Michael Schiemer
41882dafe6
Docker named volumes cannot create mount points inside read-only directories. Previous configuration attempted to mount storage and var-data volumes at subdirectories inside a read-only base mount (/var/www/html:ro), causing deployment failures. Changes: - php service: Changed /var/www/html mount from :ro to :rw, removed storage volume - queue-worker service: Changed mount to :rw, removed storage and var-data volumes - scheduler service: Changed mount to :rw, removed storage and var-data volumes Security maintained through: - Container runs as non-root user (appuser via gosu) - Security hardening (no-new-privileges, dropped capabilities) - Rsync deployment from trusted source This is the eighth cumulative fix for production deployment pipeline.
12 KiB
12 KiB