Merge 599ddd1a3937393d7b2a91dfec9f708d75d93a8c into d7a7fa3496b385f873526fce9f53cc280bf8c0e1

2025-04-30 19:12:29 +00:00 · 2024-10-11 14:15:26 +10:00 · 2024-10-11 14:15:26 +10:00 · 6110ab875a
commit 6110ab875a
parent d7a7fa3496 599ddd1a39
2 changed files with 62 additions and 25 deletions
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
@ -3,26 +3,54 @@

 set -e

-log_info 'Setting ownership ...'
+# Lowercase
+SKIP_FILE_OWNERSHIP=$(echo "${SKIP_FILE_OWNERSHIP:-}" | tr '[:upper:]' '[:lower:]')

-# root
-chown root /tmp/nginx
-
-# npm user and group
-chown -R "$PUID:$PGID" /data
-chown -R "$PUID:$PGID" /etc/letsencrypt
-chown -R "$PUID:$PGID" /run/nginx
-chown -R "$PUID:$PGID" /tmp/nginx
-chown -R "$PUID:$PGID" /var/cache/nginx
-chown -R "$PUID:$PGID" /var/lib/logrotate
-chown -R "$PUID:$PGID" /var/lib/nginx
-chown -R "$PUID:$PGID" /var/log/nginx
-
-# Don't chown entire /etc/nginx folder as this causes crashes on some systems
-chown -R "$PUID:$PGID" /etc/nginx/nginx
-chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
-chown -R "$PUID:$PGID" /etc/nginx/conf.d
-
-# Prevents errors when installing python certbot plugins when non-root
-chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
-find /opt/certbot/lib/python*/site-packages -not -user "$PUID" -execdir chown "$PUID:$PGID" {} \+
+if [ "$SKIP_FILE_OWNERSHIP" == "true" ] || [ "$SKIP_FILE_OWNERSHIP" == "on" ] || [ "$SKIP_FILE_OWNERSHIP" == "1" ] || [ "$SKIP_FILE_OWNERSHIP" == "yes" ]; then
+    log_info 'Skipping data and letsencrypt ownership, use only with caution ...'
+    # root
+    chown -R "$PUID:$PGID" /run/nginx
+    chown -R "$PUID:$PGID" /tmp/nginx
+    chown -R "$PUID:$PGID" /var/cache/nginx
+    chown -R "$PUID:$PGID" /var/lib/logrotate
+    chown -R "$PUID:$PGID" /var/lib/nginx
+    chown -R "$PUID:$PGID" /var/log/nginx
+    
+    # Don't chown entire /etc/nginx folder as this causes crashes on some systems
+    chown -R "$PUID:$PGID" /etc/nginx/nginx
+    chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
+    chown -R "$PUID:$PGID" /etc/nginx/conf.d
+    
+    # Don't chown entire /etc/nginx folder as this causes crashes on some systems
+    chown -R "$PUID:$PGID" /etc/nginx/nginx
+    chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
+    chown -R "$PUID:$PGID" /etc/nginx/conf.d
+    
+    # Prevents errors when installing python certbot plugins when non-root
+    chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
+    find /opt/certbot/lib/python*/site-packages -not -user "$PUID" -execdir chown "$PUID:$PGID" {} \+
+    
+else
+    log_info 'Setting ownership ...'
+      # root
+    chown root /tmp/nginx
+    
+    # npm user and group
+    chown -R "$PUID:$PGID" /data
+    chown -R "$PUID:$PGID" /etc/letsencrypt
+    chown -R "$PUID:$PGID" /run/nginx
+    chown -R "$PUID:$PGID" /tmp/nginx
+    chown -R "$PUID:$PGID" /var/cache/nginx
+    chown -R "$PUID:$PGID" /var/lib/logrotate
+    chown -R "$PUID:$PGID" /var/lib/nginx
+    chown -R "$PUID:$PGID" /var/log/nginx
+    
+    # Don't chown entire /etc/nginx folder as this causes crashes on some systems
+    chown -R "$PUID:$PGID" /etc/nginx/nginx
+    chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
+    chown -R "$PUID:$PGID" /etc/nginx/conf.d
+    
+    # Prevents errors when installing python certbot plugins when non-root
+    chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
+    find /opt/certbot/lib/python*/site-packages -not -user "$PUID" -execdir chown "$PUID:$PGID" {} \+
+fi
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh
@ -10,6 +10,7 @@ log_info 'IPv6 ...'

 # Lowercase
 DISABLE_IPV6=$(echo "${DISABLE_IPV6:-}" | tr '[:upper:]' '[:lower:]')
+SKIP_FILE_OWNERSHIP=$(echo "${SKIP_FILE_OWNERSHIP:-}" | tr '[:upper:]' '[:lower:]')

 process_folder () {
 	FILES=$(find "$1" -type f -name "*.conf")
@ -31,9 +32,17 @@ process_folder () {
 		echo "$(sed -E "$SED_REGEX" "$FILE")" > $FILE
 	done

-	# ensure the files are still owned by the npm user
-	chown -R "$PUID:$PGID" "$1"
+
+		# ensure the files are still owned by the npm user
+		chown -R "$PUID:$PGID" "$1"
+ 	fi
 }

+# process files on base image
 process_folder /etc/nginx/conf.d
-process_folder /data/nginx
+# conditionally process files that are probably in a volume or bind
+if [ "$SKIP_FILE_OWNERSHIP" == "true" ] || [ "$SKIP_FILE_OWNERSHIP" == "on" ] || [ "$SKIP_FILE_OWNERSHIP" == "1" ] || [ "$SKIP_FILE_OWNERSHIP" == "yes" ]; then
+    log_info 'Skipping data and letsencrypt ownership, use only with caution ...'
+else
+    process_folder /data/nginx
+fi