Merge branch '11-make-apache-run-as-non-root' into 'master'

Resolve "Make Apache run as non-root" Closes #11 See merge request openappstack/wordpress-helm!6

Merge branch '11-make-apache-run-as-non-root' into 'master'
Resolve "Make Apache run as non-root" Closes #11 See merge request openappstack/wordpress-helm!6
15f659be · Varac · e2308bdc · bad7e21e · 15f659be · 15f659be
Commit 15f659be authored 4 years ago by Varac
--- a/templates/statefulset.yaml
+++ b/templates/statefulset.yaml
@@ -71,11 +71,14 @@ spec:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          securityContext:
+            runAsUser: 33
+            runAsGroup: 33
          ports:
            - name: http
-              containerPort: 80
+              containerPort: 8080
            - name: https
-              containerPort: 443
+              containerPort: 8443
          {{- if .Values.livenessProbe.enabled }}
          livenessProbe:
            httpGet:

--- a/wp-docker/Dockerfile
+++ b/wp-docker/Dockerfile
@@ -15,3 +15,9 @@ RUN a2enmod rewrite expires
 RUN pecl install -o -f redis \
    && rm -rf /tmp/pear \
    && docker-php-ext-enable redis
+
+# Do not use a privileged port for Apache so it can run as non-root
+ENV PORT 8080
+ENV TLS_PORT 8443
+RUN sed -i "s/\<80\>/$PORT/g" /etc/apache2/sites-available/000-default.conf /etc/apache2/ports.conf
+RUN sed -i "s/\<443\>/$TLS_PORT/g" /etc/apache2/sites-available/default-ssl.conf /etc/apache2/ports.conf