chore: Dockerfile: run proxy as non-root user (!455) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake

WofWca requested to merge WofWca/snowflake:docker-nonroot into main Dec 07, 2024

I believe this might have a potential to affect existing setups, e.g. if they use a privileged port for --metrics-port or --ephemeral-ports-range. Please verify it's all good prior to merging, and take this MR as a suggestion.

But it should work fine with our currently recommended docker-compose.yml: https://gitlab.torproject.org/tpo/anti-censorship/docker-snowflake-proxy/-/blob/main/docker-compose.yml.

I have tested it on my machine and on a VPS. I got "unrestricted" NAT, as expected, and it worked alright.

Related: #40328

Edited Dec 07, 2024 by WofWca

chore: Dockerfile: run proxy as non-root user

Merge request reports