webrtc-sfu: run as a non-root user #27

https://github.com/alangecker/bigbluebutton-docker/issues/27

mod/webrtc-sfu/Dockerfile

@@ -1,6 +1,7 @@
 FROM node:14-alpine
 
-RUN apk update && apk add git
+RUN apk add git \
+    && adduser -D -u 2004 -g webrtc-sfu webrtc-sfu
 
 ADD . app
 
@@ -13,16 +14,17 @@ ENV NODE_ENV production
 # npm ERR! fatal: Not a git repository: ../.git/modules/bbb-webrtc-sfu
 # we simply delete the .git file
 RUN cp config/default.example.yml config/production.yml \
+ && chown -R webrtc-sfu:webrtc-sfu config \
  && rm .git \
  && npm install --unsafe-perm \
  && npm cache clear --force
 
-EXPOSE 3008
 
 # remove automatic IP detection (broken in alpine)
 # and use sh instead of bash
 RUN sed -i 's/CONTAINER_IP=.*/CONTAINER_IP=10.7.7.10/' /app/docker-entrypoint.sh \
     && sed -i 's/bash/sh/' /app/docker-entrypoint.sh
 
+USER webrtc-sfu
 ENTRYPOINT [ "./docker-entrypoint.sh" ]
 CMD [ "npm", "start" ]