0ed8f1f83e
- Gateway, Trips, Fitness Dockerfiles: run as non-root (appuser) - Added HEALTHCHECK to gateway, trips, fitness - Used --chown=appuser on COPY for correct file permissions - Created data dirs with proper ownership before USER switch - Trips Dockerfile no longer copies whole context (only server.py) Partial fix for #10 — Node services (inventory, budget, frontend) not yet hardened.
13 lines
605 B
Docker
13 lines
605 B
Docker
FROM python:3.12-slim
|
|
WORKDIR /app
|
|
RUN pip install --no-cache-dir bcrypt
|
|
RUN adduser --disabled-password --no-create-home appuser
|
|
RUN mkdir -p /app/data && chown -R appuser /app/data
|
|
COPY --chown=appuser server.py config.py database.py sessions.py proxy.py responses.py auth.py dashboard.py command.py ./
|
|
COPY --chown=appuser integrations/ ./integrations/
|
|
EXPOSE 8100
|
|
ENV PYTHONUNBUFFERED=1
|
|
HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD python3 -c "import urllib.request; urllib.request.urlopen('http://localhost:8100/api/health', timeout=3)" || exit 1
|
|
USER appuser
|
|
CMD ["python3", "server.py"]
|