mirror of
https://github.com/deuill/coreos-home-server.git
synced 2024-09-21 13:40:45 +00:00
nginx: Add default user to shared GID=10000
Users and groups used within Podman containers are usually assigned UID and GID 10000. Files for these containers are sometimes served by Nginx, and may be given permissions that restrict access to those outside the group, but which are intended to be served nonetheless. This commit adds the pre-defined `nginx` user to a `nginx-shared` group with GID 10000, which will then allow access to these files as needed.
This commit is contained in:
parent
fff2b222bb
commit
4d26ccb8eb
@ -1,7 +1,11 @@
|
|||||||
FROM docker.io/nginx:1.21
|
FROM docker.io/nginx:1.21
|
||||||
|
|
||||||
|
RUN addgroup --system --gid 10000 nginx-shared
|
||||||
|
RUN gpasswd --add nginx nginx-shared
|
||||||
|
|
||||||
COPY container/config /etc/nginx
|
COPY container/config /etc/nginx
|
||||||
COPY container/run-nginx /run-nginx
|
COPY container/run-nginx /run-nginx
|
||||||
|
|
||||||
RUN nginx -t
|
RUN nginx -t
|
||||||
|
|
||||||
EXPOSE 80 443
|
EXPOSE 80 443
|
||||||
|
@ -72,7 +72,7 @@ type = sqlite3
|
|||||||
|
|
||||||
[registration]
|
[registration]
|
||||||
# Enable public registrations
|
# Enable public registrations
|
||||||
enable_public_registration=${SPECTRUM_REGISTRATION_ENABLED}
|
enable_public_registration = ${SPECTRUM_REGISTRATION_ENABLED}
|
||||||
|
|
||||||
# Text to display upon user registration form
|
# Text to display upon user registration form
|
||||||
# username_label=Jabber JID (e.g. user@server.tld):
|
# username_label=Jabber JID (e.g. user@server.tld):
|
||||||
@ -86,8 +86,11 @@ enable_public_registration=${SPECTRUM_REGISTRATION_ENABLED}
|
|||||||
# local_account_server_timeout=10000
|
# local_account_server_timeout=10000
|
||||||
|
|
||||||
[purple]
|
[purple]
|
||||||
|
# Download user icons for WhatsApp.
|
||||||
|
get-icons = true
|
||||||
|
|
||||||
# Improve compatibility with WhatsApp protocol plugin.
|
# Improve compatibility with WhatsApp protocol plugin.
|
||||||
bridge-compatibility=true
|
bridge-compatibility = true
|
||||||
|
|
||||||
# Handle link-only messages for up to 2MB as media messages instead for WhatsApp.
|
# Handle link-only messages for up to 2MB as media messages instead for WhatsApp.
|
||||||
embed-max-file-size=2
|
embed-max-file-size = 2
|
||||||
|
@ -6,4 +6,8 @@ for file in /etc/spectrum2/*.template; do
|
|||||||
envsubst "${ENV_NAMES}" < "${file}" > $(echo "${file}" | awk -F '.template$' '{print $1}')
|
envsubst "${ENV_NAMES}" < "${file}" > $(echo "${file}" | awk -F '.template$' '{print $1}')
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# Correct permissions for data files.
|
||||||
|
chown -R spectrum:spectrum /var/lib/spectrum2 /var/lib/spectrum2-media
|
||||||
|
|
||||||
|
# Run entrypoint.
|
||||||
/usr/bin/spectrum2 -n /etc/spectrum2/spectrum.cfg
|
/usr/bin/spectrum2 -n /etc/spectrum2/spectrum.cfg
|
||||||
|
Loading…
Reference in New Issue
Block a user