Merge pull request #30 from bryanlatten/feature-non-privileged-port

Dockerfile: changing to non-privileged port
behance · May 16, 2016 · 9b2299e · 9b2299e
2 parents 13a9787 + c547401
commit 9b2299e
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 6 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:16.04
+FROM ubuntu:14.04
 MAINTAINER Bryan Latten <latten@adobe.com>
 
 # Use in multi-phase builds, when an init process requests for the container to gracefully exit, so that it may be committed
@@ -48,7 +48,8 @@ COPY ./container/root /
 RUN tar xzf /tmp/s6-overlay-amd64.tar.gz -C / && \
     rm /tmp/s6-overlay-amd64.tar.gz
 
-EXPOSE 80
+# Using a non-privileged port to prevent having to use setcap internally
+EXPOSE 8080
 
 # NOTE: intentionally NOT using s6 init as the entrypoint
 # This would prevent container debugging if any of those service crash

diff --git a/container/root/etc/nginx/sites-available/default b/container/root/etc/nginx/sites-available/default
@@ -1,5 +1,5 @@
 server {
-  listen 80;
+  listen 8080;
 
   # Doesn't broadcast version level of server software
   server_tokens off;

diff --git a/container/root/run.d/99-nginx.sh b/container/root/run.d/99-nginx.sh
@@ -5,9 +5,6 @@ if [ $CONTAINER_ROLE == 'web' ]
 then
   echo '[run] enabling web server'
 
-  # Unfortunately, until Dockerhub supports this operation...it has to be done here
-  setcap cap_net_bind_service=+ep /usr/sbin/nginx
-
   # Enable nginx as a supervised service
   if [ -d /etc/services.d/nginx ]
   then