Conversation
There was a problem hiding this comment.
Pull request overview
Updates the hardened/distroless Dockerfile example in the Docker documentation to copy Caddy’s writable directories differently, aiming to ensure the Caddy state/config paths are present and owned correctly when running as nonroot.
Changes:
- Adjusts the distroless example to
COPY/dataand/configfrom the builder stage (instead of only/data/caddyand/config/caddy).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
I don't understand how this fixes the error. Does the nonroot user not have execute permissions on /data? |
dunglas
changed the title
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@henderkes actually, it's an edge case I found in dunglas/symfony-docker#909, where data and config directories are mounted as volumes. But this is quite common. |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Kévin Dunglas <kevin@dunglas.fr>
dunglas
force-pushed
the
fix/mercure-hardened
branch
from
e4f2ee9 to
15d2892
Compare
Prevents errors like this one when using Mercure:
php-1 | Error: loading initial config: loading new config: loading frankenphp app module: provision frankenphp: failed to provision caddy http: loading http app module: provision http: server srv0: setting up route handlers: route 2: loading handler modules: position 2: loading module 'mercure': provision http.handlers.mercure: provision http.handlers.mercure.bolt: "": invalid transport: open /data/caddy/mercure.db: permission denied