From 79e6544a89bcd648495c31f11c1068da3684c703 Mon Sep 17 00:00:00 2001 From: Benjamin Montgomery Date: Thu, 21 Apr 2022 08:05:20 -0400 Subject: [PATCH] changes to run as non-root user --- Dockerfile | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 029e2cb2..f78eab7e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,9 +28,12 @@ RUN yarn build FROM node:16.14.2-alpine # Define some ENV Vars -ENV PORT=80 \ +ENV PORT=8080 \ DIRECTORY=/app \ - IS_DOCKER=true + DEST_DIRECTORY=/app/dist \ + IS_DOCKER=true \ + UID=5000 \ + GID=5000 # Create and set the working directory WORKDIR ${DIRECTORY} @@ -40,8 +43,14 @@ RUN apk add --no-cache tzdata tini # Copy built application from build phase COPY --from=BUILD_IMAGE /app ./ -# Ensure only one version of conf.yml exists -RUN rm dist/conf.yml + +# fix permissions +RUN rm -rf ${DEST_DIRECTORY} && \ + mkdir ${DEST_DIRECTORY} && \ + chown $UID:$GID ${DEST_DIRECTORY} && \ + chmod 755 ${DEST_DIRECTORY} + +USER ${UID} # Finally, run start command to serve up the built application ENTRYPOINT [ "/sbin/tini", "--" ]