docs: incorrect port mappings (--publish 80:80) for unprivileged container images #478
Conversation
Corrected the spelling of 'Uri' to 'URI' for consistency. (cherry picked from commit 8cac33f)
Signed-off-by: Elijah Zupancic <e.zupancic@f5.com>
Resolves #428 Add dedicated section explaining that unprivileged container images listen on port 8080 internally (not port 80), as they run as non-root users and cannot bind to privileged ports. Changes: - Add "Running Unprivileged Container Images" subsection with correct port mapping examples (80:8080 or 8080:8080) - Add note in Kubernetes section about containerPort for unprivileged images - Clarify security benefits of unprivileged containers The standard OSS images continue to use port 80 as they run as root. Only images tagged with 'unprivileged-oss-*' use port 8080.
|
🎉 Thank you for your contribution! It appears you have not yet signed the F5 Contributor License Agreement (CLA), which is required for your changes to be incorporated into an F5 Open Source Software (OSS) project. Please kindly read the F5 CLA and reply on a new comment with the following text to agree: I have hereby read the F5 CLA and agree to its terms 1 out of 2 committers have signed the CLA. |
There was a problem hiding this comment.
Pull request overview
This PR addresses issue #428 by correcting documentation for unprivileged container images, which listen on port 8080 instead of port 80. The changes clarify port mapping requirements and security benefits for users running NGINX as a non-root user.
- Added dedicated subsection explaining unprivileged container image usage with correct port mappings
- Updated Kubernetes configuration documentation to specify port 8080 for unprivileged images
- Upgraded Node.js version in tooling configuration
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| docs/getting_started.md | Added unprivileged container images section with correct port 8080 mappings, updated Kubernetes notes, and fixed typo (Uri → URI) |
| .tool-versions | Updated Node.js from version 20.8.0 to 23.9.0 |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
dekobon
changed the title
Proposed changes
Fix #428
- Explains that unprivileged images listen on port 8080 (not 80)
- Shows correct port mapping: --publish 80:8080
- Provides alternative mapping: --publish 8080:8080 (avoids requiring privileges on host)
- Uses example tag: unprivileged-oss-20250718
- Added clarification that unprivileged images need containerPort: 8080 instead of containerPort: 80
- Documented security benefits of unprivileged containers
- Clarified the distinction between standard OSS (port 80, runs as root) and unprivileged (port 8080, runs as nginx user) variants
Checklist
Before creating a pull request (PR), run through this checklist and mark each as complete:
README.md).