run as user now works for gatekeeper. All keys and certs can be mode rw for the user which is used to run cyphernode.

api_auth_docker/Dockerfile

@@ -1,12 +1,14 @@
 FROM nginx:alpine
 
 RUN apk add --update --no-cache \
+		bash \
     git \
     openssl \
     fcgiwrap \
     spawn-fcgi \
     curl \
-    jq
+    jq \
+    su-exec
 
 COPY auth.sh /etc/nginx/conf.d
 COPY default-ssl.conf /etc/nginx/conf.d/default.conf

api_auth_docker/entrypoint.sh

@@ -1,5 +1,19 @@
-#!/bin/sh
+#!/bin/bash
 
-spawn-fcgi -s /var/run/fcgiwrap.socket -u nginx -g nginx -U nginx -- `which fcgiwrap`
+user='nginx'
 
+if [[ $1 ]]; then
+	IFS=':' read -ra arr <<< "$1"
+
+	if [[ ${arr[0]} ]]; then
+		user=${arr[0]};
+	fi
+
+fi
+
+# create files with -rw-rw----
+# this will allow /var/run/fcgiwrap.socket to be accessed rw for group
+su -c "umask 0006" $user
+
+spawn-fcgi -M 0660 -s /var/run/fcgiwrap.socket -u $user -g nginx -U $user -- `which fcgiwrap`
 nginx -g "daemon off;"

install/generator-cyphernode/generators/app/templates/installer/docker/docker-compose.yaml

@@ -13,6 +13,7 @@ services:
       - "<%= gatekeeper_datapath %>/private:/etc/ssl/private"
       - "<%= gatekeeper_datapath %>/keys.properties:/etc/nginx/conf.d/keys.properties"
       - "<%= gatekeeper_datapath %>/api.properties:/etc/nginx/conf.d/api.properties"
+    command: $USER
 
 #    deploy:
 #      placement: