From c3a377a265d2ca92b8823be281fa0e487d30692b Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Wed, 18 Feb 2026 15:12:32 +0800
Subject: switch to rocky linux 10, add --init for zombie reaping, fix NAT
 setup

- base image alpine -> rockylinux:10 (cgit/fcgiwrap from EPEL)
- drop spawn-fcgi, use fcgiwrap -s directly
- add --init to reap zombie sshd-auth processes (PID exhaustion fix)
- replace ip addr/route networking with nft DNAT/SNAT/FORWARD rules
- add FORWARD accept rule that was missing for inbound DNAT traffic
---
 Dockerfile | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'Dockerfile')

diff --git a/Dockerfile b/Dockerfile
index 86352b4..65ead86 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,14 +1,16 @@
-FROM alpine:latest
+FROM rockylinux:10
 
-RUN apk add --no-cache \
+RUN dnf install -y epel-release && \
+    dnf copr enable -y @caddy/caddy && \
+    dnf install -y \
     caddy \
     cgit \
     git \
     fcgiwrap \
-    spawn-fcgi \
     gettext \
     openssl \
-    openssh-server
+    openssh-server \
+    && dnf clean all
 
 COPY cgitrc.template /etc/cgitrc.template
 COPY Caddyfile /etc/caddy/Caddyfile
-- 
cgit