Commit 4e54d27e authored by Yuri Konotopov's avatar Yuri Konotopov

openshift: make sure working directories are accessible for applications.

Openshift container apps runs under random user with root(0) group.
Make needed permissions are set.

Also make sure we do not using privileged ports.
parent 525da427
......@@ -54,13 +54,19 @@ RUN set -ex \
\) -exec rm -r '{}' + \
&& rm -r /usr/src/xapian-bindings
RUN mkdir -p /extensions-web/app
RUN set -ex \
&& mkdir -p /extensions-web/app \
&& mkdir -p /extensions-web/data \
&& mkdir -p /extensions-web/www \
&& chmod g+rwX -R /extensions-web/data \
&& chmod g+rwX -R /extensions-web/www
WORKDIR /extensions-web/app
COPY . /extensions-web/app
COPY openshift/docker/wsgi.ini /extensions-web
RUN set -ex \
&& chown www-data:www-data -R /extensions-web/app \
&& chown www-data:www-data /extensions-web/wsgi.ini \
&& chmod g+rwX -R /extensions-web/www \
&& chown www-data:root -R /extensions-web/app \
&& chown www-data:root /extensions-web/wsgi.ini \
&& pip install -r requirements.txt \
&& pip install mysql-python \
&& pip install uWSGI
......@@ -3,3 +3,9 @@ FROM nginx:stable
MAINTAINER Yuri Konotopov <ykonotopov@gnome.org>
COPY nginx.conf /etc/nginx
RUN set -ex \
&& mkdir -p /extensions-web/www \
&& chmod g+rwX -R /extensions-web/www \
&& chmod g+rwX -R /var/log/nginx \
&& chmod g+rwX -R /var/cache/nginx
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
......@@ -38,8 +37,8 @@ http {
root /usr/share/nginx/html;
listen 80 default_server;
listen [::]:80 default_server;
listen 8080 default_server;
listen [::]:8080 default_server;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
......
......@@ -57,7 +57,7 @@
{
"name": "${NAME}",
"port": 80,
"targetPort": 80
"targetPort": 8080
}
],
"selector": {
......@@ -344,7 +344,7 @@
"image": " ",
"ports": [
{
"containerPort": 80
"containerPort": 8080
}
],
"readinessProbe": {
......@@ -353,7 +353,7 @@
"periodSeconds": 60,
"httpGet": {
"path": "/",
"port": 80
"port": 8080
}
},
"livenessProbe": {
......@@ -362,7 +362,7 @@
"periodSeconds": 60,
"httpGet": {
"path": "/",
"port": 80
"port": 8080
}
},
"volumeMounts": [
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment