Skip to content

Commit

Permalink
fix: disable setcap on caddy binary
Browse files Browse the repository at this point in the history 
When using the caddy image provided by this repository, the Caddy binary
would be wrapped with setcap, causing it to error out on startup with a
security context restricting privileges. setcap is unnecessary if the
proper sysctls are set in the security context.

Signed-off-by: Matthew Penner <[email protected]>
  • Loading branch information
@matthewpi
matthewpi committed Jun 29, 2024
1 parent 548496d commit 7e23d85
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion caddy.Containerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,9 @@ ARG CADDY_HASH=sha256:51b5e778a16d77474c37f8d1d966e6863cdb1c7478396b04b806169fed

FROM docker.io/library/caddy:${CADDY_VERSION}-builder@${CADDY_BUILDER_HASH} AS builder

RUN xcaddy build \
RUN XCADDY_SETCAP=0 \
XCADDY_SUDO=0 \
xcaddy build \
--with github.com/mholt/caddy-l4@6a8be7c4b8acb0c531b6151c94a9cd80894acce1

FROM docker.io/library/caddy:${CADDY_VERSION}@${CADDY_HASH}
Expand Down

0 comments on commit 7e23d85

Please sign in to comment.