Skip to content

Commit

Permalink
Use non root user
Browse files Browse the repository at this point in the history
  • Loading branch information
@kumaranvpl
kumaranvpl committed Nov 11, 2024
1 parent d3efd04 commit 7c98eb5
Showing 1 changed file with 15 additions and 8 deletions.
23 changes: 15 additions & 8 deletions {{cookiecutter.project_slug}}/docker/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,21 @@ COPY deployment/firebase/* /app/
RUN pip install --upgrade pip && pip install --no-cache-dir -e "."

# Add user appuser with root permissions
# RUN adduser --disabled-password --gecos '' appuser \
# && chown -R appuser /app \
# && chown -R appuser:appuser /etc/nginx/conf.d /var/log/nginx /var/lib/nginx \
# && touch /run/nginx.pid && chown -R appuser:appuser /run/nginx.pid

# USER appuser

EXPOSE 8000 8008 8888
RUN adduser --disabled-password --gecos '' appuser \
&& chown -R appuser /app \
&& chown -R appuser:appuser /etc/nginx/conf.d /var/log/nginx /var/lib/nginx \
&& touch /run/nginx.pid && chown -R appuser:appuser /run/nginx.pid \
# Allow binding to ports > 1024 without root
&& sed -i 's/listen 80/listen 9999/g' /etc/nginx/sites-available/default \
&& sed -i 's/listen \[::\]:80/listen \[::\]:9999/g' /etc/nginx/sites-available/default \
# Create required directories with correct permissions
&& mkdir -p /var/cache/nginx /var/run \
&& chown -R appuser:appuser /var/cache/nginx /var/run

USER appuser

# ToDo: Fix exposing ports
# EXPOSE 8000 8008 8888

CMD ["/app/run_fastagency.sh"]

Expand Down

0 comments on commit 7c98eb5

Please sign in to comment.