borg/drone-detector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix jwt-token

Browse Source
This commit is contained in:
Alexander Borg
2025-09-20 06:28:24 +02:00
parent 04d15485bf
commit aa886599c6
2 changed files with 33 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
server/Dockerfile
View File

@@ -20,23 +20,35 @@ RUN npm install --only=production && \
npm cache clean --force npm cache clean --force
# Copy application code # Copy application code
COPY . . # Copy application code
COPY --chown=nodejs:nodejs . .
# Create logs directory # Copy and set permissions for entrypoint script
RUN mkdir -p logs COPY docker-entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
# Create uploads directory for logos # Install su-exec for user switching
RUN mkdir -p uploads/logos RUN apk add --no-cache su-exec
# Create logs and uploads directories
RUN mkdir -p logs uploads/logos
# Create non-root user # Create non-root user
RUN addgroup -g 1001 -S nodejs && \ RUN addgroup -g 1001 -S nodejs && \
adduser -S nodejs -u 1001 adduser -S nodejs -u 1001
# Set ownership # Set ownership of all app files including uploads
RUN chown -R nodejs:nodejs /app RUN chown -R nodejs:nodejs /app
# Switch to non-root user # Ensure uploads directory has proper permissions
USER nodejs RUN chmod -R 755 /app/uploads
# Copy and set permissions for entrypoint script
COPY docker-entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
# Stay as root for the entrypoint (it will switch to nodejs user)
# USER nodejs (commented out - entrypoint will handle user switching)
# Expose port # Expose port
EXPOSE 3001 EXPOSE 3001
@@ -45,8 +57,8 @@ EXPOSE 3001
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \ HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD curl -f http://localhost:3001/api/health || exit 1 CMD curl -f http://localhost:3001/api/health || exit 1
# Use dumb-init to handle signals properly # Use custom entrypoint that handles permissions and user switching
ENTRYPOINT ["dumb-init", "--"] ENTRYPOINT ["docker-entrypoint.sh"]
# Start the application # Start the application
CMD ["npm", "start"] CMD ["npm", "start"]

11
server/docker-entrypoint.sh Normal file
View File

@@ -0,0 +1,11 @@
#!/bin/sh
# This script runs as root to set up permissions, then switches to nodejs user
# Ensure uploads directory exists and has correct permissions
mkdir -p /app/uploads/logos
chown -R nodejs:nodejs /app/uploads
chmod -R 755 /app/uploads
# Switch to nodejs user and execute the command with dumb-init for signal handling
exec su-exec nodejs dumb-init -- "$@"