Run Dockerfile as non-root user

2025-03-17 21:31:55 +01:00 · 2021-02-19 21:49:05 +07:00 · 2021-02-19 21:49:05 +07:00 · 02a8b86168
commit 02a8b86168
parent 042052e4e5
1 changed files with 6 additions and 3 deletions
--- a/9
+++ b/9
@ -23,9 +23,12 @@ RUN pip install lndgrpc purerpc
 # Production image
 FROM python:3.7-slim as lnbits

+# Run as non-root
+USER 1000:1000
+
 # Copy over virtualenv
 ENV VIRTUAL_ENV="/opt/venv"
-COPY --from=builder $VIRTUAL_ENV $VIRTUAL_ENV
+COPY --from=builder --chown=1000:1000 $VIRTUAL_ENV $VIRTUAL_ENV
 ENV PATH="$VIRTUAL_ENV/bin:$PATH"

 # Setup Quart
@ -38,8 +41,8 @@ ENV LNBITS_BIND="0.0.0.0:5000"

 # Copy in app source
 WORKDIR /app
-COPY lnbits /app/lnbits
+COPY --chown=1000:1000 lnbits /app/lnbits

 EXPOSE 5000

-CMD quart assets && quart migrate && hypercorn -k trio --bind $LNBITS_BIND 'lnbits.app:create_app()'
+CMD quart assets && quart migrate && hypercorn -k trio --bind $LNBITS_BIND 'lnbits.app:create_app()'