https://www.cyberciti.biz/faq/howto-run-nginx-in-a-chroot-jail/
Dockerfile
FROM python:3.7.4
COPY --from=nginx:latest / /nginx
COPY ./nginx.conf /nginx/etc/nginx/nginx.conf
COPY run.sh /run.sh
#cmd ["python3", "-m", "http.server"]
cmd ["/bin/bash", "/run.sh"]
run.sh
#!/bin/bash
export D=/nginx
/bin/mknod -m 0666 $D/dev/null c 1 3
/bin/mknod -m 0666 $D/dev/random c 1 8
/bin/mknod -m 0444 $D/dev/urandom c 1 9
chroot /nginx /usr/sbin/nginx
python3 -m http.server
nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
server {
listen 5000;
location / {
proxy_pass http://127.0.0.1:8000;
}
}
#gzip on;
#include /etc/nginx/conf.d/*.conf;
}
bonus: with grafana run.sh
#!/bin/bash
export D=/nginx
/bin/mknod -m 0666 $D/dev/null c 1 3
/bin/mknod -m 0666 $D/dev/random c 1 8
/bin/mknod -m 0444 $D/dev/urandom c 1 9
chroot /nginx /usr/sbin/nginx
python3 -m http.server &
cd /opt/grafana-7.3.4
./bin/grafana-server web
dockerfile
FROM python:3.7.4
#RUN apt update; apt install -y
COPY --from=nginx:latest / /nginx
COPY ./nginx.conf /nginx/etc/nginx/nginx.conf
COPY run.sh /run.sh
COPY grafana-7.3.4.linux-amd64.tar.gz /grafana-7.3.4.linux-amd64.tar.gz
RUN tar xzvf /grafana-7.3.4.linux-amd64.tar.gz -C /opt/; true
RUN sed -i "s,root_url.*,root_url = %(protocol)s://%(domain)s:%(http_port)s/grafana," /opt/grafana-7.3.4/conf/defaults.ini
RUN sed -i "s,serve_from_sub_path.*,serve_from_sub_path = true," /opt/grafana-7.3.4/conf/defaults.ini
#cmd ["python3", "-m", "http.server"]
cmd ["/bin/bash", "/run.sh"]