From 1e21cee6bb2ff0f827a952d89570160c024d19d0 Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Tue, 3 Feb 2026 23:46:26 +0200 Subject: Fix non-root execution with proper Apache paths - Add PidFile directive after ServerRoot for non-root user - Configure cgid ScriptSock to /var/run/apache2/cgisock - Redirect ErrorLog and CustomLog to /var/log/apache2/ - Create /var/run/apache2 and /var/log/apache2 with correct ownership - Set explicit UID/GID 1000 for app user - Bump version to 1.6.2 --- docker-image/Dockerfile | 16 +++++++++++++--- docker-image/Justfile | 2 +- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/docker-image/Dockerfile b/docker-image/Dockerfile index a17d264..3960bfb 100644 --- a/docker-image/Dockerfile +++ b/docker-image/Dockerfile @@ -5,11 +5,19 @@ RUN apk update && apk add --no-cache \ bind-tools \ && rm -rf /var/cache/apk/* -# Enable CGI and remoteip modules +# Enable CGI and remoteip modules, configure for non-root RUN sed -i 's/#LoadModule cgid_module/LoadModule cgid_module/' /usr/local/apache2/conf/httpd.conf && \ sed -i 's/#LoadModule cgi_module/LoadModule cgi_module/' /usr/local/apache2/conf/httpd.conf && \ sed -i 's/#LoadModule remoteip_module/LoadModule remoteip_module/' /usr/local/apache2/conf/httpd.conf && \ + sed -i 's/^User .*/User app/' /usr/local/apache2/conf/httpd.conf && \ + sed -i 's/^Group .*/Group app/' /usr/local/apache2/conf/httpd.conf && \ sed -i 's/^Listen 80$/Listen 8080/' /usr/local/apache2/conf/httpd.conf && \ + sed -i 's|^ErrorLog .*|ErrorLog /var/log/apache2/error.log|' /usr/local/apache2/conf/httpd.conf && \ + sed -i 's|^CustomLog .*|CustomLog /var/log/apache2/access.log combined|' /usr/local/apache2/conf/httpd.conf && \ + # Add PidFile directive right after ServerRoot (must be early in config) + sed -i '/^ServerRoot/a PidFile "/var/run/apache2/httpd.pid"' /usr/local/apache2/conf/httpd.conf && \ + # Configure cgid ScriptSock right after the module is loaded + sed -i '/#Scriptsock cgisock/c\ Scriptsock /var/run/apache2/cgisock' /usr/local/apache2/conf/httpd.conf && \ echo 'ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"' >> /usr/local/apache2/conf/httpd.conf && \ echo '' >> /usr/local/apache2/conf/httpd.conf && \ echo ' AllowOverride None' >> /usr/local/apache2/conf/httpd.conf && \ @@ -28,8 +36,10 @@ COPY index.pl /usr/local/apache2/cgi-bin/index.pl RUN chmod 755 /usr/local/apache2/cgi-bin/index.pl # Run as non-root -RUN addgroup -S app && adduser -S -G app app && \ - chown -R app:app /usr/local/apache2/logs /usr/local/apache2/htdocs /usr/local/apache2/cgi-bin /usr/local/apache2/conf +RUN addgroup -S -g 1000 app && adduser -S -D -H -u 1000 -G app app && \ + chown -R app:app /usr/local/apache2/htdocs /usr/local/apache2/cgi-bin /usr/local/apache2/conf /usr/local/apache2/logs && \ + mkdir -p /var/run/apache2 /var/log/apache2 && \ + chown -R app:app /var/run/apache2 /var/log/apache2 USER app # Create a redirect from / to /cgi-bin/index.pl diff --git a/docker-image/Justfile b/docker-image/Justfile index f28bfdd..95deb15 100644 --- a/docker-image/Justfile +++ b/docker-image/Justfile @@ -1,4 +1,4 @@ -VERSION := "1.6.1" +VERSION := "1.6.2" REGISTRY := "r0.lan.buetow.org:30001" IMAGE := "ipv6test" -- cgit v1.2.3