From 17a4171e04239794103bbb59f631e03672bd6f08 Mon Sep 17 00:00:00 2001 From: Andrew Dryga Date: Fri, 6 Oct 2023 12:29:41 -0600 Subject: [PATCH] Bind to higher port numbers When you change the user in a Dockerfile using USER default, the process inside the container runs with the permissions of that user. In COS, only the root user (or processes with elevated privileges) can bind to ports below 1024. So, if our application is trying to bind to a port below 1024, and it's not running as root, we are getting an error. --- terraform/environments/staging/main.tf | 8 ++++---- terraform/modules/elixir-app/templates/cloud-init.yaml | 4 ---- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/terraform/environments/staging/main.tf b/terraform/environments/staging/main.tf index 87c267751..c94b269bc 100644 --- a/terraform/environments/staging/main.tf +++ b/terraform/environments/staging/main.tf @@ -438,7 +438,7 @@ module "web" { { name = "http" protocol = "TCP" - port = 80 + port = 8080 health_check = { initial_delay_sec = 60 @@ -463,7 +463,7 @@ module "web" { }, { name = "PHOENIX_HTTP_WEB_PORT" - value = "80" + value = "8080" } ], local.shared_application_environment_variables) @@ -507,7 +507,7 @@ module "api" { { name = "http" protocol = "TCP" - port = 80 + port = 8080 health_check = { initial_delay_sec = 60 @@ -532,7 +532,7 @@ module "api" { }, { name = "PHOENIX_HTTP_API_PORT" - value = "80" + value = "8080" }, ], local.shared_application_environment_variables) diff --git a/terraform/modules/elixir-app/templates/cloud-init.yaml b/terraform/modules/elixir-app/templates/cloud-init.yaml index 9540177c2..22384bae8 100644 --- a/terraform/modules/elixir-app/templates/cloud-init.yaml +++ b/terraform/modules/elixir-app/templates/cloud-init.yaml @@ -1,9 +1,5 @@ #cloud-config -users: - - name: cloudservice - uid: 2000 - write_files: - path: /etc/otelcol-contrib/config.yaml permissions: "0644"