I'm trying to use nginxinc/nginx-unprivileged with a different uid and gid for the nginx workers. For this I'm supplying the UID and GID docker parameters, but they seem to be overwritten by the default ones. Here's two variations I tried:

Dockerfile

ARG UID=998
ARG GID=998

# This image allows from parameterized UID/GID
FROM nginxinc/nginx-unprivileged:1.21.4

command: docker build --tag nginx-uids .

and

Dockerfile

FROM nginxinc/nginx-unprivileged:1.21.4

command: docker build --tag nginx-uids --build-arg UID=998 .

The latter even errors with: [Warning] One or more build-args [UID] were not consumed, which indicates that it does not use the UID.

There must be something I'm missing, but I cannot figure out what it is. Thanks!

CodePudding user response：

UID and GID are here just arguments for the image when building it. This appears to not being used.

Said differently, the ARG are used when building the image, not reusing the image.

Your cannot use the --user argument of docker run because the image files will be owned by UID=101 and GID=101 based on the image Dockerfile content. But it’s ok, it will already run with that user and not root.

CodePudding user response：

It turns out that a FROM cannot be influenced with ARGS, since the layers are built already. To answer my own question: to make ARGS work I could have used:

docker build -t nginxinc/docker-nginx-unprivileged --build-arg UID=998 --build-arg GID=999 'https://github.com/nginxinc/docker-nginx-unprivileged.git#main:stable/debian'

and then build from that image.

I chose to edit the user instead from the Dockerfile (this approach will not work for docker-nginx-unprivileged, since the user there is already running the nginx master process).

FROM nginx:1.21.4

RUN usermod -u 998 -o nginx && groupmod -g 999 -o nginx