open.source/whoogle-search
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update Dockerfile

Browse Source 
Create a non-root user, and run the container as that user.
This commit is contained in:
ras07 2022-01-18 16:06:51 -06:00 committed by GitHub
parent fc50359752
commit 80aa4530f3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Dockerfile
View File

@ -17,8 +17,10 @@ FROM python:3.8-alpine
RUN apk add --update --no-cache tor curl bash openrc RUN apk add --update --no-cache tor curl bash openrc
# libcurl4-openssl-dev # libcurl4-openssl-dev
ARG DOCKER_USER=whoogle
ARG DOCKER_USERID=927
ARG config_dir=/config ARG config_dir=/config
RUN mkdir -p $config_dir RUN mkdir -p -m 777 $config_dir
VOLUME $config_dir VOLUME $config_dir
ARG username='' ARG username=''
@ -70,6 +72,13 @@ COPY run .
# Allow writing symlinks to build dir # Allow writing symlinks to build dir
RUN chown 102:102 app/static/build RUN chown 102:102 app/static/build
# Create user/group to run as
RUN adduser -D -g $DOCKER_USERID -u $DOCKER_USERID $DOCKER_USER
# Fix ownership / permissions
RUN chown -R ${DOCKER_USER}:${DOCKER_USER} /whoogle /var/lib/tor && \
USER $DOCKER_USER:$DOCKER_USER
EXPOSE $EXPOSE_PORT EXPOSE $EXPOSE_PORT
HEALTHCHECK --interval=30s --timeout=5s \ HEALTHCHECK --interval=30s --timeout=5s \