Build Unbound Image

The UID and GID can be overridden by setting environment variables in your docker-compose file or shell. Thanks to @kernbug for suggesting. Check the examples (https://github.com/madnuttah/unbound-docker/tree/main/doc/examples) to lean how this works. You need to remove the username in your unbound.conf like so `username=""` or there will be warnings in your log.
AWK and SED has been added to the image (needed for statistics via healthcheck), ash has been removed

.github/workflows/build-unbound.yaml

@@ -9,7 +9,7 @@ on:
 
 env:
   DOCKERHUB_SLUG: "madnuttah/unbound"
-  VERSION: "1.19.1-0"
+  VERSION: "1.19.1-1"
 
 jobs:
   build:

README.md

@@ -6,9 +6,8 @@
 
 [![GitHub version](https://img.shields.io/github/v/release/madnuttah/unbound-docker?include_prereleases&style=flat-square)](https://github.com/madnuttah/unbound-docker/releases)
 [![Build Multiarch Unbound Docker Image](https://img.shields.io/github/actions/workflow/status/madnuttah/unbound-docker/build-unbound.yaml?branch=main&label=Unbound%20build%20status&style=flat-square)](https://github.com/madnuttah/unbound-docker/actions/workflows/build-unbound.yaml)
-[![Build Multiarch OpenSSL BuildEnv Docker Image](https://img.shields.io/github/actions/workflow/status/madnuttah/unbound-docker/build-openssl-buildenv.yaml?branch=main&label=OpenSSL%20build%20status&style=flat-square)](https://github.com/madnuttah/unbound-docker/actions/workflows/build-openssl-buildenv.yaml)
 
-This is an actively maintained and trustworthy, lightweight Alpine Linux based Docker image that runs [Unbound](https://unbound.net), an open source high-performance DNS resolver brought to you by the nice people [@NLnetLabs](https://github.com/NLnetLabs) running as **your own** recursive DNS server.
+This is an actively maintained and trustworthy, lightweight Alpine Linux based Docker image that runs [Unbound](https://unbound.net), an open source high-performance DNS resolver brought to you by the nice people [@NLnetLabs](https://github.com/NLnetLabs) running as **your own** recursive DNS server in an "distroless" scratch image.
 
 <details> 
 
@@ -53,7 +52,8 @@ Docker containers are most easily used with docker compose.
 
   <summary>Tags</summary><br>  
 
-   - [1.19.1-0 (latest)](https://hub.docker.com/r/madnuttah/unbound/tags)
+   - [1.19.1-1 (latest)](https://hub.docker.com/r/madnuttah/unbound/tags)   
+   - [1.19.1-0](https://hub.docker.com/r/madnuttah/unbound/tags)
    - [1.19.0-5](https://hub.docker.com/r/madnuttah/unbound/tags)
    - [1.19.0-4](https://hub.docker.com/r/madnuttah/unbound/tags)
    - [1.19.0-3](https://hub.docker.com/r/madnuttah/unbound/tags)

doc/DETAILS.md

@@ -27,7 +27,6 @@
 
 [![Current Alpine Linux release](https://img.shields.io/docker/v/_/alpine/latest?label=Current%20Alpine%20Linux%20release&style=flat-square)](https://github.com/alpinelinux/docker-alpine)
 [![Current Unbound release](https://img.shields.io/github/v/tag/nlnetlabs/unbound?label=Current%20Unbound%20release&style=flat-square)](https://github.com/NLnetLabs/unbound/tags)
-[![Current OpenSSL release](https://img.shields.io/github/v/tag/openssl/openssl?label=Current%20OpenSSL%20release&style=flat-square)](https://github.com/openssl/openssl/tags)
 
 ## Table of Contents
 
@@ -54,7 +53,7 @@ Source: [unbound.net](https://unbound.net/)
 ## About this Image
 
 This container image is based on Alpine Linux with focus on security, performance and a small image size.
-The unbound process runs in the context of a non-root user, is build with a "distroless" scratch image and makes use of unprivileged ports (5335 tcp/udp).
+The unbound process runs in the context of a non-root user, makes use of unprivileged ports (5335 tcp/udp) and the image is built using a "distroless" scratch image.
 
 Unbound is configured as an DNSSEC validating DNS resolver, which directly queries DNS root servers utilizing zone transfers holding a local copy of the root zone (see [IETF RFC 8806](https://www.rfc-editor.org/rfc/rfc8806.txt)) as your own recursive upstream DNS server in combination with [Pi-hole](https://pi-hole.net/) for adblocking in mind, but works also as a standalone server. 
 

doc/examples/docker-compose.yaml-bridge

@@ -64,6 +64,9 @@ services:
       TZ: <YOURTIMEZONE> #e.g. "America/New_York"
       ServerIP: <UNBOUND_IP_ADDRESS> #e.g. 172.20.0.253 or fd11:aa:1234:1234::505
       VIRTUAL_HOST: <unbound.yourdomain.lan>
+      #Optional
+      UID: <YourUserID>
+      GID: <YourUserID>
     volumes:
       - ./unbound.conf:/usr/local/unbound/unbound.conf:rw #Your local path to Unbound
       - ./conf.d/:/usr/local/unbound/conf.d/:rw

doc/examples/docker-compose.yaml-macvlan

@@ -70,6 +70,9 @@ services:
       TZ: <YOURTIMEZONE> #e.g. "America/New_York"
       ServerIP: <UNBOUND_IP_ADDRESS> #e.g. 192.168.1.253 or fd11:aa:1234:1234::505
       VIRTUAL_HOST: <unbound.yourdomain.lan>
+      #Optional
+      UID: <YourUserID>
+      GID: <YourUserID>
     volumes:
       - ./unbound.conf:/usr/local/unbound/unbound.conf:rw #Your local path to Unbound
       - ./conf.d/:/usr/local/unbound/conf.d/:rw

doc/examples/usr/local/unbound/unbound.conf

@@ -3,8 +3,8 @@ include: "/usr/local/unbound/zones.d/*.conf"
 
 server:
 	module-config: "validator iterator"
-	username: "_unbound"
-    directory: "/usr/local/unbound"
-	chroot: "/usr/local/unbound"
+	username: ""
+ directory: "/usr/local/unbound"
+	chroot: ""
 	do-daemonize: no
 	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt