make domaincheck container read-only

Signed-off-by: Simon L <szaimen@e.mail.de>

Containers/domaincheck/Dockerfile

@@ -3,10 +3,11 @@ RUN set -ex; \
     apk add --no-cache bash lighttpd netcat-openbsd; \
     adduser -S www-data -G www-data; \
     rm -rf /etc/lighttpd/lighttpd.conf; \
-    chmod +r -R /etc/lighttpd; \
+    chmod 777 -R /etc/lighttpd; \
     mkdir -p /var/www/domaincheck; \
-    chown www-data:www-data -R /var/www
-COPY --chown=www-data:www-data lighttpd.conf /etc/lighttpd/lighttpd.conf
+    chown www-data:www-data -R /var/www; \
+    chmod 777 -R /var/www/domaincheck
+COPY --chown=www-data:www-data lighttpd.conf /lighttpd.conf
 
 COPY --chmod=775 start.sh /start.sh
 

Containers/domaincheck/start.sh

@@ -11,7 +11,7 @@ if [ -z "$APACHE_PORT" ]; then
     export APACHE_PORT="443"
 fi
 
-CONF_FILE="$(sed "s|ipv6-placeholder|\[::\]:$APACHE_PORT|" /etc/lighttpd/lighttpd.conf)"
+CONF_FILE="$(sed "s|ipv6-placeholder|\[::\]:$APACHE_PORT|" /lighttpd.conf)"
 echo "$CONF_FILE" > /etc/lighttpd/lighttpd.conf
 
 # Check config file

php/containers.json

@@ -454,7 +454,12 @@
       "secrets": [
         "INSTANCE_ID"
       ],
-      "stop_grace_period": 1
+      "stop_grace_period": 1,
+      "read_only": true,
+      "tmpfs": [
+        "/etc/lighttpd",
+        "/var/www/domaincheck"
+      ]
     },
     {
       "container_name": "nextcloud-aio-clamav",