Skip to content

Commit c44e937

Browse files
sir-sigurdsir-sigurd
authored
Make containers readonlyrootFileSystem=true compatible (#3961)
1 parent 36f4f20 commit c44e937

File tree

3 files changed

+16
-11
lines changed

3 files changed

+16
-11
lines changed

catalog/Dockerfile

+8-4
Original file line numberDiff line numberDiff line change
@@ -16,18 +16,22 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
1616
COPY nginx.conf /etc/nginx/nginx.conf
1717
COPY nginx-web.conf /etc/nginx/conf.d/default.conf
1818

19+
ARG NGINX_STATIC_DIR=/usr/share/nginx/html
1920
# Copy pre-built catalog assets to nginx
20-
RUN rm -rf /usr/share/nginx/html
21-
COPY build /usr/share/nginx/html
21+
RUN rm -rf $NGINX_STATIC_DIR
22+
COPY build $NGINX_STATIC_DIR
2223

2324
# Copy config file
2425
COPY config.json.tmpl config.json.tmpl
2526

27+
RUN ln -s /tmp/config.json $NGINX_STATIC_DIR/config.json && \
28+
ln -s /tmp/config.js $NGINX_STATIC_DIR/config.js
29+
2630
# Use SIGQUIT for a "graceful" shutdown
2731
STOPSIGNAL SIGQUIT
2832

2933
# Substitute environment variables into config.json and generate config.js based on that before starting nginx.
3034
# Note: use "exec" because otherwise the shell will catch Ctrl-C and other signals.
31-
CMD envsubst < config.json.tmpl > /usr/share/nginx/html/config.json \
32-
&& echo "window.QUILT_CATALOG_CONFIG = `cat /usr/share/nginx/html/config.json`" > /usr/share/nginx/html/config.js \
35+
CMD envsubst < config.json.tmpl > /tmp/config.json \
36+
&& echo "window.QUILT_CATALOG_CONFIG = `cat /tmp/config.json`" > /tmp/config.js \
3337
&& exec nginx -g 'daemon off;'

s3-proxy/Dockerfile

+7-6
Original file line numberDiff line numberDiff line change
@@ -34,11 +34,11 @@ RUN set -x \
3434
--error-log-path=/dev/stdout \
3535
--pid-path=/var/run/nginx.pid \
3636
--lock-path=/var/run/nginx.lock \
37-
--http-client-body-temp-path=/var/cache/nginx/client_temp \
38-
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
39-
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
40-
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
41-
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
37+
--http-client-body-temp-path=/var/lib/nginx/tmp/client_temp \
38+
--http-proxy-temp-path=/var/lib/nginx/tmp/proxy_temp \
39+
--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi_temp \
40+
--http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi_temp \
41+
--http-scgi-temp-path=/var/lib/nginx/tmp/scgi_temp \
4242
--user=nginx \
4343
--group=nginx \
4444
--with-compat \
@@ -77,9 +77,10 @@ RUN set -x \
7777
RUN set -x \
7878
&& useradd --system --user-group --no-create-home --home /nonexistent --shell /sbin/nologin nginx
7979

80-
RUN mkdir /var/cache/nginx/
80+
RUN mkdir -p /var/lib/nginx/tmp/
8181
COPY nginx.conf /root/nginx.conf.tmpl
8282
COPY run-nginx.sh /root/run-nginx.sh
83+
RUN ln -sf /tmp/nginx.conf /etc/nginx/nginx.conf
8384

8485
# Use SIGQUIT for a "graceful" shutdown
8586
STOPSIGNAL SIGQUIT

s3-proxy/run-nginx.sh

+1-1
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,6 @@ fi
2020

2121
export NAMESERVER=$nameserver
2222

23-
envsubst '$INTERNAL_REGISTRY_URL $NAMESERVER' < /root/nginx.conf.tmpl > /etc/nginx/nginx.conf
23+
envsubst '$INTERNAL_REGISTRY_URL $NAMESERVER' < /root/nginx.conf.tmpl > /tmp/nginx.conf
2424

2525
exec nginx -g 'daemon off;'

0 commit comments

Comments
 (0)