Skip to content
Snippets Groups Projects
Commit 15f659be authored by Varac's avatar Varac
Browse files

Merge branch '11-make-apache-run-as-non-root' into 'master'

Resolve "Make Apache run as non-root"

Closes #11

See merge request openappstack/wordpress-helm!6
parents e2308bdc bad7e21e
No related branches found
No related tags found
1 merge request!6Resolve "Make Apache run as non-root"
Pipeline #4367 passed with stage
in 23 seconds
......@@ -71,11 +71,14 @@ spec:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
runAsUser: 33
runAsGroup: 33
ports:
- name: http
containerPort: 80
containerPort: 8080
- name: https
containerPort: 443
containerPort: 8443
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
......
......@@ -15,3 +15,9 @@ RUN a2enmod rewrite expires
RUN pecl install -o -f redis \
&& rm -rf /tmp/pear \
&& docker-php-ext-enable redis
# Do not use a privileged port for Apache so it can run as non-root
ENV PORT 8080
ENV TLS_PORT 8443
RUN sed -i "s/\<80\>/$PORT/g" /etc/apache2/sites-available/000-default.conf /etc/apache2/ports.conf
RUN sed -i "s/\<443\>/$TLS_PORT/g" /etc/apache2/sites-available/default-ssl.conf /etc/apache2/ports.conf
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment