docker-library
/
docs
mirror of https://github.com/docker-library/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Document changes to allow Jetty to run --read-only

This commit is contained in:
Mike Dillon 2015-03-11 13:47:57 -07:00
parent bf5f862480
commit 214341296d
2 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
jetty/README.md
View File

@ -30,13 +30,21 @@ The default Jetty environment in the image is:
JETTY_HOME = /usr/local/jetty JETTY_HOME = /usr/local/jetty
JETTY_BASE = /var/lib/jetty JETTY_BASE = /var/lib/jetty
JETTY_CONF = /usr/local/jetty/etc/jetty.conf JETTY_CONF = /usr/local/jetty/etc/jetty.conf
JETTY_STATE = /var/lib/jetty/jetty.state JETTY_STATE = /run/jetty/jetty.state
JETTY_ARGS = JETTY_ARGS =
JAVA_OPTIONS = JAVA_OPTIONS =
TMPDIR = /tmp TMPDIR = /tmp/jetty
Webapps can be [deployed](https://wiki.eclipse.org/Jetty/Howto/Deploy_Web_Applications) in `/var/lib/jetty/webapps`. Webapps can be [deployed](https://wiki.eclipse.org/Jetty/Howto/Deploy_Web_Applications) in `/var/lib/jetty/webapps`.
## Read-only container
To run `jetty` as a read-only container, have Docker create the `/tmp/jetty` and `/run/jetty` directories as volumes:
docker run -d --read-only -v /tmp/jetty -v /run/jetty jetty:9
Since the container is read-only, you'll need to either mount in your webapps directory with `-v /path/to/my/webapps:/var/lib/jetty/webapps` or by populating `/var/lib/jetty/webapps` in a derived image.
# Security # Security
By default, this image starts as user `root` and uses Jetty's `setuid` module to drop privileges to user `jetty` after initialization. The `JETTY_BASE` directory at `/var/lib/jetty` is owned by `jetty:jetty` (uid 999, gid 999). By default, this image starts as user `root` and uses Jetty's `setuid` module to drop privileges to user `jetty` after initialization. The `JETTY_BASE` directory at `/var/lib/jetty` is owned by `jetty:jetty` (uid 999, gid 999).

12
jetty/content.md
View File

@ -23,13 +23,21 @@ The default Jetty environment in the image is:
JETTY_HOME = /usr/local/jetty JETTY_HOME = /usr/local/jetty
JETTY_BASE = /var/lib/jetty JETTY_BASE = /var/lib/jetty
JETTY_CONF = /usr/local/jetty/etc/jetty.conf JETTY_CONF = /usr/local/jetty/etc/jetty.conf
JETTY_STATE = /var/lib/jetty/jetty.state JETTY_STATE = /run/jetty/jetty.state
JETTY_ARGS = JETTY_ARGS =
JAVA_OPTIONS = JAVA_OPTIONS =
TMPDIR = /tmp TMPDIR = /tmp/jetty
Webapps can be [deployed](https://wiki.eclipse.org/Jetty/Howto/Deploy_Web_Applications) in `/var/lib/jetty/webapps`. Webapps can be [deployed](https://wiki.eclipse.org/Jetty/Howto/Deploy_Web_Applications) in `/var/lib/jetty/webapps`.
## Read-only container
To run `jetty` as a read-only container, have Docker create the `/tmp/jetty` and `/run/jetty` directories as volumes:
docker run -d --read-only -v /tmp/jetty -v /run/jetty jetty:9
Since the container is read-only, you'll need to either mount in your webapps directory with `-v /path/to/my/webapps:/var/lib/jetty/webapps` or by populating `/var/lib/jetty/webapps` in a derived image.
# Security # Security
By default, this image starts as user `root` and uses Jetty's `setuid` module to drop privileges to user `jetty` after initialization. The `JETTY_BASE` directory at `/var/lib/jetty` is owned by `jetty:jetty` (uid 999, gid 999). By default, this image starts as user `root` and uses Jetty's `setuid` module to drop privileges to user `jetty` after initialization. The `JETTY_BASE` directory at `/var/lib/jetty` is owned by `jetty:jetty` (uid 999, gid 999).