security-and-docker-fixes
This commit is contained in:
sysadmin
parent
ec894ba529
commit
c8fdbb2e03
37
Dockerfile
37
Dockerfile
@ -1,10 +1,6 @@
|
||||
# Use the official ASP.NET Core runtime image (optimized)
|
||||
FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base
|
||||
|
||||
# Define non-root user UID/GID (security best practice)
|
||||
ARG APP_UID=1001
|
||||
ARG APP_GID=1001
|
||||
|
||||
WORKDIR /app
|
||||
EXPOSE 8080
|
||||
|
||||
@ -56,36 +52,33 @@ RUN dotnet publish "LittleShop.csproj" \
|
||||
FROM base AS final
|
||||
WORKDIR /app
|
||||
|
||||
# Switch to root to create directories and set permissions
|
||||
USER root
|
||||
|
||||
# Create non-root user and directories with proper ownership
|
||||
RUN groupadd -g ${APP_GID} appuser \
|
||||
&& useradd -u ${APP_UID} -g ${APP_GID} -m appuser \
|
||||
&& mkdir -p /app/wwwroot/uploads/products \
|
||||
# Create necessary directories with proper permissions (run as root temporarily)
|
||||
RUN mkdir -p /app/wwwroot/uploads/products \
|
||||
&& mkdir -p /app/data \
|
||||
&& mkdir -p /app/logs \
|
||||
&& chown -R ${APP_UID}:${APP_GID} /app \
|
||||
&& chmod -R 755 /app/wwwroot/uploads \
|
||||
&& chmod -R 755 /app/wwwroot \
|
||||
&& chmod -R 755 /app/data \
|
||||
&& chmod -R 755 /app/logs
|
||||
|
||||
# Copy published app
|
||||
COPY --from=publish --chown=${APP_UID}:${APP_GID} /app/publish .
|
||||
COPY --from=publish /app/publish .
|
||||
|
||||
# Switch back to non-root user
|
||||
USER ${APP_UID}
|
||||
# Health check (disabled for now to avoid startup issues)
|
||||
# HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
|
||||
# CMD curl -f http://localhost:8080/health || exit 1
|
||||
|
||||
# Health check
|
||||
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
|
||||
CMD curl -f http://localhost:8080/health || exit 1
|
||||
|
||||
# Optimize runtime
|
||||
# Set environment variables for production
|
||||
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=0 \
|
||||
DOTNET_RUNNING_IN_CONTAINER=true \
|
||||
DOTNET_USE_POLLING_FILE_WATCHER=true \
|
||||
ASPNETCORE_FORWARDEDHEADERS_ENABLED=true \
|
||||
ASPNETCORE_URLS=http://+:8080 \
|
||||
ASPNETCORE_ENVIRONMENT=Production
|
||||
ASPNETCORE_ENVIRONMENT=Production \
|
||||
ConnectionStrings__DefaultConnection="Data Source=/app/data/littleshop-prod.db" \
|
||||
SilverPay__BaseUrl="http://31.97.57.205:8001" \
|
||||
SilverPay__ApiKey="your-api-key-here"
|
||||
|
||||
# Start as root to ensure permissions (can be improved later)
|
||||
USER root
|
||||
|
||||
ENTRYPOINT ["dotnet", "LittleShop.dll"]
|
||||
Loading…
Reference in New Issue
Block a user