我在基于Alpine:3.10的容器中有一个简单的Flask应用程序,我想用uWSGI运行它。问题是,当我运行它时指定--uid参数:
// Try to open PDF and return false if it is not possible.
fun openPdf(file: File, context: Context): Boolean {
val uri = getUriFromFile(file, context)
if (uri == null) {
return false
} else {
val intent = Intent(Intent.ACTION_VIEW).apply {
setDataAndType(uri, "application/pdf")
flags = Intent.FLAG_ACTIVITY_CLEAR_TOP
addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION)
}
// Validate that the device can open your File.
val activityInfo = intent.resolveActivityInfo(context.packageManager, intent.flags)
return if (activityInfo?.exported == true) {
context.startActivity(Intent.createChooser(intent, "Open PDF")))
true
} else {
false
}
}
}
// Get URI from file.
fun getUriFromFile(file: File, context: Context): Uri? =
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {
Uri.fromFile(file)
} else {
try {
FileProvider.getUriForFile(context, context.packageName + ".provider", file)
} catch (e: Exception) {
if (e.message?.contains("ProviderInfo.loadXmlMetaData") == true) {
throw Error("FileProvider doesn't exist or has no permissions")
} else {
throw e
}
}
}
它记录权限被拒绝的错误并以代码1退出:
$plainPassword但是如果我评论-uid 参数,它会警告我我以root用户身份运行(这很糟糕),但运行得很好。我究竟做错了什么?
答案 0 :(得分:2)
只有root可以绑定到端口<1024。您应该更改uwsgi命令行以在端口80以外的其他端口上运行,例如:
CMD [ "uwsgi", "--socket", "0.0.0.0:8080", \
"--uid", "uwsgi", \
"--plugins", "python3", \
"--protocol", "http", \
"--module", "owo.app:app", \
"-p", "4", \
"--enable-threads"]
在容器中运行哪个端口都没有关系,因为当您docker run容器(docker run -p 80:8080 ...)时,可以始终将其映射到主机上的端口80。