lyra_phasma/opencloud-compose
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud-compose.git synced 2026-06-08 20:20:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #157 from chillymattster/configure_uid_gid

Browse Source 
feat: improve security - configure container uid and gid
This commit is contained in:
Michael Barz
2025-11-25 10:28:03 +01:00
committed by GitHub
parent afe6399374 4d2ad78f6d
commit 79782cdd5f
5 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.env.example
View File

@@ -69,6 +69,10 @@ TRAEFIK_ACCESS_LOG=
# Configure the log level for Traefik. # Configure the log level for Traefik.
# Possible values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL" and "PANIC". Default is "ERROR". # Possible values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL" and "PANIC". Default is "ERROR".
TRAEFIK_LOG_LEVEL= TRAEFIK_LOG_LEVEL=
# The default for traefik is to run in privileged mode.
# If you want to run traefik non-privileged, use the following variable and the format [UID]:[GID] to set user and group of your choice.
# Ensure that the user has access to docker.sock and traefik volumes defined in traefik/opencloud.yml
#TRAEFIK_CONTAINER_UID_GID="1000:1000"
## OpenCloud Settings ## ## OpenCloud Settings ##
@@ -80,6 +84,11 @@ OC_DOCKER_IMAGE=opencloudeu/opencloud-rolling
# The openCloud container version. # The openCloud container version.
# Defaults to "latest" and points to the latest stable tag. # Defaults to "latest" and points to the latest stable tag.
OC_DOCKER_TAG= OC_DOCKER_TAG=
# The default id used in opencloud containers is 1000 for user and group.
# If you want to change the default, use the following variable and the format [UID]:[GID].
# The change affects all containers with access to data volumes.
# Ensure that the user has access to all volumes defined in docker-compose.yml
#OC_CONTAINER_UID_GID="1000:1000"
# Domain of openCloud, where you can find the frontend. # Domain of openCloud, where you can find the frontend.
# Defaults to "cloud.opencloud.test" # Defaults to "cloud.opencloud.test"
OC_DOMAIN= OC_DOMAIN=

1
docker-compose.yml
View File

@@ -4,6 +4,7 @@ services:
image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest} image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest}
# changelog: https://github.com/opencloud-eu/opencloud/tree/main/changelog # changelog: https://github.com/opencloud-eu/opencloud/tree/main/changelog
# release notes: https://docs.opencloud.eu/opencloud_release_notes.html # release notes: https://docs.opencloud.eu/opencloud_release_notes.html
user: ${OC_CONTAINER_UID_GID:-1000:1000}
networks: networks:
opencloud-net: opencloud-net:
entrypoint: entrypoint:

1
radicale/radicale.yml
View File

@@ -6,6 +6,7 @@ services:
- ./config/opencloud/proxy.yaml:/etc/opencloud/proxy.yaml - ./config/opencloud/proxy.yaml:/etc/opencloud/proxy.yaml
radicale: radicale:
image: ${RADICALE_DOCKER_IMAGE:-opencloudeu/radicale}:${RADICALE_DOCKER_TAG:-latest} image: ${RADICALE_DOCKER_IMAGE:-opencloudeu/radicale}:${RADICALE_DOCKER_TAG:-latest}
user: ${OC_CONTAINER_UID_GID:-1000:1000}
networks: networks:
opencloud-net: opencloud-net:
logging: logging:

1
traefik/opencloud.yml
View File

@@ -11,6 +11,7 @@ services:
traefik: traefik:
image: traefik:v3 image: traefik:v3
# release notes: https://github.com/traefik/traefik/releases # release notes: https://github.com/traefik/traefik/releases
user: ${TRAEFIK_CONTAINER_UID_GID:-0:0}
networks: networks:
opencloud-net: opencloud-net:
aliases: aliases:

1
weboffice/collabora.yml
View File

@@ -14,6 +14,7 @@ services:
collaboration: collaboration:
image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest} image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest}
user: ${OC_CONTAINER_UID_GID:-1000:1000}
networks: networks:
opencloud-net: opencloud-net:
depends_on: depends_on: