docker-netbootxyz

mirror of https://github.com/netbootxyz/docker-netbootxyz.git synced 2025-08-07 22:57:29 +02:00

History

Antony Messerli 0a9993a767 Implement rootless Docker container with preserved TFTP logging - Convert all processes to run as non-root user (nbxyz) for enhanced security - Add customizable PUID/PGID environment variables for volume permission management - Implement privilege dropping using gosu for secure initialization - Optimize Dockerfile with multi-stage build and better caching - Create dnsmasq wrapper script to ensure TFTP logs appear in docker logs - Configure supervisord to properly forward dnsmasq output to container stdout - Maintain full TFTP/PXE boot debugging functionality for users Security improvements: - All application processes (nginx, webapp, dnsmasq) run as nbxyz user - Only supervisord initialization runs as root, then drops privileges - Proper permission management for all service directories - Configurable user/group IDs via PUID/PGID environment variables Performance optimizations: - Multi-stage Docker build reduces final image size - Better layer caching for faster rebuilds - Optimized package installation and cleanup 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-06-08 09:11:59 -05:00
..
local/bin	Implement rootless Docker container with preserved TFTP logging	2025-06-08 09:11:59 -05:00

Antony Messerli 0a9993a767 Implement rootless Docker container with preserved TFTP logging

- Convert all processes to run as non-root user (nbxyz) for enhanced security
- Add customizable PUID/PGID environment variables for volume permission management
- Implement privilege dropping using gosu for secure initialization
- Optimize Dockerfile with multi-stage build and better caching
- Create dnsmasq wrapper script to ensure TFTP logs appear in docker logs
- Configure supervisord to properly forward dnsmasq output to container stdout
- Maintain full TFTP/PXE boot debugging functionality for users

Security improvements:
- All application processes (nginx, webapp, dnsmasq) run as nbxyz user
- Only supervisord initialization runs as root, then drops privileges
- Proper permission management for all service directories
- Configurable user/group IDs via PUID/PGID environment variables

Performance optimizations:
- Multi-stage Docker build reduces final image size
- Better layer caching for faster rebuilds
- Optimized package installation and cleanup

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-06-08 09:11:59 -05:00

local/bin

Implement rootless Docker container with preserved TFTP logging

2025-06-08 09:11:59 -05:00