I’m trying to use nginxinc/nginx-unprivileged with a different uid and gid for the nginx workers. For this I’m supplying the UID and GID docker parameters, but they seem to be overwritten by the default ones. Here’s two variations I tried:
Dockerfile
ARG UID=998
ARG GID=998
# This image allows from parameterized UID/GID
FROM nginxinc/nginx-unprivileged:1.21.4
command: docker build --tag nginx-uids .
and
Dockerfile
FROM nginxinc/nginx-unprivileged:1.21.4
command: docker build –tag nginx-uids –build-arg UID=998 .
The latter even errors with: [Warning] One or more build-args [UID] were not consumed, which indicates that it does not use the UID.
There must be something I’m missing, but I cannot figure out what it is. Thanks!
2
Answers
It turns out that a
FROMcannot be influenced withARGS, since the layers are built already. To answer my own question: to make ARGS work I could have used:docker build -t nginxinc/docker-nginx-unprivileged --build-arg UID=998 --build-arg GID=999 'https://github.com/nginxinc/docker-nginx-unprivileged.git#main:stable/debian'and then build from that image.
I chose to edit the user instead from the Dockerfile (this approach will not work for docker-nginx-unprivileged, since the user there is already running the nginx master process).
UIDandGIDare here justargumentsfor the image when building it. This appears to not being used.Said differently, the
ARGare used when building the image, not reusing the image.Your cannot use the
--userargument ofdocker runbecause the image files will be owned byUID=101andGID=101based on the image Dockerfile content.But it’s ok, it will already run with that user and not root.