Skip to content

Commit

Permalink
Allow binding to a port less than 1024 to non-root users
Browse files Browse the repository at this point in the history
  • Loading branch information
aledbf committed Jun 21, 2018
1 parent 2bc66bc commit b8cda63
Showing 1 changed file with 9 additions and 4 deletions.
13 changes: 9 additions & 4 deletions images/nginx/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ clean-install \
python \
luarocks \
libmaxminddb-dev \
libcap2-bin \
|| exit 1

if [[ ${ARCH} == "x86_64" ]]; then
Expand Down Expand Up @@ -451,6 +452,11 @@ echo "Cleaning..."

cd /

mv /usr/share/nginx/sbin/nginx /usr/sbin

# allow binding to a port less than 1024 to non-root users
setcap cap_net_bind_service=+ep /usr/sbin/nginx

apt-mark unmarkauto \
bash \
curl ca-certificates \
Expand All @@ -476,14 +482,11 @@ apt-get remove -y --purge \
linux-libc-dev \
cmake \
wget \
libcap2-bin \
git g++ pkgconf flex bison doxygen libyajl-dev liblmdb-dev libgeoip-dev libtool dh-autoreconf libpcre++-dev libxml2-dev

apt-get autoremove -y

mkdir -p /var/lib/nginx/body /usr/share/nginx/html

mv /usr/share/nginx/sbin/nginx /usr/sbin

rm -rf "$BUILD_PATH"
rm -Rf /usr/share/man /usr/share/doc
rm -rf /tmp/* /var/tmp/*
Expand All @@ -505,6 +508,8 @@ writeDirs=( \
/etc/ingress-controller/auth \
/var/log \
/var/log/nginx \
/var/lib/nginx/body \
/usr/share/nginx/html \
/opt/modsecurity/var/log \
/opt/modsecurity/var/upload \
/opt/modsecurity/var/audit \
Expand Down

0 comments on commit b8cda63

Please sign in to comment.