-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Running as non-root user (Apache Privileged Ports) #760
Comments
We depend on upstream images. Please have a look at the proposed solutions there: docker-library/php#94 |
Dangerous superficial knowledge ahead: According to the Docker documentation EXPOSE isn't even doing anything:
That's why I'm not sure if special images just to change that EXPOSE instruction are really necessary. I'm experimenting with these images right now, using Podman instead of Docker, and I can run the apache-image by using "-p 8080:80". Can someone try this using the "normal" Docker? |
|
I'm sorry, I meant that with And it looks like that works with Docker too: #755 (comment) So the current images work as non-root user and the problem in this case appears to be OpenShift. |
Being able to run it from outside via -p 8080:80 is not really saying much as you are redirecting port 80 inside the container to port 8080 outside which you are allowed as a normal user even. The issue actually is a bit different. The apache inside the container tries to bind on port 80 which it is not allowed to do, as OpenShift in its default form does not allow this privileged operation this fails and the container fails as well. To fix this issue the apache inside the container should not try to bind to the default port 80 but a higher port such as 8080. |
Is there a solution in sight for the standard image? I also did a request for enhancement: |
closing due #1812 (comment) and docker-library/php#94 |
The first link you provide has little to do with the problem because we are talking about any non-root user which by default in the linux kernel cannot bind to anything bellow 1024 Anyways, a concrete solution that does not involve doing anything that goes against (rootless) containerization you can simply bind a file
to |
Hi everyone,
I came across this issue about running NextCloud on OpenShift as a non-root user:
#458
That thread mentioned two PRs made to docker-library/php that were intended to fix the issue. Since the PRs were merged last year to docker-library/php, I figured that using nextcloud:latest would include these changes and there'd be some way to run the apache server on a non-privileged port (i.e., 8080).
A similar thread pointed me to documentation on running as an arbitrary user - where you'd set your RUN_APACHE_USER and RUN_APACHE_GROUP environment variables, but the container is still trying to run on port 80 even with those env variables set:
https://github.com/docker-library/docs/tree/master/php#running-as-an-arbitrary-user
When #458 was closed, what was the resolution to get the nextcloud image running on OpenShift (as a non-root user, on a non-privileged port)?
Thanks in advance!
The text was updated successfully, but these errors were encountered: