Run as non-root user

This commit is contained in:
Cédrik LIME 2019-04-17 18:24:24 +02:00
parent b453d9f41d
commit 58868b75af
2 changed files with 19 additions and 5 deletions

View File

@ -11,14 +11,21 @@ FROM alpine:latest
LABEL maintainer="AdGuard Team <devteam@adguard.com>"
# Update CA certs
RUN apk --no-cache --update add ca-certificates && \
rm -rf /var/cache/apk/* && mkdir -p /opt/adguardhome
RUN apk --no-cache --update add ca-certificates libcap && \
rm -rf /var/cache/apk/* && mkdir -p /opt/adguardhome/conf /opt/adguardhome/work
COPY --from=build /src/AdGuardHome/AdGuardHome /opt/adguardhome/AdGuardHome
RUN chown -R nobody: /opt/adguardhome \
&& setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome
EXPOSE 53/tcp 53/udp 67/tcp 67/udp 68/tcp 68/udp 80/tcp 443/tcp 853/tcp 853/udp 3000/tcp
VOLUME ["/opt/adguardhome/conf", "/opt/adguardhome/work"]
WORKDIR /opt/adguardhome/work
USER nobody
ENTRYPOINT ["/opt/adguardhome/AdGuardHome"]
CMD ["-c", "/opt/adguardhome/conf/AdGuardHome.yaml", "-w", "/opt/adguardhome/work"]

View File

@ -2,15 +2,22 @@ FROM alpine:latest
LABEL maintainer="AdGuard Team <devteam@adguard.com>"
# Update CA certs
RUN apk --no-cache --update add ca-certificates && \
rm -rf /var/cache/apk/* && mkdir -p /opt/adguardhome
RUN apk --no-cache --update add ca-certificates libcap && \
rm -rf /var/cache/apk/* && mkdir -p /opt/adguardhome/conf /opt/adguardhome/work
COPY ./AdGuardHome /opt/adguardhome/AdGuardHome
RUN chown -R nobody: /opt/adguardhome \
&& setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome
EXPOSE 53/tcp 53/udp 67/tcp 67/udp 68/tcp 68/udp 80/tcp 443/tcp 853/tcp 853/udp 3000/tcp
VOLUME ["/opt/adguardhome/conf", "/opt/adguardhome/work"]
WORKDIR /opt/adguardhome/work
USER nobody
ENTRYPOINT ["/opt/adguardhome/AdGuardHome"]
CMD ["-h", "0.0.0.0", "-c", "/opt/adguardhome/conf/AdGuardHome.yaml", "-w", "/opt/adguardhome/work"]