged environments. The easiest/safest way to achieve this in a container involves moving most of the files/processes/paths/etc that require privileged rights to the /tmp directory, since that directory is traditionally reserved for temporary files and most "restricted" environments allow r/w access to it. As long as you use the container the way it's meant to be used and do not run any additional software, running NGINX from that directory should not be an issue.

Now that these have gone to the tmp folder, will the files be lost for long runs?

Nope, unless you delete/remove the container or have some sort of temporary storage mount mapped to the /tmp directory (see https://stackoverflow.com/questions/42816048/docker-temporary-files-strategy for a few examples).

What does the deleted default user directive refer to and what does it do?

This would be the user ID/name under which NGINX is running (http://nginx.org/en/docs/ngx_core_module.html#user). It's deleted to comply with the OpenShift container standards (https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines).

What is the NGINX PID?

That would be the NGINX process identifier. It tracks which process ID is tied to NGINX.

What is temp_path?

All temp_path directives refer to locations that temporarily store data NGINX has received from one place or another (see http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_temp_path for more info). These locations are change to the /tmp directory since it has r/w permissions in most "restricted" environments.

1 reply

xwen222 Aug 12, 2023
Author

oh yehhh, your answer is so friendly for newbies, really special thanks!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

about nginx-unprivileged #153

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment 1 reply

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

about nginx-unprivileged #153

xwen222 Aug 10, 2023

Replies: 1 comment · 1 reply

alessfg Aug 11, 2023 Maintainer

xwen222 Aug 12, 2023 Author

xwen222
Aug 10, 2023

Replies: 1 comment 1 reply

alessfg
Aug 11, 2023
Maintainer

xwen222 Aug 12, 2023
Author