Mirrors/mealie
1
0
Fork 0
mirror of https://github.com/mealie-recipes/mealie.git synced 2026-01-25 18:13:11 -05:00
Code Issues Packages Projects Releases Wiki Activity

Docker/run as nonroot (#692)

Browse Source 
* changed python base image to 3.9.6

* bumped poetry version to 1.1.7

* user creation based on env variable PGID and PUID with default as PUID/PGID= 911

* App exposes APP_PORT=80 as env variable

* Removed user mod and handled it in docker image.

* moved scheduler.db to /app/temp dir

* set app default port to 80 if envvariable null

* Changed application port to env variable with default as 80

* Created sch. direcotry as part of image creation

* minor logging improvements.

* removed docker target

* cleanup

* fixed port

* fixed port

* fixed port

* removed volume specification

* fixing code quality warnings

* fixing code quality warnings

* fixing code quality warnings

* bumped versions to fix vulnerabilities

* corrected port

* bumped uvicorn version to fix vulnerabilities

* minor fix

* added sticky permissions

* adding port change info to docs

* adding port change info to docs

* adding port change info to docs

* improved formatting

* docs updated

* added docker port change warning
This commit is contained in:
Usman Masood
2021-10-02 21:35:16 +02:00
committed by GitHub
parent 66fdd6c428
commit 19aa572bd8
7 changed files with 39 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
Dockerfile
View File

@@ -11,7 +11,7 @@ RUN npm run build
###############################################
# Base Image
###############################################
FROM python:3.9-slim as python-base
FROM python:3.9.6-slim as python-base
ENV MEALIE_HOME="/app"
@@ -29,9 +29,12 @@ ENV PYTHONUNBUFFERED=1 \
# prepend poetry and venv to path
ENV PATH="$POETRY_HOME/bin:$VENV_PATH/bin:$PATH"
# create user account
RUN useradd -u 911 -U -d $MEALIE_HOME -s /bin/bash abc \
&& usermod -G users abc \
ENV PUID=911 \
PGID=911
# create user account with default group
RUN groupadd -g $PGID mealie \
&& useradd -l -u $PUID -g $PGID -d $MEALIE_HOME -s /bin/bash mealie \
&& mkdir $MEALIE_HOME
###############################################
@@ -56,7 +59,7 @@ RUN apt-get update \
&& pip install -U --no-cache-dir pip
# install poetry - respects $POETRY_VERSION & $POETRY_HOME
ENV POETRY_VERSION=1.1.6
ENV POETRY_VERSION=1.1.7
RUN curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/install-poetry.py | python -
# copy project requirement files here to ensure they will be cached.
@@ -96,6 +99,7 @@ ENTRYPOINT $MEALIE_HOME/mealie/run.sh "reload"
###############################################
FROM python-base as production
ENV PRODUCTION=true
ARG DEBIAN_FRONTEND=noninteractive
# curl for used by healthcheck
RUN apt-get update \
@@ -129,12 +133,20 @@ COPY --from=frontend-build /app/dist $MEALIE_HOME/dist
COPY ./dev/data/templates $MEALIE_HOME/data/templates
COPY ./Caddyfile $MEALIE_HOME
RUN mkdir $MEALIE_HOME/temp \
&& id -u mealie | xargs -I{} chown -R {}:{} $MEALIE_HOME
USER $PUID:$PGID
VOLUME [ "$MEALIE_HOME/data/" ]
ENV APP_PORT=80
RUN chmod 755 "$MEALIE_HOME/data/" \
&& chmod g+s "$MEALIE_HOME/data/"
WORKDIR /app
ENV APP_PORT=9080
EXPOSE ${APP_PORT}
HEALTHCHECK CMD curl -fs http://localhost:${APP_PORT} || exit 1
RUN chmod +x $MEALIE_HOME/mealie/run.sh
ENTRYPOINT $MEALIE_HOME/mealie/run.sh
RUN chmod +x mealie/run.sh
ENTRYPOINT mealie/run.sh