From f0e734a2cf6a6438de755190ecd59acc65c92b9d Mon Sep 17 00:00:00 2001
From: chandi <git@chandi.it>
Date: Thu, 29 Oct 2020 17:49:34 +0100
Subject: [PATCH] webrtc-sfu: run as a non-root user #27

https://github.com/alangecker/bigbluebutton-docker/issues/27
---
 mod/webrtc-sfu/Dockerfile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/mod/webrtc-sfu/Dockerfile b/mod/webrtc-sfu/Dockerfile
index 918295c..94af0a2 100644
--- a/mod/webrtc-sfu/Dockerfile
+++ b/mod/webrtc-sfu/Dockerfile
@@ -1,6 +1,7 @@
 FROM node:14-alpine
 
-RUN apk update && apk add git
+RUN apk add git \
+    && adduser -D -u 2004 -g webrtc-sfu webrtc-sfu
 
 ADD . app
 
@@ -13,16 +14,17 @@ ENV NODE_ENV production
 # npm ERR! fatal: Not a git repository: ../.git/modules/bbb-webrtc-sfu
 # we simply delete the .git file
 RUN cp config/default.example.yml config/production.yml \
+ && chown -R webrtc-sfu:webrtc-sfu config \
  && rm .git \
  && npm install --unsafe-perm \
  && npm cache clear --force
 
-EXPOSE 3008
 
 # remove automatic IP detection (broken in alpine)
 # and use sh instead of bash
 RUN sed -i 's/CONTAINER_IP=.*/CONTAINER_IP=10.7.7.10/' /app/docker-entrypoint.sh \
     && sed -i 's/bash/sh/' /app/docker-entrypoint.sh
 
+USER webrtc-sfu
 ENTRYPOINT [ "./docker-entrypoint.sh" ]
 CMD [ "npm", "start" ]