mirror of
https://gitlab.com/crafty-controller/crafty-4.git
synced 2024-08-30 18:23:09 +00:00
Add final working docker config, root group
This commit is contained in:
parent
876d178daa
commit
c6b3210fdf
37
Dockerfile
37
Dockerfile
@ -7,11 +7,13 @@ LABEL maintainer="Dockerfile created by Zedifus <https://gitlab.com/zedifus>"
|
|||||||
# Security Patch for CVE-2021-44228
|
# Security Patch for CVE-2021-44228
|
||||||
ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true
|
ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true
|
||||||
|
|
||||||
# Install Packages, Dependencies and Setup user
|
# Create non-root user & required dirs
|
||||||
COPY requirements.txt /commander-venv/requirements.txt
|
RUN useradd -M crafty \
|
||||||
RUN groupadd -g "${PGID:-0}" -o crafty \
|
&& mkdir /commander \
|
||||||
&& useradd -g "${PGID:-0}" -u "${PUID:-0}" -o crafty \
|
&& chown -R crafty:root /commander
|
||||||
&& apt-get update \
|
|
||||||
|
# Install required system packages
|
||||||
|
RUN apt-get update \
|
||||||
&& apt-get -y --no-install-recommends install \
|
&& apt-get -y --no-install-recommends install \
|
||||||
gcc \
|
gcc \
|
||||||
python3 \
|
python3 \
|
||||||
@ -25,20 +27,22 @@ RUN groupadd -g "${PGID:-0}" -o crafty \
|
|||||||
openjdk-16-jre-headless \
|
openjdk-16-jre-headless \
|
||||||
openjdk-17-jre-headless \
|
openjdk-17-jre-headless \
|
||||||
&& apt-get autoremove \
|
&& apt-get autoremove \
|
||||||
&& apt-get clean \
|
&& apt-get clean
|
||||||
&& python3 -m venv /commander-venv/ \
|
|
||||||
&& . /commander-venv/bin/activate \
|
|
||||||
&& pip3 install --no-cache-dir --upgrade setuptools==50.3.2 pip==22.0.3 \
|
|
||||||
&& pip3 install --no-cache-dir -r /commander-venv/requirements.txt \
|
|
||||||
&& deactivate \
|
|
||||||
&& chown -R crafty:crafty /commander-venv
|
|
||||||
|
|
||||||
# Copy Source & copy default config from image
|
# Switch to service user for installing crafty deps
|
||||||
COPY ./ /commander
|
USER crafty
|
||||||
WORKDIR /commander
|
WORKDIR /commander
|
||||||
|
COPY --chown=crafty:root requirements.txt ./
|
||||||
|
RUN python3 -m venv ./.venv \
|
||||||
|
&& . .venv/bin/activate \
|
||||||
|
&& pip3 install --no-cache-dir --upgrade setuptools==50.3.2 pip==22.0.3 \
|
||||||
|
&& pip3 install --no-cache-dir -r requirements.txt \
|
||||||
|
&& deactivate
|
||||||
|
|
||||||
|
# Copy Source w/ perms & prepare default config from example
|
||||||
|
COPY --chown=crafty:root ./ ./
|
||||||
RUN mv ./app/config ./app/config_original \
|
RUN mv ./app/config ./app/config_original \
|
||||||
&& mv ./app/config_original/default.json.example ./app/config_original/default.json \
|
&& mv ./app/config_original/default.json.example ./app/config_original/default.json \
|
||||||
&& chown -R crafty:crafty /commander \
|
|
||||||
&& chmod +x ./docker_launcher.sh
|
&& chmod +x ./docker_launcher.sh
|
||||||
|
|
||||||
# Expose Web Interface port & Server port range
|
# Expose Web Interface port & Server port range
|
||||||
@ -47,7 +51,6 @@ EXPOSE 8443
|
|||||||
EXPOSE 19132
|
EXPOSE 19132
|
||||||
EXPOSE 25500-25600
|
EXPOSE 25500-25600
|
||||||
|
|
||||||
# Start Crafty Commander through wrapper as crafty
|
# Start Crafty Commander through wrapper
|
||||||
USER crafty
|
|
||||||
ENTRYPOINT ["/commander/docker_launcher.sh"]
|
ENTRYPOINT ["/commander/docker_launcher.sh"]
|
||||||
CMD ["-v", "-d", "-i"]
|
CMD ["-v", "-d", "-i"]
|
||||||
|
@ -5,8 +5,6 @@ services:
|
|||||||
container_name: crafty_commander
|
container_name: crafty_commander
|
||||||
image: registry.gitlab.com/crafty-controller/crafty-commander:latest
|
image: registry.gitlab.com/crafty-controller/crafty-commander:latest
|
||||||
environment:
|
environment:
|
||||||
- PGID=0
|
|
||||||
- PUID=0
|
|
||||||
- TZ=Etc/UTC
|
- TZ=Etc/UTC
|
||||||
ports:
|
ports:
|
||||||
- "8000:8000" # HTTP
|
- "8000:8000" # HTTP
|
||||||
|
@ -5,8 +5,6 @@ services:
|
|||||||
container_name: crafty_commander
|
container_name: crafty_commander
|
||||||
build: ..
|
build: ..
|
||||||
environment:
|
environment:
|
||||||
- PGID=0
|
|
||||||
- PUID=0
|
|
||||||
- TZ=Etc/UTC
|
- TZ=Etc/UTC
|
||||||
ports:
|
ports:
|
||||||
- "8000:8000" # HTTP
|
- "8000:8000" # HTTP
|
||||||
|
@ -6,15 +6,6 @@ if [ ! "$(ls -A ./app/config)" ]; then
|
|||||||
cp -r ./app/config_original/* ./app/config/
|
cp -r ./app/config_original/* ./app/config/
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Set user/group permissions to env or default to image root
|
|
||||||
groupmod -g "${PGID}" -o crafty
|
|
||||||
sed -i -E "s/^(crafty:x):[0-9]+:[0-9]+:(.*)/\\1:$PUID:$PGID:\\2/" /etc/passwd
|
|
||||||
|
|
||||||
# Apply new permissions taken from env over working dirs
|
|
||||||
chown -R crafty:crafty \
|
|
||||||
/commander/ \
|
|
||||||
/commander-venv/
|
|
||||||
|
|
||||||
# Activate our prepared venv and launch crafty with provided args
|
# Activate our prepared venv and launch crafty with provided args
|
||||||
. /commander-venv/bin/activate
|
. .venv/bin/activate
|
||||||
exec python3 main.py $@
|
exec python3 main.py $@
|
||||||
|
Loading…
Reference in New Issue
Block a user