Add final working docker config, root group

This commit is contained in:
Zedifus 2022-03-02 05:16:45 +00:00
parent 876d178daa
commit c6b3210fdf
4 changed files with 21 additions and 31 deletions

View File

@ -7,11 +7,13 @@ LABEL maintainer="Dockerfile created by Zedifus <https://gitlab.com/zedifus>"
# Security Patch for CVE-2021-44228 # Security Patch for CVE-2021-44228
ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true
# Install Packages, Dependencies and Setup user # Create non-root user & required dirs
COPY requirements.txt /commander-venv/requirements.txt RUN useradd -M crafty \
RUN groupadd -g "${PGID:-0}" -o crafty \ && mkdir /commander \
&& useradd -g "${PGID:-0}" -u "${PUID:-0}" -o crafty \ && chown -R crafty:root /commander
&& apt-get update \
# Install required system packages
RUN apt-get update \
&& apt-get -y --no-install-recommends install \ && apt-get -y --no-install-recommends install \
gcc \ gcc \
python3 \ python3 \
@ -25,20 +27,22 @@ RUN groupadd -g "${PGID:-0}" -o crafty \
openjdk-16-jre-headless \ openjdk-16-jre-headless \
openjdk-17-jre-headless \ openjdk-17-jre-headless \
&& apt-get autoremove \ && apt-get autoremove \
&& apt-get clean \ && apt-get clean
&& python3 -m venv /commander-venv/ \
&& . /commander-venv/bin/activate \
&& pip3 install --no-cache-dir --upgrade setuptools==50.3.2 pip==22.0.3 \
&& pip3 install --no-cache-dir -r /commander-venv/requirements.txt \
&& deactivate \
&& chown -R crafty:crafty /commander-venv
# Copy Source & copy default config from image # Switch to service user for installing crafty deps
COPY ./ /commander USER crafty
WORKDIR /commander WORKDIR /commander
COPY --chown=crafty:root requirements.txt ./
RUN python3 -m venv ./.venv \
&& . .venv/bin/activate \
&& pip3 install --no-cache-dir --upgrade setuptools==50.3.2 pip==22.0.3 \
&& pip3 install --no-cache-dir -r requirements.txt \
&& deactivate
# Copy Source w/ perms & prepare default config from example
COPY --chown=crafty:root ./ ./
RUN mv ./app/config ./app/config_original \ RUN mv ./app/config ./app/config_original \
&& mv ./app/config_original/default.json.example ./app/config_original/default.json \ && mv ./app/config_original/default.json.example ./app/config_original/default.json \
&& chown -R crafty:crafty /commander \
&& chmod +x ./docker_launcher.sh && chmod +x ./docker_launcher.sh
# Expose Web Interface port & Server port range # Expose Web Interface port & Server port range
@ -47,7 +51,6 @@ EXPOSE 8443
EXPOSE 19132 EXPOSE 19132
EXPOSE 25500-25600 EXPOSE 25500-25600
# Start Crafty Commander through wrapper as crafty # Start Crafty Commander through wrapper
USER crafty
ENTRYPOINT ["/commander/docker_launcher.sh"] ENTRYPOINT ["/commander/docker_launcher.sh"]
CMD ["-v", "-d", "-i"] CMD ["-v", "-d", "-i"]

View File

@ -5,8 +5,6 @@ services:
container_name: crafty_commander container_name: crafty_commander
image: registry.gitlab.com/crafty-controller/crafty-commander:latest image: registry.gitlab.com/crafty-controller/crafty-commander:latest
environment: environment:
- PGID=0
- PUID=0
- TZ=Etc/UTC - TZ=Etc/UTC
ports: ports:
- "8000:8000" # HTTP - "8000:8000" # HTTP

View File

@ -5,8 +5,6 @@ services:
container_name: crafty_commander container_name: crafty_commander
build: .. build: ..
environment: environment:
- PGID=0
- PUID=0
- TZ=Etc/UTC - TZ=Etc/UTC
ports: ports:
- "8000:8000" # HTTP - "8000:8000" # HTTP

View File

@ -6,15 +6,6 @@ if [ ! "$(ls -A ./app/config)" ]; then
cp -r ./app/config_original/* ./app/config/ cp -r ./app/config_original/* ./app/config/
fi fi
# Set user/group permissions to env or default to image root
groupmod -g "${PGID}" -o crafty
sed -i -E "s/^(crafty:x):[0-9]+:[0-9]+:(.*)/\\1:$PUID:$PGID:\\2/" /etc/passwd
# Apply new permissions taken from env over working dirs
chown -R crafty:crafty \
/commander/ \
/commander-venv/
# Activate our prepared venv and launch crafty with provided args # Activate our prepared venv and launch crafty with provided args
. /commander-venv/bin/activate . .venv/bin/activate
exec python3 main.py $@ exec python3 main.py $@