MrUnknownDE/unknownbin
1
0
Fork 0
mirror of https://github.com/MrUnknownDE/unknownbin.git synced 2026-04-19 14:23:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add entrypoint to fix volume permissions at runtime

Browse Source
This commit is contained in:
MrUnknownDE
2025-10-13 18:49:38 +02:00
parent 632ef4c812
commit 69ca3de2d1
2 changed files with 29 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
Dockerfile
View File

@@ -30,26 +30,32 @@ RUN npm run build
# This is the final, lean image that will be run # This is the final, lean image that will be run
FROM base AS production FROM base AS production
# Set a non-root user for security # Install 'su-exec' which is a lightweight tool for switching users
RUN apk add --no-cache su-exec
# Create a non-root user and group for security
RUN addgroup -S appgroup && adduser -S appuser -G appgroup RUN addgroup -S appgroup && adduser -S appuser -G appgroup
# Copy only the necessary files from the previous stages # Copy application files from the build stage
COPY --from=build /usr/src/app/node_modules ./node_modules COPY --from=build /usr/src/app/node_modules ./node_modules
COPY --from=build /usr/src/app/views ./views COPY --from=build /usr/src/app/views ./views
COPY --from=build /usr/src/app/static ./static COPY --from=build /usr/src/app/static ./static
COPY --from=build /usr/src/app/lib ./lib COPY --from=build /usr/src/app/lib ./lib
COPY --from=build /usr/src/app/server.js . COPY --from=build /usr/src/app/server.js .
COPY --from=build /usr/src/app/config.json . COPY --from=build /usr/src/app/config.json .
COPY --from=build /usr/src/app/entrypoint.sh /usr/local/bin/entrypoint.sh
# Create the data directory and set correct permissions # Ensure the entrypoint script is executable
# This is the FIX for the EACCES error RUN chmod +x /usr/local/bin/entrypoint.sh
RUN mkdir -p data && chown -R appuser:appgroup .
# Switch to the non-root user # Create the data directory. The entrypoint will fix its permissions at runtime.
USER appuser RUN mkdir -p data
# Set the entrypoint to our script
ENTRYPOINT ["entrypoint.sh"]
# Expose the port the app runs on # Expose the port the app runs on
EXPOSE 8080 EXPOSE 8080
# The command to start the application # The default command to start the application. This gets passed to the entrypoint.
CMD [ "node", "server.js" ] CMD [ "node", "server.js" ]

15
entrypoint.sh Normal file
View File

@@ -0,0 +1,15 @@
#!/bin/sh
# This script ensures that the 'data' directory is owned by the 'appuser'
# before the main application starts. This is crucial when using Docker volumes,
# as the mounted directory from the host will be owned by root inside the container.
# Set the ownership of the data directory to the non-root user.
# The '-R' flag makes it recursive.
chown -R appuser:appgroup /usr/src/app/data
# Execute the main command (passed as arguments to this script)
# as the non-root user 'appuser'.
# 'su-exec' is a lightweight tool to switch users.
# "$@" passes all arguments from the CMD line.
exec su-exec appuser "$@"