new file: .gitea/workflows/deploy.yml
new file: mariadb.yml new file: nginx.yml
This commit is contained in:
Kyle Speight
@@ -0,0 +1,44 @@
|
||||
# syntax=dhi.io/build:2-alpine3.23
|
||||
|
||||
contents:
|
||||
repositories:
|
||||
- https://dl-cdn.alpinelinux.org/alpine/v3.23/main
|
||||
- https://dl-cdn.alpinelinux.org/alpine/v3.23/community
|
||||
packages:
|
||||
- nginx
|
||||
- ca-certificates
|
||||
|
||||
accounts:
|
||||
groups:
|
||||
- gid: 65532
|
||||
name: nginx
|
||||
users:
|
||||
- uid: 65532
|
||||
gid: 65532
|
||||
name: nginx
|
||||
run-as: nginx
|
||||
|
||||
environment:
|
||||
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
# Custom directory assignments to handle permission drops safely
|
||||
paths:
|
||||
- path: /var/lib/nginx
|
||||
type: directory
|
||||
uid: 65532
|
||||
gid: 65532
|
||||
permissions: 0755
|
||||
- path: /var/log/nginx
|
||||
type: directory
|
||||
uid: 65532
|
||||
gid: 65532
|
||||
permissions: 0755
|
||||
|
||||
entrypoint:
|
||||
- /usr/sbin/nginx
|
||||
- -g
|
||||
- "daemon off;"
|
||||
|
||||
annotations:
|
||||
org.opencontainers.image.title: "hardened-nginx"
|
||||
org.opencontainers.image.description: "Minimal enterprise-hardened Nginx image built with DHI"
|
||||
Reference in New Issue
Block a user