From 30e581232e26447d9547c4115d0aed386cfd491c Mon Sep 17 00:00:00 2001 From: Damien Laureaux Date: Tue, 16 Jun 2026 20:51:07 +0200 Subject: [PATCH] fix(docker): fix Nginx path #66 --- charts/openconcho/values.yaml | 1 + docker/40-openconcho-config.sh | 6 +++--- docker/nginx.conf.template | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/charts/openconcho/values.yaml b/charts/openconcho/values.yaml index e27a03a..021d3db 100644 --- a/charts/openconcho/values.yaml +++ b/charts/openconcho/values.yaml @@ -53,6 +53,7 @@ securityContext: # Directories mounted as ephemeral tmpfs (in-memory) to satisfy nginx's write requirements # when the root filesystem is read-only. Add entries for any additional writable paths. tmpfsMounts: + - mountPath: /etc/nginx/conf.d - mountPath: /var/cache/nginx - mountPath: /var/run - mountPath: /tmp diff --git a/docker/40-openconcho-config.sh b/docker/40-openconcho-config.sh index 88656ca..8e4937a 100644 --- a/docker/40-openconcho-config.sh +++ b/docker/40-openconcho-config.sh @@ -3,11 +3,11 @@ # Lets one prebuilt image target any Honcho backend without a rebuild. # OPENCONCHO_DEFAULT_HONCHO_URL — absolute URL seeding the first instance, or empty. # OPENCONCHO_UPSTREAM_ALLOWLIST — optional comma-separated host globs (SSRF guard). -# Runs from /docker-entrypoint.d before nginx starts. Requires the html dir to -# be writable (default); skip or bind-mount config.js when running --read-only. +# Runs from /docker-entrypoint.d before nginx starts. Writes config.js to /tmp +# so the container works cleanly under a read-only root filesystem. set -eu -cat > /usr/share/nginx/html/config.js < /tmp/openconcho-config.js <