Rootless docker container

[devthejo]

Tried to pass quickly as docker rootless container but harder than expected, we have to rebase on unprivileged nginx image
doing same as https://github.com/nginxinc/docker-nginx-unprivileged
and integrate in https://github.com/SocialGouv/docker as ngninx-unprivileged
cc @maxgfr @revolunet

[revolunet]

our nginx docker image is already unprivilegied and can run with the nginx user https://github.com/SocialGouv/docker/blob/master/nginx/Dockerfile

[devthejo]

I tried with user 101 (nginx) but that doesn't work (many nginx error when the container is running)

[revolunet]

currently its used like this : https://github.com/SocialGouv/www/blob/master/Dockerfile#L11-L16

[devthejo]

OK strange, tried exactly this on template and didn't work https://github.com/SocialGouv/template/actions/runs/1888985543
there was many nginx errors, I will retry

[devthejo]

sed: can't create temp file '/usr/share/nginx/html/404.htmlXXXXXX': Permission denied

sed: can't create temp file '/etc/nginx/nginx.confXXXXXX': Permission denied

2022/02/23 21:01:15 [warn] 1#1: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1

nginx: [warn] the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1

2022/02/23 21:01:15 [emerg] 1#1: host not found in "%%PORT%%" of the "listen" directive in /etc/nginx/nginx.conf:21

nginx: [emerg] host not found in "%%PORT%%" of the "listen" directive in /etc/nginx/nginx.conf:21

https://rancher.fabrique.social.gouv.fr/p/c-gjtkk:p-qxn46/workloads/template-helm-deploy:app-f69bcb7bc-vmhhh