SilverLABS/littleshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security-and-docker-fixes

Browse Source
This commit is contained in:
sysadmin 2025-09-29 06:23:52 +01:00
parent ec894ba529
commit c8fdbb2e03
1 changed files with 15 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
Dockerfile
View File

@ -1,10 +1,6 @@
# Use the official ASP.NET Core runtime image (optimized) # Use the official ASP.NET Core runtime image (optimized)
FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base
# Define non-root user UID/GID (security best practice)
ARG APP_UID=1001
ARG APP_GID=1001
WORKDIR /app WORKDIR /app
EXPOSE 8080 EXPOSE 8080
@ -56,36 +52,33 @@ RUN dotnet publish "LittleShop.csproj" \
FROM base AS final FROM base AS final
WORKDIR /app WORKDIR /app
# Switch to root to create directories and set permissions # Create necessary directories with proper permissions (run as root temporarily)
USER root RUN mkdir -p /app/wwwroot/uploads/products \
# Create non-root user and directories with proper ownership
RUN groupadd -g ${APP_GID} appuser \
&& useradd -u ${APP_UID} -g ${APP_GID} -m appuser \
&& mkdir -p /app/wwwroot/uploads/products \
&& mkdir -p /app/data \ && mkdir -p /app/data \
&& mkdir -p /app/logs \ && mkdir -p /app/logs \
&& chown -R ${APP_UID}:${APP_GID} /app \ && chmod -R 755 /app/wwwroot \
&& chmod -R 755 /app/wwwroot/uploads \
&& chmod -R 755 /app/data \ && chmod -R 755 /app/data \
&& chmod -R 755 /app/logs && chmod -R 755 /app/logs
# Copy published app # Copy published app
COPY --from=publish --chown=${APP_UID}:${APP_GID} /app/publish . COPY --from=publish /app/publish .
# Switch back to non-root user # Health check (disabled for now to avoid startup issues)
USER ${APP_UID} # HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
# CMD curl -f http://localhost:8080/health || exit 1
# Health check # Set environment variables for production
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD curl -f http://localhost:8080/health || exit 1
# Optimize runtime
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=0 \ ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=0 \
DOTNET_RUNNING_IN_CONTAINER=true \ DOTNET_RUNNING_IN_CONTAINER=true \
DOTNET_USE_POLLING_FILE_WATCHER=true \ DOTNET_USE_POLLING_FILE_WATCHER=true \
ASPNETCORE_FORWARDEDHEADERS_ENABLED=true \ ASPNETCORE_FORWARDEDHEADERS_ENABLED=true \
ASPNETCORE_URLS=http://+:8080 \ ASPNETCORE_URLS=http://+:8080 \
ASPNETCORE_ENVIRONMENT=Production ASPNETCORE_ENVIRONMENT=Production \
ConnectionStrings__DefaultConnection="Data Source=/app/data/littleshop-prod.db" \
SilverPay__BaseUrl="http://31.97.57.205:8001" \
SilverPay__ApiKey="your-api-key-here"
# Start as root to ensure permissions (can be improved later)
USER root
ENTRYPOINT ["dotnet", "LittleShop.dll"] ENTRYPOINT ["dotnet", "LittleShop.dll"]