fix(docker): configurable pgid and puid, tiny init
This commit is contained in:
@ -35,11 +35,7 @@ ENV PUID=1000
|
|||||||
ENV PGID=1000
|
ENV PGID=1000
|
||||||
|
|
||||||
# Install runtime dependencies.
|
# Install runtime dependencies.
|
||||||
RUN apk add --no-cache ca-certificates tzdata su-exec busybox
|
RUN apk add --no-cache ca-certificates tzdata su-exec busybox tini
|
||||||
|
|
||||||
# Create a non-root user and group for the application to run as
|
|
||||||
RUN addgroup -S -g ${PGID} app && \
|
|
||||||
adduser -S -u ${PUID} -G app -h /app app
|
|
||||||
|
|
||||||
# Copy the compiled binary from the builder stage
|
# Copy the compiled binary from the builder stage
|
||||||
COPY --from=builder /app/target/release/sbrs /usr/local/bin/sbrs
|
COPY --from=builder /app/target/release/sbrs /usr/local/bin/sbrs
|
||||||
@ -48,9 +44,8 @@ COPY --from=builder /app/target/release/sbrs /usr/local/bin/sbrs
|
|||||||
COPY ./docker/entrypoint.sh /usr/local/bin/entrypoint.sh
|
COPY ./docker/entrypoint.sh /usr/local/bin/entrypoint.sh
|
||||||
RUN chmod +x /usr/local/bin/entrypoint.sh
|
RUN chmod +x /usr/local/bin/entrypoint.sh
|
||||||
|
|
||||||
# Create necessary directories and set ownership for volumes
|
# Create necessary directories for volumes
|
||||||
RUN mkdir -p /config /rules && \
|
RUN mkdir -p /config /rules
|
||||||
chown -R app:app /config /rules
|
|
||||||
|
|
||||||
# Set the entrypoint for the container
|
# Set the entrypoint for the container
|
||||||
ENTRYPOINT ["entrypoint.sh"]
|
ENTRYPOINT ["/sbin/tini", "--", "entrypoint.sh"]
|
||||||
@ -3,9 +3,31 @@
|
|||||||
set -e
|
set -e
|
||||||
|
|
||||||
# --- Environment Variable Defaults ---
|
# --- Environment Variable Defaults ---
|
||||||
|
PUID=${PUID:-1000}
|
||||||
|
PGID=${PGID:-1000}
|
||||||
|
|
||||||
DOMAIN=${DOMAIN:-}
|
DOMAIN=${DOMAIN:-}
|
||||||
RULE_PATH=${RULE_PATH:-}
|
RULE_PATH=${RULE_PATH:-}
|
||||||
|
|
||||||
|
|
||||||
|
# --- Create user and group at runtime ---
|
||||||
|
echo "Creating user and group with PUID=${PUID} and PGID=${PGID}"
|
||||||
|
|
||||||
|
# Remove existing user/group if they exist
|
||||||
|
if getent group app > /dev/null 2>&1; then
|
||||||
|
delgroup app 2>/dev/null || true
|
||||||
|
fi
|
||||||
|
if getent passwd app > /dev/null 2>&1; then
|
||||||
|
deluser app 2>/dev/null || true
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create new group and user with runtime PUID/PGID
|
||||||
|
addgroup -S -g ${PGID} app
|
||||||
|
adduser -S -u ${PUID} -G app -h /app app
|
||||||
|
|
||||||
|
# Set ownership of directories
|
||||||
|
chown -R app:app /config /rules
|
||||||
|
|
||||||
# --- Build the Command ---
|
# --- Build the Command ---
|
||||||
# This command is now used for both the initial run and the cron job.
|
# This command is now used for both the initial run and the cron job.
|
||||||
APP_CMD="/usr/local/bin/sbrs \
|
APP_CMD="/usr/local/bin/sbrs \
|
||||||
@ -31,9 +53,8 @@ echo "--- Running initial synchronization on container start ---"
|
|||||||
# We run it as the non-root 'app' user to ensure correct file permissions.
|
# We run it as the non-root 'app' user to ensure correct file permissions.
|
||||||
su-exec app:app sh -c "${APP_CMD}"
|
su-exec app:app sh -c "${APP_CMD}"
|
||||||
echo "--- Initial synchronization finished ---"
|
echo "--- Initial synchronization finished ---"
|
||||||
|
|
||||||
# ===================================================================
|
# ===================================================================
|
||||||
|
|
||||||
|
|
||||||
# --- Cron Setup ---
|
# --- Cron Setup ---
|
||||||
# This section runs after the initial sync is complete.
|
# This section runs after the initial sync is complete.
|
||||||
echo "Setting up cron job with schedule: ${CRON_SCHEDULE}"
|
echo "Setting up cron job with schedule: ${CRON_SCHEDULE}"
|
||||||
|
|||||||
Reference in New Issue
Block a user