Skip to content

Commit 6b0d056

Browse files
author
SUSE Update Bot
committed
Test build for #3167
1 parent 6206155 commit 6b0d056

4 files changed

Lines changed: 96 additions & 112 deletions

File tree

_config

Lines changed: 52 additions & 110 deletions
Original file line numberDiff line numberDiff line change
@@ -1,110 +1,52 @@
1-
2-
%if "%_repository" == "containerkiwi"
3-
Type: kiwi
4-
Repotype: none
5-
Patterntype: none
6-
7-
Prefer: python3-kiwi
8-
9-
# needed for busybox image building (at minimum)
10-
ExpandFlags: kiwi-nobasepackages
11-
12-
# needed for micro image
13-
Prefer: -busybox-coreutils
14-
15-
Binarytype: rpm
16-
%else
17-
%if "%_repository" == "containerfile"
18-
Type: docker
19-
BuildEngine: podman
20-
21-
%else
22-
Type: spec
23-
Repotype: rpm-md
24-
Patterntype: none
25-
%endif
26-
%endif
27-
28-
%if "%_repository" == "containerfile" || "%_repository" == "containerkiwi"
29-
# Revert split of customer facing for container builds
30-
Prefer: !cpp-build cpp
31-
Prefer: !gcc-build-ada gcc-ada
32-
Prefer: !gcc-build-go gcc-go
33-
Prefer: !gcc-build gcc
34-
Prefer: !gcc-build-info gcc-info
35-
Prefer: !gcc-build-c++ gcc-c++
36-
Prefer: !gcc-build-fortran gcc-fortran
37-
Prefer: !gcc-build-d gcc-d
38-
Prefer: !gcc-build-32bit gcc-32bit
39-
Prefer: !gcc-build-devel gcc-devel
40-
Prefer: !gcc-build-locale gcc-locale
41-
Prefer: !gcc-build-c++-32bit gcc-c++-32bit
42-
Prefer: !gcc-build-fortran-32bit gcc-fortran-32bit
43-
Prefer: !gcc-build-objc gcc-objc
44-
Prefer: !gcc-build-objc-32bit gcc-objc-32bit
45-
Prefer: !gcc-build-obj-c++ gcc-obj-c++
46-
Prefer: !gcc-build-PIE gcc-PIE
47-
Prefer: !gcc-build-ada-32bit gcc-ada-32bit
48-
Prefer: !gcc-build-go-32bit gcc-go-32bit
49-
Prefer: !gcc-build-d-32bit gcc-d-32bit
50-
Prefer: !gccjit-build-devel gccjit-devel
51-
Prefer: !libstdc++-build-devel libstdc++-devel
52-
Prefer: !libgccjit-build-devel libgccjit-devel
53-
54-
55-
Conflict: !cpp
56-
Conflict: !gcc-ada
57-
Conflict: !gcc-go
58-
Conflict: !gcc
59-
Conflict: !gcc-info
60-
Conflict: !gcc-c++
61-
Conflict: !gcc-fortran
62-
Conflict: !gcc-d
63-
Conflict: !gcc-32bit
64-
Conflict: !gcc-devel
65-
Conflict: !gcc-locale
66-
Conflict: !gcc-c++-32bit
67-
Conflict: !gcc-fortran-32bit
68-
Conflict: !gcc-objc
69-
Conflict: !gcc-objc-32bit
70-
Conflict: !gcc-obj-c++
71-
Conflict: !gcc-PIE
72-
Conflict: !gcc-ada-32bit
73-
Conflict: !gcc-go-32bit
74-
Conflict: !gcc-d-32bit
75-
Conflict: !gccjit-devel
76-
Conflict: !libgccjit-devel
77-
Conflict: !libstdc++-devel
78-
79-
%endif
80-
81-
82-
%if "%_repository" == "product"
83-
Repotype: slepool:nobuildid
84-
Patterntype: none
85-
86-
Type: productcompose
87-
Required: product-composer
88-
Required: package-translations
89-
Required: libeconf0
90-
Ignore: dummy-release:this-is-only-for-build-envs
91-
Ignore: libsystemd0-mini:this-is-only-for-build-envs
92-
Ignore: krb5-mini:this-is-only-for-build-envs
93-
%endif
94-
95-
#
96-
# All repos
97-
#
98-
99-
%define beta_flag 1
100-
101-
Macros:
102-
%beta_flag 1
103-
:Macros
104-
105-
BuildFlags: excludebuild:rpm
106-
107-
Prefer: -postgresql16-devel-mini -postgresql17-devel-mini -ALP-dummy-release -SLES_SAP-release
108-
109-
# prevent gdb from pulling in python 3.11 & 3.12 at the same time
110-
Substitute: obs:cli_debug_packages less
1+
<!doctype html>
2+
<html lang="en">
3+
<head>
4+
<meta charset="utf-8">
5+
<meta name="viewport" content="width=device-width, initial-scale=1">
6+
<title>We're sorry, but something went wrong: Web application could not be started</title>
7+
<style type="text/css">body{color:#222;font-family:Arial,Sans-Serif;font-size:13px;margin:0}.column{margin-left:auto;margin-right:auto;max-width:1000px;text-align:center}header{border-bottom:1px solid #e3e3e3;margin-bottom:45px}footer,header{margin-top:50px}footer{border-top:1px solid #e3e3e3;color:#7f7f7f;font-size:14px;padding:40px 0}h1{font-size:30px;margin-bottom:10px;margin-top:30px}.subtitle{font-size:20px;margin-bottom:110px;margin-top:0}#operator_info{display:none}#show_operator_info{font-size:17px;font-weight:400}.left{padding:8px;text-align:left}h3{font-size:23px;margin-bottom:10px;margin-top:30px}ul{padding-left:16px}a,li{color:#1781bf;text-decoration:none}.error,a,li{font-weight:700}.error{background:#e6f3fc;border-radius:5px;padding:7px 12px}.error.block{display:block}.bold{font-weight:700!important}pre{margin:0;overflow-x:auto;white-space:pre-wrap;word-break:break-all}dt{font-weight:700;margin-top:16px}dd{margin-left:0}.plain{color:inherit;font-weight:inherit}#content{height:800px;overflow-y:scroll}</style>
8+
</head>
9+
<body>
10+
<header>
11+
<div class="column">
12+
<svg width="50" height="50" viewBox="0 0 64 64" xmlns="http://www.w3.org/2000/svg"><path d="m731.234002 153.838666v-18.841339c0-4.417534-3.577416-7.997327-7.990382-7.997327h-6.414571c-4.417012 0-7.990383 3.580525-7.990383 7.997327v18.841339h-18.841339c-4.417534 0-7.997327 3.577416-7.997327 7.990383v6.414571c0 4.417011 3.580525 7.990382 7.997327 7.990382h18.841339v18.841339c0 4.417534 3.577416 7.997328 7.990383 7.997328h6.414571c4.417011 0 7.990382-3.580526 7.990382-7.997328v-18.841339h18.841339c4.417534 0 7.997328-3.577416 7.997328-7.990382v-6.414571c0-4.417012-3.580526-7.990383-7.997328-7.990383z" fill="#f87575" transform="matrix(.70710678 -.70710678 .70710678 .70710678 -593.80455139 424.48059756)"/></svg>
13+
<h1>We're sorry, but something went wrong.</h1>
14+
<p class="subtitle">The issue has been logged for investigation. Please try again later.</p>
15+
</div>
16+
</header>
17+
<div class="column">
18+
<a id="show_operator_info" href="#" onclick="showOperatorInfo()">Technical details for the administrator of this website</a>
19+
<div id="operator_info">
20+
<div class="left">
21+
<h3>Error ID:</h3>
22+
<span class="error">bd77b9a6</span>
23+
<h3>Details:</h3>
24+
<p>Web application could not be started by the Phusion Passenger(R) application server.</p>
25+
<p class="bold">Please read <a href="https://www.phusionpassenger.com/library/admin/log_file/" class="plain">the Passenger log file</a> (search for the Error ID) to find the details of the error.</p>
26+
<p>You can also get a detailed report to appear directly on this page, but for security reasons it is only provided if Phusion Passenger(R) is run with <i>environment</i> set to <i>development</i> and/or with the <i>friendly error pages</i> option set to <i>on</i>.</p>
27+
<p>For more information about configuring environment and friendly error pages, see:</p>
28+
<ul>
29+
<li><a href="https://www.phusionpassenger.com/library/config/nginx/reference/#passenger_friendly_error_pages">Nginx integration mode</a></li>
30+
<li><a href="https://www.phusionpassenger.com/library/config/apache/reference/#passengerfriendlyerrorpages">Apache integration mode</a></li>
31+
<li><a href="https://www.phusionpassenger.com/library/config/standalone/reference/#--friendly-error-pages---no-friendly-error-pages-friendly_error_pages">Standalone mode</a></li>
32+
</ul>
33+
</div>
34+
</div>
35+
</div>
36+
<footer>
37+
<!--
38+
You are free to modify the footer as you see fit,
39+
but we kindly ask of you to preserve the following
40+
text. Thank you.
41+
-->
42+
<div class="column">
43+
This website is powered by <a href="https:<wbr>//www.phusionpassenger.com"><b>Phusion Passenger(R)</b></a>&reg;, the smart application server built by <b>Phusion</b>&reg;.
44+
</div>
45+
</footer>
46+
<script>
47+
function showOperatorInfo() {
48+
document.getElementById('operator_info').style.display = 'block';
49+
}
50+
</script>
51+
</body>
52+
</html>

nginx-image/Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ COPY --from=target / /target
2525

2626
RUN set -euo pipefail; \
2727
export PERMCTL_ALLOW_INSECURE_MODE_IF_NO_PROC=1; \
28-
zypper -n --installroot /target --gpg-auto-import-keys install --no-recommends curl gawk nginx findutils gettext-runtime libcurl-mini4
28+
zypper -n --installroot /target --gpg-auto-import-keys install --no-recommends curl gawk nginx findutils gettext-runtime sed grep libcurl-mini4
2929
# sanity check that the version from the tag is equal to the version of nginx that we expect
3030
RUN set -euo pipefail; \
3131
[ "$(rpm --root /target -q --qf '%{version}' nginx | \
@@ -72,5 +72,5 @@ COPY [1-3]0-*.sh /docker-entrypoint.d/
7272
COPY docker-entrypoint.sh /usr/local/bin
7373
COPY index.html /srv/www/htdocs/
7474
RUN set -euo pipefail; chmod +x /docker-entrypoint.d/*.sh /usr/local/bin/docker-entrypoint.sh
75-
RUN set -euo pipefail; install -d -o nginx -g nginx -m 750 /var/log/nginx; ln -sf /dev/stdout /var/log/nginx/access.log; ln -sf /dev/stderr /var/log/nginx/error.log
75+
RUN set -euo pipefail; set -euo pipefail; mkdir -p /var/cache/nginx /var/run/nginx /tmp/client_temp /tmp/proxy_temp /tmp/fastcgi_temp /tmp/uwsgi_temp /tmp/scgi_temp; ln -sf /dev/stdout /var/log/nginx/access.log; ln -sf /dev/stderr /var/log/nginx/error.log; chmod -R 777 /var/cache/nginx /etc/nginx /var/run/nginx /var/log/nginx /tmp/client_temp /tmp/proxy_temp /tmp/fastcgi_temp /tmp/uwsgi_temp /tmp/scgi_temp;
7676
STOPSIGNAL SIGQUIT

nginx-image/README.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,12 @@ The template above is then rendered to `/etc/nginx/conf.d/default.conf` as follo
4343
```nginx
4444
listen 80;
4545
```
46+
## Running nginx as a non-root user
47+
To run the image as a less privileged user using the `nginx` user, do the following:
48+
```ShellSession
49+
$ podman run -it --user nginx --rm -p 8080:8080 -v /path/to/html/:/srv/www/htdocs/:Z registry.suse.com/suse/nginx:1.27
50+
```
51+
**Note:** When running as the `nginx` user the default port is 8080.
4652

4753
## Environment variables
4854

nginx-image/docker-entrypoint.sh

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,4 +44,40 @@ if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then
4444
fi
4545
fi
4646

47+
CURRENT_UID=$(id -u)
48+
if [ "$CURRENT_UID" -gt "0" ]; then
49+
# Running as Unprivileged User
50+
entrypoint_log "$0: Running as unprivileged user (UID: $CURRENT_UID). Configuring for unprivileged mode (Port 8080)."
51+
52+
# Define targets
53+
CONF_FILES="/etc/nginx/conf.d/default.conf /etc/nginx/nginx.conf"
54+
55+
for FILE in $CONF_FILES; do
56+
if [ -w "$FILE" ]; then
57+
# Check if it actually contains port 80
58+
if grep -q "listen .*80;" "$FILE"; then
59+
entrypoint_log "Changing port 80 to 8080 in $FILE"
60+
# Use a safe writable subdirectory for the swap file
61+
sed 's/listen\s*80;/listen 8080;/g' "$FILE" > /tmp/client_temp/nginx_swap.conf && \
62+
cat /tmp/client_temp/nginx_swap.conf > "$FILE" && \
63+
rm -f /tmp/client_temp/nginx_swap.conf
64+
fi
65+
66+
# Redirect temp paths to /tmp if we are editing the main nginx.conf
67+
if [ "$FILE" = "/etc/nginx/nginx.conf" ]; then
68+
entrypoint_log "Redirecting NGINX temp paths and setting PID to /tmp in $FILE"
69+
# Use a safe writable subdirectory for the swap file
70+
sed -e '/^user/d' \
71+
-e 's,^#\?\s*pid\s\+.*;$,pid /var/run/nginx/nginx.pid;,' \
72+
-e '/http {/a \ client_body_temp_path /tmp/client_temp;\n proxy_temp_path /tmp/proxy_temp;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;' \
73+
"$FILE" > /tmp/client_temp/nginx_ultra.conf && \
74+
cat /tmp/client_temp/nginx_ultra.conf > "$FILE" && \
75+
rm -f /tmp/client_temp/nginx_ultra.conf
76+
entrypoint_log "$0: Removed 'user' directive and updated PID path."
77+
fi
78+
fi
79+
done
80+
81+
entrypoint_log "$0: Listening on port 8080."
82+
fi
4783
exec "$@"

0 commit comments

Comments
 (0)