fix: clean up nginx read-only filesystem approach (#125)

Remove Dockerfile /tmp workaround hacks (NGINX_ENVSUBST_OUTPUT_DIR and sed). Use tmpfs with uid=101,gid=101 in docker-compose.yml instead, so the nginx user can write to /etc/nginx/conf.d directly under read_only: true.
2026-02-08 13:33:40 +01:00
parent 5cd519be50
commit 27f5478dad
2 changed files with 1 additions and 6 deletions
@@ -52,7 +52,7 @@ services:
      - /tmp:noexec,nosuid,size=64m
      - /var/cache/nginx:noexec,nosuid,size=64m
      - /var/run:noexec,nosuid,size=64m
-      - /etc/nginx/conf.d:noexec,nosuid,size=1m
+      - /etc/nginx/conf.d:noexec,nosuid,size=1m,uid=101,gid=101
    cap_drop:
      - ALL