You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Slavi Pantaleev
299a8c4c7c
Make (most) containers start as non-root ...
This makes all containers (except mautrix-telegram and
mautrix-whatsapp), start as a non-root user.
We do this, because we don't trust some of the images.
In any case, we'd rather not trust ALL images and avoid giving
`root` access at all. We can't be sure they would drop privileges
or what they might do before they do it.
Because Postfix doesn't support running as non-root,
it had to be replaced by an Exim mail server.
The matrix-nginx-proxy nginx container image is patched up
(by replacing its main configuration) so that it can work as non-root.
It seems like there's no other good image that we can use and that is up-to-date
(https://hub.docker.com/r/nginxinc/nginx-unprivileged is outdated).
Likewise for riot-web (https://hub.docker.com/r/bubuntux/riot-web/ ),
we patch it up ourselves when starting (replacing the main nginx
configuration).
Ideally, it would be fixed upstream so we can simplify.
6 years ago
..
README.md
Add initial version of maintenance and troubleshooting doc
6 years ago
ansible.md
Add Ansible guide and Ansible version checks
6 years ago
configuring-dns.md
Use CNAME for riot in the example table
6 years ago
configuring-playbook-bridge-mautrix-telegram.md
Annotate certain features as optional/advanced
6 years ago
configuring-playbook-bridge-mautrix-whatsapp.md
Annotate certain features as optional/advanced
6 years ago
configuring-playbook-email.md
Make (most) containers start as non-root
6 years ago
configuring-playbook-external-postgres.md
Make roles more independent of one another
6 years ago
configuring-playbook-federation.md
Annotate certain features as optional/advanced
6 years ago
configuring-playbook-ldap-auth.md
Add LDAP auth password provider documentation and changelog description
6 years ago
configuring-playbook-matrix-corporal.md
Annotate certain features as optional/advanced
6 years ago
configuring-playbook-mxisd.md
Split playbook into multiple roles
6 years ago
configuring-playbook-own-webserver.md
Add support for 2 more SSL certificate retrieval methods
6 years ago
configuring-playbook-rest-auth.md
Annotate certain features as optional/advanced
6 years ago
configuring-playbook-s3.md
Improve wording a bit
6 years ago
configuring-playbook-shared-secret-auth.md
Annotate certain features as optional/advanced
6 years ago
configuring-playbook-ssl-certificates.md
Add support for 2 more SSL certificate retrieval methods
6 years ago
configuring-playbook-telemetry.md
Annotate certain features as optional/advanced
6 years ago
configuring-playbook.md
Split playbook into multiple roles
6 years ago
configuring-well-known.md
Fix /.well-known/matrix/client for CORS
6 years ago
importing-media-store.md
Make media-store restore work with server files, not local
6 years ago
importing-postgres.md
Make media-store restore work with server files, not local
6 years ago
importing-sqlite.md
Make media-store restore work with server files, not local
6 years ago
installing.md
Make media-store restore work with server files, not local
6 years ago
maintenance-and-troubleshooting.md
Add initial version of maintenance and troubleshooting doc
6 years ago
maintenance-checking-services.md
Add self-check command
6 years ago
maintenance-upgrading-postgres.md
Add support for configuring Postgres auto-upgrade-backup path
6 years ago
maintenance-upgrading-services.md
Link to Synapse Homeowners room
6 years ago
prerequisites.md
Add Ansible guide and Ansible version checks
6 years ago
registering-users.md
add script + doc to change a user to admin
6 years ago
uninstalling.md
add script + doc to remove everything
6 years ago
Slavi Pantaleev