[extensions-web/wip/openshift] openshift: make sure working directories are accessible for applications.
- From: Yuri Konotopov <ykonotopov src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [extensions-web/wip/openshift] openshift: make sure working directories are accessible for applications.
- Date: Wed, 5 Dec 2018 17:52:21 +0000 (UTC)
commit 4e54d27e3adbebedbe6ca1d0dbd27f28e17afa03
Author: Yuri Konotopov <ykonotopov gnome org>
Date: Wed Dec 5 21:49:36 2018 +0400
openshift: make sure working directories are accessible for applications.
Openshift container apps runs under random user with root(0) group.
Make needed permissions are set.
Also make sure we do not using privileged ports.
openshift/docker/Dockerfile | 12 +++++++++---
openshift/docker/nginx/Dockerfile | 6 ++++++
openshift/docker/nginx/nginx.conf | 5 ++---
openshift/templates/extensions-web-nginx.json | 8 ++++----
4 files changed, 21 insertions(+), 10 deletions(-)
---
diff --git a/openshift/docker/Dockerfile b/openshift/docker/Dockerfile
index 52ac3f8..3696b6b 100644
--- a/openshift/docker/Dockerfile
+++ b/openshift/docker/Dockerfile
@@ -54,13 +54,19 @@ RUN set -ex \
\) -exec rm -r '{}' + \
&& rm -r /usr/src/xapian-bindings
-RUN mkdir -p /extensions-web/app
+RUN set -ex \
+ && mkdir -p /extensions-web/app \
+ && mkdir -p /extensions-web/data \
+ && mkdir -p /extensions-web/www \
+ && chmod g+rwX -R /extensions-web/data \
+ && chmod g+rwX -R /extensions-web/www
WORKDIR /extensions-web/app
COPY . /extensions-web/app
COPY openshift/docker/wsgi.ini /extensions-web
RUN set -ex \
- && chown www-data:www-data -R /extensions-web/app \
- && chown www-data:www-data /extensions-web/wsgi.ini \
+ && chmod g+rwX -R /extensions-web/www \
+ && chown www-data:root -R /extensions-web/app \
+ && chown www-data:root /extensions-web/wsgi.ini \
&& pip install -r requirements.txt \
&& pip install mysql-python \
&& pip install uWSGI
diff --git a/openshift/docker/nginx/Dockerfile b/openshift/docker/nginx/Dockerfile
index dde3d09..e95e4bf 100644
--- a/openshift/docker/nginx/Dockerfile
+++ b/openshift/docker/nginx/Dockerfile
@@ -3,3 +3,9 @@ FROM nginx:stable
MAINTAINER Yuri Konotopov <ykonotopov gnome org>
COPY nginx.conf /etc/nginx
+
+RUN set -ex \
+ && mkdir -p /extensions-web/www \
+ && chmod g+rwX -R /extensions-web/www \
+ && chmod g+rwX -R /var/log/nginx \
+ && chmod g+rwX -R /var/cache/nginx
diff --git a/openshift/docker/nginx/nginx.conf b/openshift/docker/nginx/nginx.conf
index 6de3126..765aed3 100644
--- a/openshift/docker/nginx/nginx.conf
+++ b/openshift/docker/nginx/nginx.conf
@@ -1,4 +1,3 @@
-user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
@@ -38,8 +37,8 @@ http {
root /usr/share/nginx/html;
- listen 80 default_server;
- listen [::]:80 default_server;
+ listen 8080 default_server;
+ listen [::]:8080 default_server;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
diff --git a/openshift/templates/extensions-web-nginx.json b/openshift/templates/extensions-web-nginx.json
index 16dd6d7..d9950aa 100644
--- a/openshift/templates/extensions-web-nginx.json
+++ b/openshift/templates/extensions-web-nginx.json
@@ -57,7 +57,7 @@
{
"name": "${NAME}",
"port": 80,
- "targetPort": 80
+ "targetPort": 8080
}
],
"selector": {
@@ -344,7 +344,7 @@
"image": " ",
"ports": [
{
- "containerPort": 80
+ "containerPort": 8080
}
],
"readinessProbe": {
@@ -353,7 +353,7 @@
"periodSeconds": 60,
"httpGet": {
"path": "/",
- "port": 80
+ "port": 8080
}
},
"livenessProbe": {
@@ -362,7 +362,7 @@
"periodSeconds": 60,
"httpGet": {
"path": "/",
- "port": 80
+ "port": 8080
}
},
"volumeMounts": [
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]