frontend icon indicating copy to clipboard operation
frontend copied to clipboard

Published 20 hours ago verified publisher icon SciCatProject

Nginx as less privileged User

Open belfhi opened this issue 6 months ago • 0 comments

Nginx as less privileged User

Summary

In order to run the frontend image in a restricted environment, for example where [pod security standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/_ are set to restricted, the USER root is not allowed. This also applies for Openshift afaik.

Steps to Reproduce

try to run the image on a kubernetes cluster where spec.containers[*].securityContext.runAsNonRoot is enforces.

Current Behaviour

If fails

Expected Behaviour

it runs, root should not be needed in this context

Extra Details

In general, port 80 is considered a "high privilege" port in Linux. It is sufficiemt for the reverse proxy to run with this (and port 443) port. The upstream server does not need to run on this port.

belfhi avatar Aug 14 '24 14:08 belfhi