LoginSignup
3
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

@P-man_Brown

【Docker】Nginxコンテナを非特権ユーザーで起動する方法

Last updated at Posted at 2022-10-05

Dockerfile

Dockerfileを以下の内容で作成します。

Dockerfile
FROM nginx:1.22.0

ENV TZ=Asia/Tokyo

RUN rm -f /etc/nginx/conf.d/*
RUN chown -R nginx /var/cache/nginx

USER nginx

EXPOSE 80

CMD ["/usr/sbin/nginx", "-g", "daemon off;", "-c", "/etc/nginx/nginx.conf"]

nginx:1.22.0内で既に作成されているnginxというユーザーで起動する内容にしています。

nginx.conf

nginx.confを以下の内容で作成します。

nginx.conf

worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /tmp/nginx.pid;


events {
    worker_connections  1024;
}


http {
    client_body_temp_path /tmp/client_temp;
    proxy_temp_path       /tmp/proxy_temp_path;
    fastcgi_temp_path     /tmp/fastcgi_temp;
    uwsgi_temp_path       /tmp/uwsgi_temp;
    scgi_temp_path        /tmp/scgi_temp;

    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

デフォルトの内容から変更している点は以下のとおりです。

  • user nginx;の削除
  • pid /var/run/nginx.pid;pid /tmp/nginx.pid;に変更
  • httpに以下を追記
    client_body_temp_path /tmp/client_temp;
    proxy_temp_path       /tmp/proxy_temp_path;
    fastcgi_temp_path     /tmp/fastcgi_temp;
    uwsgi_temp_path       /tmp/uwsgi_temp;
    scgi_temp_path        /tmp/scgi_temp;

compose.yml

compose.ymlを以下の内容で作成します。

compose.yml
services:
  web:
    build: .
    volumes:
      - type: bind
        source: ./.docker/web/nginx/nginx.conf
        target: /etc/nginx/nginx.conf
    ports:
      - 80:80

上記以外の方法

上記の作業についてはDockerfileに以下のように記述しても実現できます。

Dockerfile
# syntax=docker/dockerfile:1
FROM nginx:1.22.0

ENV TZ=Asia/Tokyo

RUN rm -f /etc/nginx/conf.d/*
RUN <<-EOF
    set -e
    sed -i 's,listen       80;,listen       8080;,' /etc/nginx/conf.d/default.conf
    sed -i '/user  nginx;/d' /etc/nginx/nginx.conf
    sed -i 's,/var/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf
    sed -i "/^http {/a \    proxy_temp_path /tmp/proxy_temp;\n    client_body_temp_path /tmp/client_temp;\n    fastcgi_temp_path /tmp/fastcgi_temp;\n    uwsgi_temp_path /tmp/uwsgi_temp;\n    scgi_temp_path /tmp/scgi_temp;\n" /etc/nginx/nginx.conf
    chown -R nginx /var/cache/nginx
EOF

USER nginx

EXPOSE 80

CMD ["/usr/sbin/nginx", "-g", "daemon off;", "-c", "/etc/nginx/nginx.conf"]
3
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
3
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?