This commit changes access-list IP directives to be implemented using
the nginx "geo" directive.
This allows IP-based blocks to return 444 (drop connection) on
authorization failure when the "Drop Unauthorized" is enabled.
It also allows the implementation of "Satisfy Any" with the new
client CA certificate support - i.e. Satisfy Any can allow clients
from the local network to skip client certificate challenge, or drop
down to requesting basic authentication.
It should be noted that including basic authentication requirements
in Satisfy Any mode does prevent a 444 response from being sent, as
the basic auth challenge requires the server to respond.
Optionally run as another user/group only if
the env vars are specified. Should give flexibility
to those who need to run processes as root and open ports
without having to request additional priveleges
with PUID and PGID environment variables
- Detects if image is run with a user in docker command and fails if so
- Adds s6 prepare scripts for adding a 'npmuser'
- Split up and refactor the s6 prepare scripts
- Runs nginx and backend node as 'npmuser'
- Changes ownership of files required at startup
