From c3a377a265d2ca92b8823be281fa0e487d30692b Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Wed, 18 Feb 2026 15:12:32 +0800
Subject: switch to rocky linux 10, add --init for zombie reaping, fix NAT
 setup

- base image alpine -> rockylinux:10 (cgit/fcgiwrap from EPEL)
- drop spawn-fcgi, use fcgiwrap -s directly
- add --init to reap zombie sshd-auth processes (PID exhaustion fix)
- replace ip addr/route networking with nft DNAT/SNAT/FORWARD rules
- add FORWARD accept rule that was missing for inbound DNAT traffic
---
 sshd_config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'sshd_config')

diff --git a/sshd_config b/sshd_config
index 5d31e36..0270433 100644
--- a/sshd_config
+++ b/sshd_config
@@ -7,4 +7,4 @@ AuthorizedKeysFile /git/.ssh/authorized_keys
 MaxStartups 3:50:10
 # Kill unauthenticated connections after 15 seconds
 LoginGraceTime 15
-Subsystem sftp /usr/lib/ssh/sftp-server
+Subsystem sftp /usr/libexec/openssh/sftp-server
-- 
cgit