|
|
@@ -165,15 +165,42 @@ For easy deployment, we've created an official Docker container. There are two v
|
|
|
|
|
|
The default one will run as `root`:
|
|
|
|
|
|
+> [!WARNING]
|
|
|
+> It is discouraged to use `latest` tag for WatchTower or similar tools. The `latest` tag can reference unreleased developer, test builds, and patch releases for older versions. Use an actual version tag until transfer.sh supports major or minor version tags.
|
|
|
+
|
|
|
```bash
|
|
|
docker run --publish 8080:8080 dutchcoders/transfer.sh:latest --provider local --basedir /tmp/
|
|
|
```
|
|
|
|
|
|
+### No root
|
|
|
+
|
|
|
+The `-noroot` tags indicate image builds that run with least priviledge to reduce the attack surface might an application get compromised.
|
|
|
+> [!NOTE]
|
|
|
+> Using `-noroot` is **recommended**
|
|
|
+
|
|
|
The one tagged with the suffix `-noroot` will use `5000` as both UID and GID:
|
|
|
```bash
|
|
|
docker run --publish 8080:8080 dutchcoders/transfer.sh:latest-noroot --provider local --basedir /tmp/
|
|
|
```
|
|
|
|
|
|
+> [!NOTE]
|
|
|
+> Development history details at:
|
|
|
+> - https://github.com/dutchcoders/transfer.sh/pull/418
|
|
|
+
|
|
|
+### Tags
|
|
|
+
|
|
|
+Name | Usage
|
|
|
+--|--
|
|
|
+latest| Latest CI build, can be nightly, at commit, at tag, etc.
|
|
|
+latest-noroot| Latest CI build, can be nightly, at commit, at tag, etc. using [no root]
|
|
|
+nightly| Scheduled CI build every midnight UTC
|
|
|
+nightly-noroot| Scheduled CI build every midnight UTC using [no root]
|
|
|
+edge| Latest CI build after every commit on `main`
|
|
|
+edge-noroot| Latest CI build after every commit on `main` using [no root]
|
|
|
+x.y.z| CI build after tagging a release
|
|
|
+x.y.z-noroot| CI build after tagging a release using [no root]
|
|
|
+
|
|
|
+
|
|
|
### Building the Container
|
|
|
You can also build the container yourself. This allows you to choose which UID/GID will be used, e.g. when using NFS mounts:
|
|
|
```bash
|
Ramon Smits