From 7b7d6a5fbd964d124532c11e1f2016c2427b61ac Mon Sep 17 00:00:00 2001 From: Lukas Frischknecht Date: Tue, 8 Feb 2022 17:27:17 +0100 Subject: [PATCH 1/2] Enable non-root container build Closes #308. --- .docker/Dockerfile | 4 ++++ .docker/Dockerfile.multiarch | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/.docker/Dockerfile b/.docker/Dockerfile index 457a387..7dd7a1a 100644 --- a/.docker/Dockerfile +++ b/.docker/Dockerfile @@ -22,8 +22,12 @@ COPY --from=builder /app /app WORKDIR /app +RUN chown -R node:node . + EXPOSE 5005 +USER node + ENV NODE_ENV=production ENV PASSWORD=flame_password diff --git a/.docker/Dockerfile.multiarch b/.docker/Dockerfile.multiarch index 1c4fb20..9087093 100644 --- a/.docker/Dockerfile.multiarch +++ b/.docker/Dockerfile.multiarch @@ -23,8 +23,12 @@ COPY --from=builder /app /app WORKDIR /app +RUN chown -R node:node . + EXPOSE 5005 +USER node + ENV NODE_ENV=production ENV PASSWORD=flame_password From d475499bb9b62b9762597e17099b7e33606869e1 Mon Sep 17 00:00:00 2001 From: Simon Weald Date: Sun, 8 May 2022 21:32:11 +0100 Subject: [PATCH 2/2] remove chown from CMD to allow image to run as an unprivileged user --- .docker/Dockerfile | 2 +- .docker/Dockerfile.multiarch | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.docker/Dockerfile b/.docker/Dockerfile index 7dd7a1a..1e59ff4 100644 --- a/.docker/Dockerfile +++ b/.docker/Dockerfile @@ -31,4 +31,4 @@ USER node ENV NODE_ENV=production ENV PASSWORD=flame_password -CMD ["sh", "-c", "chown -R node /app/data && node server.js"] \ No newline at end of file +CMD ["node", "server.js"] diff --git a/.docker/Dockerfile.multiarch b/.docker/Dockerfile.multiarch index 9087093..bd5f001 100644 --- a/.docker/Dockerfile.multiarch +++ b/.docker/Dockerfile.multiarch @@ -32,4 +32,4 @@ USER node ENV NODE_ENV=production ENV PASSWORD=flame_password -CMD ["sh", "-c", "chown -R node /app/data && node server.js"] \ No newline at end of file +CMD ["node", "server.js"]