From 5aaffb5bf2e324b302b3a3fee6ffc2b9244baf8b Mon Sep 17 00:00:00 2001 From: Yuqian Yang Date: Fri, 28 Feb 2025 16:18:56 +0800 Subject: feat(git): use non-root and add robots. --- services/docker/git-server/Dockerfile | 7 ++++--- services/docker/git-server/git-lighttpd.conf | 1 + services/docker/git-server/hooks/update | 0 3 files changed, 5 insertions(+), 3 deletions(-) mode change 100644 => 100755 services/docker/git-server/hooks/update (limited to 'services/docker/git-server') diff --git a/services/docker/git-server/Dockerfile b/services/docker/git-server/Dockerfile index b725122..274ba6a 100644 --- a/services/docker/git-server/Dockerfile +++ b/services/docker/git-server/Dockerfile @@ -3,13 +3,14 @@ RUN apt-get update && apt-get install -y \ git cgit lighttpd apache2-utils python3-pygments python3-markdown \ tar gzip bzip2 zip unzip tini && \ rm -rf /var/lib/apt/lists/* +RUN groupadd -g 1000 git && useradd -m -u 1000 -g 1000 -s /usr/bin/bash git ENV GIT_CONFIG_SYSTEM=/etc/gitconfig GIT_CONFIG_GLOBAL=/git/private/gitconfig ADD gitconfig /etc/gitconfig -ADD --chmod=755 hooks/* /etc/git/hooks/ -ADD git-lighttpd.conf git-auth.conf /app/ -ADD --chmod=755 lighttpd-wrapper.bash /app/ +ADD hooks/* /etc/git/hooks/ +ADD git-lighttpd.conf git-auth.conf lighttpd-wrapper.bash /app/ +USER git:git VOLUME [ "/git" ] CMD [ "tini", "--", "/app/lighttpd-wrapper.bash" ] diff --git a/services/docker/git-server/git-lighttpd.conf b/services/docker/git-server/git-lighttpd.conf index ba8e592..567303a 100644 --- a/services/docker/git-server/git-lighttpd.conf +++ b/services/docker/git-server/git-lighttpd.conf @@ -2,6 +2,7 @@ server.modules += ("mod_accesslog") server.modules += ("mod_auth", "mod_authn_file", "mod_access") server.modules += ("mod_setenv", "mod_cgi", "mod_alias") +server.port = 3636 server.document-root = "/var/www/html/" accesslog.filename = "/dev/fd/3" diff --git a/services/docker/git-server/hooks/update b/services/docker/git-server/hooks/update old mode 100644 new mode 100755 -- cgit v1.2.3