swagger-editor icon indicating copy to clipboard operation
swagger-editor copied to clipboard
verified publisher icon swagger-api

feat(unprivileged): run unprivileged nginx to support arbitrarily assigned user ID

Open m4s-b3n opened this issue 3 years ago • 1 comments

Use unprivileged nginx to support arbitrarily assigned user ID to be able to run the image e.g. on Red Hat Openshift

Description

The dockerfile uses the nginxinc/nginx-unprivileged image instead of the standard nginx image. Moreover the nginx.conf file was extended for some configuration to locate nginx runtime data in the /tmp directory.

This enables the container to run as a non-root user which is an improvement to the container security and enables running the container on distributions such as OpenShift by default.

Motivation and Context

The change is necessary as the previous version required nginx to run as root to be able to read/write so several default paths.

Fixes #2931

How Has This Been Tested?

Dependencies: npm ci Build: npm build Docker Build: docker build -t swagger-editor-unprivileged . Docker Run: docker run -p 8080:8080 -u 100000 swagger-editor-unprivileged Visit in browser: http://localhost:8080

My PR contains...

  • [X] No code changes (src/ is unmodified: changes to documentation, CI, metadata, etc.)
  • [ ] Dependency changes (any modification to dependencies in package.json)
  • [ ] Bug fixes (non-breaking change which fixes an issue)
  • [X] Improvements (misc. changes to existing features)
  • [X] Features (non-breaking change which adds functionality)

My changes...

  • [ ] are breaking changes to a public API (config options, System API, major UI change, etc).
  • [ ] are breaking changes to a private API (Redux, component props, utility functions, etc.).
  • [ ] are breaking changes to a developer API (npm script behavior changes, new dev system dependencies, etc).
  • [X] are not breaking changes.

Documentation

  • [X] My changes do not require a change to the project documentation.
  • [ ] My changes require a change to the project documentation.
  • [ ] If yes to above: I have updated the documentation accordingly.

Automated tests

  • [X] My changes can not or do not need to be tested.
  • [ ] My changes can and should be tested by unit and/or integration tests.
  • [ ] If yes to above: I have added tests to cover my changes.
  • [ ] If yes to above: I have taken care to cover edge cases in my tests.
  • [X] All new and existing tests passed.

m4s-b3n avatar Apr 22 '22 12:04 m4s-b3n

Hi @marius-boden-sva,

Thank you for the PR! I'll have some questions on the changes to fully understand what have been changed and why if that's OK.

char0n avatar Jun 13 '22 13:06 char0n

@marius-boden-sva would you mind sending this PR against next branch? Now it's a good opportunity to push this effort forward.

Thanks!

char0n avatar Nov 16 '22 08:11 char0n

@char0n done: https://github.com/swagger-api/swagger-editor/pull/3697

m4s-b3n avatar Nov 21 '22 09:11 m4s-b3n

Superseded by https://github.com/swagger-api/swagger-editor/pull/3705

char0n avatar Nov 24 '22 12:11 char0n