|
|
@@ -118,6 +118,41 @@ web:
|
|
|
command: [nginx-debug, '-g', 'daemon off;']
|
|
|
```
|
|
|
|
|
|
+## User and group id
|
|
|
+
|
|
|
+Since 1.17.0, both alpine- and debian-based images variants use the same user and group ids to drop the privileges for worker processes:
|
|
|
+
|
|
|
+```
|
|
|
+uid=101(nginx) gid=101(nginx) groups=101(nginx)
|
|
|
+```
|
|
|
+
|
|
|
+## Running %%IMAGE%% as a non-root user
|
|
|
+
|
|
|
+It is possible to run the image as a less privileged arbitrary UID/GID. This, however, requires modification of %%IMAGE%% configuration to use directories writeable by that specific UID/GID pair:
|
|
|
+
|
|
|
+```console
|
|
|
+$ docker run -d -v $PWD/nginx.conf:/etc/nginx/nginx.conf %%IMAGE%%
|
|
|
+```
|
|
|
+
|
|
|
+where nginx.conf in the current directory should have the following directives re-defined:
|
|
|
+
|
|
|
+```
|
|
|
+pid /tmp/nginx.pid;
|
|
|
+```
|
|
|
+
|
|
|
+And in the http context:
|
|
|
+
|
|
|
+```
|
|
|
+http {
|
|
|
+ client_body_temp_path /tmp/client_temp;
|
|
|
+ proxy_temp_path /tmp/proxy_temp_path;
|
|
|
+ fastcgi_temp_path /tmp/fastcgi_temp;
|
|
|
+ uwsgi_temp_path /tmp/uwsgi_temp;
|
|
|
+ scgi_temp_path /tmp/scgi_temp;
|
|
|
+...
|
|
|
+}
|
|
|
+```
|
|
|
+
|
|
|
## Monitoring nginx with Amplify
|
|
|
|
|
|
[Amplify](https://amplify.nginx.com/signup/) is a free monitoring tool that can be used to monitor microservice architectures based on nginx. Amplify is developed and maintained by the company behind the nginx software.
|
Konstantin Pavlov