[ACA-2229] docker security fixes (#980)

* docker permission fixes * remove index.html edit permissions
2025-07-31 17:38:28 +00:00 · 2019-02-28 15:47:22 +00:00
parent ed8f0352b0
commit 4ec4012d89
3 changed files with 2 additions and 7 deletions
--- a/3
+++ b/3
@@ -19,7 +19,7 @@ ARG GROUPID=1000
 ARG USERNAME=aca
 ARG USERID=33009

-COPY nginx.conf /etc/nginx/nginx.conf
+COPY ./docker/nginx.conf /etc/nginx/nginx.conf
 COPY ./docker/entrypoint.sh /

 WORKDIR /usr/share/nginx/html
@@ -28,6 +28,7 @@ COPY --from=builder /usr/src/alfresco/licenses ./licenses

 RUN addgroup -g ${GROUPID} ${GROUPNAME} && \
  adduser -S -u ${USERID} -G ${GROUPNAME} -s "/bin/bash" ${USERNAME} && \
+  chown -R ${USERNAME}:${GROUPNAME} ./app.config.json && \
  chown -R ${USERNAME}:${GROUPNAME} /var/cache/nginx && \
  touch /var/run/nginx.pid && \
  chown -R ${USERNAME}:${GROUPNAME} /var/run/nginx.pid && \
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -52,10 +52,6 @@ if [[ $ACSURL ]]; then
  sed -i s%{protocol}//{hostname}{:port}%"$ACSURL"%g /usr/share/nginx/html/app.config.json
 fi

-if [[ $BASEPATH ]]; then
-  sed -i s%href=\"/\"%href=\""$BASEPATH"\"%g /usr/share/nginx/html/index.html
-fi
-
 if [ -n "${APP_BASE_SHARE_URL}" ];then
  sed -e "s/\"baseShareUrl\": \".*\"/\"baseShareUrl\": \"${APP_BASE_SHARE_URL}\"/g" \
    -i ./app.config.json
--- a/docker/nginx.conf
+++ b/docker/nginx.conf
@@ -18,8 +18,6 @@ http {
    gzip_proxied expired no-cache no-store private auth;
    gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;

-    access_log off;
-
    location / {
      try_files $uri $uri/ /index.html;
    }