mirror of
https://github.com/knadh/listmonk.git
synced 2024-09-20 07:16:33 +08:00
Add support for running Docker container as non-root user using docker-entrypoint.sh (#1892)
* Enabling the usage of non root user in Docker * Added docker-entrypoint.sh to .goreleaser.yml * Renamed UID to PUID and GID to PGID
This commit is contained in:
parent
888e33e5e3
commit
821b43d74f
|
@ -63,6 +63,7 @@ dockers:
|
||||||
extra_files:
|
extra_files:
|
||||||
- config.toml.sample
|
- config.toml.sample
|
||||||
- config-demo.toml
|
- config-demo.toml
|
||||||
|
- docker-entrypoint.sh
|
||||||
- use: buildx
|
- use: buildx
|
||||||
goos: linux
|
goos: linux
|
||||||
goarch: arm64
|
goarch: arm64
|
||||||
|
@ -87,6 +88,7 @@ dockers:
|
||||||
extra_files:
|
extra_files:
|
||||||
- config.toml.sample
|
- config.toml.sample
|
||||||
- config-demo.toml
|
- config-demo.toml
|
||||||
|
- docker-entrypoint.sh
|
||||||
- use: buildx
|
- use: buildx
|
||||||
goos: linux
|
goos: linux
|
||||||
goarch: arm
|
goarch: arm
|
||||||
|
@ -112,6 +114,7 @@ dockers:
|
||||||
extra_files:
|
extra_files:
|
||||||
- config.toml.sample
|
- config.toml.sample
|
||||||
- config-demo.toml
|
- config-demo.toml
|
||||||
|
- docker-entrypoint.sh
|
||||||
- use: buildx
|
- use: buildx
|
||||||
goos: linux
|
goos: linux
|
||||||
goarch: arm
|
goarch: arm
|
||||||
|
@ -137,6 +140,7 @@ dockers:
|
||||||
extra_files:
|
extra_files:
|
||||||
- config.toml.sample
|
- config.toml.sample
|
||||||
- config-demo.toml
|
- config-demo.toml
|
||||||
|
- docker-entrypoint.sh
|
||||||
|
|
||||||
docker_manifests:
|
docker_manifests:
|
||||||
- name_template: "{{ .Env.DOCKER_ORG }}/{{ .ProjectName }}:latest"
|
- name_template: "{{ .Env.DOCKER_ORG }}/{{ .ProjectName }}:latest"
|
||||||
|
|
23
Dockerfile
23
Dockerfile
|
@ -1,8 +1,27 @@
|
||||||
FROM --platform=$BUILDPLATFORM alpine:latest
|
FROM --platform=$BUILDPLATFORM alpine:latest
|
||||||
RUN apk --no-cache add ca-certificates tzdata
|
|
||||||
|
# Install dependencies
|
||||||
|
RUN apk --no-cache add ca-certificates tzdata shadow su-exec
|
||||||
|
|
||||||
|
# Set the working directory
|
||||||
WORKDIR /listmonk
|
WORKDIR /listmonk
|
||||||
|
|
||||||
|
# Copy only the necessary files
|
||||||
COPY listmonk .
|
COPY listmonk .
|
||||||
COPY config.toml.sample config.toml
|
COPY config.toml.sample config.toml
|
||||||
COPY config-demo.toml .
|
COPY config-demo.toml .
|
||||||
CMD ["./listmonk"]
|
|
||||||
|
# Copy the entrypoint script
|
||||||
|
COPY docker-entrypoint.sh /usr/local/bin/
|
||||||
|
|
||||||
|
# Make the entrypoint script executable
|
||||||
|
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
|
||||||
|
|
||||||
|
# Expose the application port
|
||||||
EXPOSE 9000
|
EXPOSE 9000
|
||||||
|
|
||||||
|
# Set the entrypoint
|
||||||
|
ENTRYPOINT ["docker-entrypoint.sh"]
|
||||||
|
|
||||||
|
# Define the command to run the application
|
||||||
|
CMD ["./listmonk"]
|
||||||
|
|
48
docker-entrypoint.sh
Normal file
48
docker-entrypoint.sh
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
export PUID=${PUID:-0}
|
||||||
|
export PGID=${PGID:-0}
|
||||||
|
export GROUP_NAME="app"
|
||||||
|
export USER_NAME="app"
|
||||||
|
|
||||||
|
# This function evaluates if the supplied PGID is already in use
|
||||||
|
# if it is not in use, it creates the group with the PGID
|
||||||
|
# if it is in use, it sets the GROUP_NAME to the existing group
|
||||||
|
create_group() {
|
||||||
|
if ! getent group ${PGID} > /dev/null 2>&1; then
|
||||||
|
addgroup -g ${PGID} ${GROUP_NAME}
|
||||||
|
else
|
||||||
|
existing_group=$(getent group ${PGID} | cut -d: -f1)
|
||||||
|
export GROUP_NAME=${existing_group}
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# This function evaluates if the supplied PUID is already in use
|
||||||
|
# if it is not in use, it creates the user with the PUID and PGID
|
||||||
|
create_user() {
|
||||||
|
if ! getent passwd ${PUID} > /dev/null 2>&1; then
|
||||||
|
adduser -u ${PUID} -G ${GROUP_NAME} -s /bin/sh -D ${USER_NAME}
|
||||||
|
else
|
||||||
|
existing_user=$(getent passwd ${PUID} | cut -d: -f1)
|
||||||
|
export USER_NAME=${existing_user}
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Run the needed functions to create the user and group
|
||||||
|
create_group
|
||||||
|
create_user
|
||||||
|
|
||||||
|
# Set the ownership of the app directory to the app user
|
||||||
|
chown -R ${PUID}:${PGID} /listmonk
|
||||||
|
|
||||||
|
echo "Launching listmonk with user=[${USER_NAME}] group=[${GROUP_NAME}] PUID=[${PUID}] PGID=[${PGID}]"
|
||||||
|
|
||||||
|
# If running as root and PUID is not 0, then execute command as PUID
|
||||||
|
# this allows us to run the container as a non-root user
|
||||||
|
if [ "$(id -u)" = "0" ] && [ "${PUID}" != "0" ]; then
|
||||||
|
su-exec ${PUID}:${PGID} "$@"
|
||||||
|
else
|
||||||
|
exec "$@"
|
||||||
|
fi
|
Loading…
Reference in a new issue