webrtc-sfu: run as a non-root user #27

https://github.com/alangecker/bigbluebutton-docker/issues/27
This commit is contained in:
chandi 2020-10-29 17:49:34 +01:00
parent d69de30c9d
commit f0e734a2cf

View File

@ -1,6 +1,7 @@
FROM node:14-alpine
RUN apk update && apk add git
RUN apk add git \
&& adduser -D -u 2004 -g webrtc-sfu webrtc-sfu
ADD . app
@ -13,16 +14,17 @@ ENV NODE_ENV production
# npm ERR! fatal: Not a git repository: ../.git/modules/bbb-webrtc-sfu
# we simply delete the .git file
RUN cp config/default.example.yml config/production.yml \
&& chown -R webrtc-sfu:webrtc-sfu config \
&& rm .git \
&& npm install --unsafe-perm \
&& npm cache clear --force
EXPOSE 3008
# remove automatic IP detection (broken in alpine)
# and use sh instead of bash
RUN sed -i 's/CONTAINER_IP=.*/CONTAINER_IP=10.7.7.10/' /app/docker-entrypoint.sh \
&& sed -i 's/bash/sh/' /app/docker-entrypoint.sh
USER webrtc-sfu
ENTRYPOINT [ "./docker-entrypoint.sh" ]
CMD [ "npm", "start" ]