mirror of
https://github.com/deuill/coreos-home-server.git
synced 2024-09-21 13:40:45 +00:00
letsencrypt: Use dedicated user for ACME process
This improves security and ensures that files end up under a consistent set of UID and GID values.
This commit is contained in:
parent
27201fd195
commit
d5d75b3995
@ -1 +1,9 @@
|
||||
FROM docker.io/goacme/lego:v4.4.0
|
||||
|
||||
RUN addgroup --system --gid 10000 letsencrypt
|
||||
RUN adduser --system --uid 10000 --ingroup letsencrypt --home /var/lib/letsencrypt letsencrypt
|
||||
|
||||
RUN apk --no-cache --no-progress add gosu
|
||||
COPY container/run-lego /run-lego
|
||||
|
||||
ENTRYPOINT ["/run-lego"]
|
||||
|
7
config/service/letsencrypt/container/run-lego
Executable file
7
config/service/letsencrypt/container/run-lego
Executable file
@ -0,0 +1,7 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Correct permissions where needed.
|
||||
chown -R letsencrypt:letsencrypt /var/lib/letsencrypt
|
||||
|
||||
# Run ACME verification with parameters given.
|
||||
gosu letsencrypt /usr/bin/lego "$@"
|
Loading…
Reference in New Issue
Block a user