mirror of
https://github.com/muety/wakapi.git
synced 2023-08-10 21:12:56 +03:00
docker: add non-root user
This commit is contained in:
Steven Tang
parent
391a53972b
commit
b04a84ee5a
@ -16,7 +16,8 @@ RUN mkdir ./data ./app && \
|
|||||||
cp /src/config.default.yml app/config.yml && \
|
cp /src/config.default.yml app/config.yml && \
|
||||||
sed -i 's/listen_ipv6: ::1/listen_ipv6: /g' app/config.yml && \
|
sed -i 's/listen_ipv6: ::1/listen_ipv6: /g' app/config.yml && \
|
||||||
cp /src/wait-for-it.sh app/ && \
|
cp /src/wait-for-it.sh app/ && \
|
||||||
cp /src/entrypoint.sh app/
|
cp /src/entrypoint.sh app/ && \
|
||||||
|
chown 1000:1000 ./data
|
||||||
|
|
||||||
# Run Stage
|
# Run Stage
|
||||||
|
|
||||||
@ -27,7 +28,9 @@ RUN mkdir ./data ./app && \
|
|||||||
FROM alpine:3
|
FROM alpine:3
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
RUN apk add --no-cache bash ca-certificates tzdata
|
RUN addgroup -g 1000 app && \
|
||||||
|
adduser -u 1000 -G app -s /bin/sh -D app && \
|
||||||
|
apk add --no-cache bash ca-certificates tzdata
|
||||||
|
|
||||||
# See README.md and config.default.yml for all config options
|
# See README.md and config.default.yml for all config options
|
||||||
ENV ENVIRONMENT=prod \
|
ENV ENVIRONMENT=prod \
|
||||||
@ -42,6 +45,7 @@ ENV ENVIRONMENT=prod \
|
|||||||
WAKAPI_ALLOW_SIGNUP='true'
|
WAKAPI_ALLOW_SIGNUP='true'
|
||||||
|
|
||||||
COPY --from=build-env /staging /
|
COPY --from=build-env /staging /
|
||||||
|
USER app
|
||||||
|
|
||||||
EXPOSE 3000
|
EXPOSE 3000
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user