tyler.durden
/
dashy
mirror of https://github.com/Lissy93/dashy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

🔀 Merge pull request #495 from Singebob/master 

Add group and user in dockerfile to run container as unprivileged
Fixes #340
Thank you @Singebob
This commit is contained in:
Alicia Sykes 2022-02-19 21:45:16 +00:00 committed by GitHub
parent 2e63da041a bbbcd09b44
commit 5aff97a09e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Dockerfile
View File

@ -30,16 +30,32 @@ FROM node:16.13.2-alpine
# Define some ENV Vars # Define some ENV Vars
ENV PORT=80 \ ENV PORT=80 \
DIRECTORY=/app \ DIRECTORY=/app \
IS_DOCKER=true IS_DOCKER=true \
USER=docker \
UID=12345 \
GID=23456
# Install tini for initialization and tzdata for setting timezone
RUN apk add --no-cache tzdata tini \
# Add group
&& addgroup --gid ${GID} "${USER}" \
# Add user
&& adduser \
--disabled-password \
--ingroup "${USER}" \
--gecos "" \
--home "${DIRECTORY}" \
--no-create-home \
--uid "$UID" \
"$USER"
USER ${USER}
# Create and set the working directory # Create and set the working directory
WORKDIR ${DIRECTORY} WORKDIR ${DIRECTORY}
# Install tini for initialization and tzdata for setting timezone
RUN apk add --no-cache tzdata tini
# Copy built application from build phase # Copy built application from build phase
COPY --from=BUILD_IMAGE /app ./ COPY --from=BUILD_IMAGE --chown=${USER}:${USER} /app ./
# Finally, run start command to serve up the built application # Finally, run start command to serve up the built application
ENTRYPOINT [ "/sbin/tini", "--" ] ENTRYPOINT [ "/sbin/tini", "--" ]