Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Example compose file / usage of prefix parameter #50

Open
marcusfey opened this issue Nov 9, 2023 · 1 comment
Open

Example compose file / usage of prefix parameter #50

marcusfey opened this issue Nov 9, 2023 · 1 comment

Comments

@marcusfey
Copy link

I would like to use wfm behind an nginx, both in docker, ideally with docker compose (separate files).

My docker-compose.yml for wfm currently is:

version: '3'
services:
  wfm:
    image: tenox7/wfm:latest
    user: 1001:1001
    container_name: wfm
    #command: -prefix=/data:/wfm
    volumes:
      - ./wfmpasswd.json:/etc/wfmusers.json
      - /:/data:ro
    expose:
      - 8080
    restart: always
    networks:
      - nginx_network

networks:
  nginx_network:
    external: true

nginx.conf:

{ ...
    location /wfm/ {
        proxy_pass         http://wfm:8080/;
    }
...
}

I can access wfm on <host>/wfm/but all the directory links lead to <host>/<dir>instead of <host>/wfm/<dir>

My understanding was that adding -prefix fixes this. But if I add the commented line above (command: -prefix=/data:/wfm):

  • wfm is only available under <host>/wfm/wfm/
  • the links inside wfm lead to <host>/wfm/<dir> thus "outside" of /wfm/wfm

How can I fix this?

Thanks!

PS: The documentation of prefix is a bit misleading. The text contains "data" and "wfm" but the solution is "httppath". It might be helpful to pick up one of the examples, not something entirely else.
@tenox7
Copy link
Owner

tenox7 commented May 23, 2024
edited
Loading

Ah, fixed the documentation. I also changed some of the behaviors and recommendations for Docker.

Docker compose and Nginx aside, the new Dockerfile, does not force prefix to be /data:/ in the entrypoint. Generally you need to mount the volume that will be used by left path of prefix:

docker run -v /some/host/data/path:/foo tenox7/wfm:latest -prefix /foo:/

However I now recommend to actually run the docker container as root and let wfm perform chroot and setuid. This way it can open secrets and passwords files ahead of time.

So rather than using -prefix use -chroot instead:

docker run -v /some/host/data/path:/data tenox7/wfm:latest -chroot /data

If you want to expose it as a different http path then just add -prefix /:/somepath. Use / because it will be relative to chroot.

I also recommend running it as root and passing -setuid uid:gid in numeric form in your case it would be -setuid 1001:1001.

Hope this helps a bit?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@marcusfey @tenox7