From c3a377a265d2ca92b8823be281fa0e487d30692b Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Wed, 18 Feb 2026 15:12:32 +0800
Subject: switch to rocky linux 10, add --init for zombie reaping, fix NAT
 setup

- base image alpine -> rockylinux:10 (cgit/fcgiwrap from EPEL)
- drop spawn-fcgi, use fcgiwrap -s directly
- add --init to reap zombie sshd-auth processes (PID exhaustion fix)
- replace ip addr/route networking with nft DNAT/SNAT/FORWARD rules
- add FORWARD accept rule that was missing for inbound DNAT traffic
---
 entrypoint.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'entrypoint.sh')

diff --git a/entrypoint.sh b/entrypoint.sh
index 3e2dcc0..ba24e29 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 set -e
 
 # Check cert matches domain, else clear and renew
@@ -21,7 +21,8 @@ chmod 700 /git/.ssh
 chmod 600 /git/.ssh/authorized_keys
 /usr/sbin/sshd
 
-spawn-fcgi -s ${FCGI_SOCK} /usr/bin/fcgiwrap
+fcgiwrap -s unix:${FCGI_SOCK} &
+sleep 0.5
 chmod 666 ${FCGI_SOCK}
 
 exec caddy run --config /etc/caddy/Caddyfile --adapter caddyfile
-- 
cgit