From 21fea91d23670002ddfafb3498b680933267e2e0 Mon Sep 17 00:00:00 2001 From: Wen Date: Sat, 11 Apr 2026 01:29:45 -0400 Subject: [PATCH] fix(docker): chown runtime files to nextjs user in web image public/ is mode 750 locally, so COPY into the runner stage landed files as root and the nextjs user fell under other perms, causing EACCES on scandir at startup. Add --chown=nextjs:nodejs to the standalone/static/public COPYs. --- Dockerfile.web | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile.web b/Dockerfile.web index 28efaf4a7..dcad66206 100644 --- a/Dockerfile.web +++ b/Dockerfile.web @@ -54,11 +54,11 @@ RUN addgroup --system --gid 1001 nodejs && \ adduser --system --uid 1001 nextjs # Copy standalone output (includes traced node_modules) -COPY --from=builder /app/apps/web/.next/standalone ./ +COPY --from=builder --chown=nextjs:nodejs /app/apps/web/.next/standalone ./ # Copy static files (not included in standalone) -COPY --from=builder /app/apps/web/.next/static ./apps/web/.next/static +COPY --from=builder --chown=nextjs:nodejs /app/apps/web/.next/static ./apps/web/.next/static # Copy public assets -COPY --from=builder /app/apps/web/public ./apps/web/public +COPY --from=builder --chown=nextjs:nodejs /app/apps/web/public ./apps/web/public USER nextjs