yusiboyz/platform
1
0
Fork 0
Code Issues 4 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix: deployment hardening — non-root containers and health checks (#10)

Browse Source 
- Gateway, Trips, Fitness Dockerfiles: run as non-root (appuser)
- Added HEALTHCHECK to gateway, trips, fitness
- Used --chown=appuser on COPY for correct file permissions
- Created data dirs with proper ownership before USER switch
- Trips Dockerfile no longer copies whole context (only server.py)

Partial fix for #10 — Node services (inventory, budget, frontend) not yet hardened.
This commit is contained in:
Yusuf Suleman
2026-03-29 09:18:42 -05:00
parent 14c667bd5e
commit 0ed8f1f83e
3 changed files with 19 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
gateway/Dockerfile
View File

@@ -1,8 +1,12 @@
FROM python:3.12-slim
WORKDIR /app
RUN pip install bcrypt
COPY server.py config.py database.py sessions.py proxy.py responses.py auth.py dashboard.py command.py ./
COPY integrations/ ./integrations/
RUN pip install --no-cache-dir bcrypt
RUN adduser --disabled-password --no-create-home appuser
RUN mkdir -p /app/data && chown -R appuser /app/data
COPY --chown=appuser server.py config.py database.py sessions.py proxy.py responses.py auth.py dashboard.py command.py ./
COPY --chown=appuser integrations/ ./integrations/
EXPOSE 8100
ENV PYTHONUNBUFFERED=1
HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD python3 -c "import urllib.request; urllib.request.urlopen('http://localhost:8100/api/health', timeout=3)" || exit 1
USER appuser
CMD ["python3", "server.py"]

8
services/fitness/Dockerfile.backend
View File

@@ -1,7 +1,11 @@
FROM python:3.12-slim
WORKDIR /app
RUN pip install bcrypt
COPY server.py .
RUN pip install --no-cache-dir bcrypt
RUN adduser --disabled-password --no-create-home appuser
RUN mkdir -p /app/data/images && chown -R appuser /app/data
COPY --chown=appuser server.py .
EXPOSE 8095
ENV PYTHONUNBUFFERED=1
HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD python3 -c "import urllib.request; urllib.request.urlopen('http://localhost:8095/api/health', timeout=3)" || exit 1
USER appuser
CMD ["python3", "server.py"]

12
services/trips/Dockerfile
View File

@@ -1,11 +1,11 @@
FROM python:3.12-slim
WORKDIR /app
ENV PYTHONUNBUFFERED=1
RUN pip install --no-cache-dir PyPDF2 bcrypt
COPY . .
RUN adduser --disabled-password --no-create-home appuser
RUN mkdir -p /app/data/images && chown -R appuser /app/data
COPY --chown=appuser server.py .
EXPOSE 8087
HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD python3 -c "import urllib.request; urllib.request.urlopen('http://localhost:8087/api/health', timeout=3)" || exit 1
USER appuser
CMD ["python3", "server.py"]