Simplify the container starting process to allow it to run with a

unprivileged user

8 files changed, 52 insertions, 53 deletions

diff --git a/Dockerfile b/Dockerfile
index ffe50c4..0e9d51a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,24 +12,28 @@ RUN yarn build
 # production stage
 FROM alpine:3.15
 
-ENV USER lighttpd
-ENV GROUP lighttpd
-ENV GID 911
-ENV UID 911
+ENV GID 1000
+ENV UID 1000
 ENV PORT 8080
 ENV SUBFOLDER "/_"
+ENV INIT_ASSETS 1
 
-RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} && \
+RUN addgroup -S lighttpd -g ${GID} && adduser -D -S -u ${UID} lighttpd lighttpd && \
     apk add -U --no-cache lighttpd
 
-COPY entrypoint.sh /entrypoint.sh
-COPY lighttpd.conf /lighttpd.conf
+WORKDIR /www
 
-COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/
+COPY lighttpd.conf /lighttpd.conf
+COPY entrypoint.sh /entrypoint.sh
+COPY --from=build-stage --chown=${UID}:${GID} /app/dist /www/
 COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist/assets /www/default-assets
+
+USER ${UID}:${GID}
+
 HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
     CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:${PORT}/ || exit 1
 
 EXPOSE ${PORT}
 VOLUME /www/assets
+
 ENTRYPOINT ["/bin/sh", "/entrypoint.sh"]
diff --git a/Dockerfile.arm32v7 b/Dockerfile.arm32v7
index 01a2196..7e1d92b 100644
--- a/Dockerfile.arm32v7
+++ b/Dockerfile.arm32v7
@@ -32,14 +32,16 @@ RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} &
     apk add -U --no-cache lighttpd && \
     rm /usr/bin/qemu-arm-static
 
-COPY entrypoint.sh /entrypoint.sh
-COPY lighttpd.conf /lighttpd.conf
+WORKDIR /www
 
+COPY lighttpd.conf /lighttpd.conf
 COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/
-COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist/assets /www/default-assets
+
+USER ${USER}
 HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
     CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:${PORT}/ || exit 1
 
 EXPOSE ${PORT}
 VOLUME /www/assets
-ENTRYPOINT ["/bin/sh", "/entrypoint.sh"]
+
+CMD ["lighttpd", "-D", "-f", "/lighttpd.conf"]
diff --git a/Dockerfile.arm64v8 b/Dockerfile.arm64v8
index f9e6675..573a2e4 100644
--- a/Dockerfile.arm64v8
+++ b/Dockerfile.arm64v8
@@ -32,14 +32,16 @@ RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} &
     apk add -U --no-cache lighttpd && \
     rm /usr/bin/qemu-aarch64-static
 
-COPY entrypoint.sh /entrypoint.sh
-COPY lighttpd.conf /lighttpd.conf
+WORKDIR /www
 
+COPY lighttpd.conf /lighttpd.conf
 COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/
-COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist/assets /www/default-assets
+
+USER ${USER}
 HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
     CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:${PORT}/ || exit 1
 
 EXPOSE ${PORT}
 VOLUME /www/assets
-ENTRYPOINT ["/bin/sh", "/entrypoint.sh"]
+
+CMD ["lighttpd", "-D", "-f", "/lighttpd.conf"]
diff --git a/README.md b/README.md
index 57185a7..6ac71e6 100644
--- a/README.md
+++ b/README.md
@@ -71,8 +71,6 @@ See [documentation](docs/configuration.md) for information about the configurati
 
 ### Using docker
 
-To launch container:
-
 ```sh
 docker run -d \
   -p 8080:8080 \
@@ -81,16 +79,19 @@ docker run -d \
   b4bz/homer:latest
 ```
 
-Default assets will be automatically installed in the `/www/assets` directory. Use `UID` and/or `GID` env var to change the assets owner (`docker run -e "UID=1000" -e "GID=1000" [...]`).
+Environment variables: 
+
+* **`INIT_ASSETS`** (default: `1`)
+Install exemple configuration file & assets (favicons, ...) to help you get started.
 
-## Host in subfolder
+* **`SUBFOLDER`** (default: `null`)
+If you would like to host Homer in a subfolder, (ex: *http://my-domain/**homer***), set this to the subfolder path (ex `/homer`).
 
-If you would like to host Homer in a subfolder, for e.g. behind a reverse proxy, supply the name of subfolder by using the `SUBFOLDER` env var.
 
 ### Using docker-compose
 
 The `docker-compose.yml` file must be edited to match your needs.
-Set the port and volume (equivalent to `-p` and `-v` arguments):
+You probably want to set the port mapping and volume binding (equivalent to `-p` and `-v` arguments):
 
 ```yaml
 volumes:
@@ -99,21 +100,13 @@ ports:
   - 8080:8080
 ```
 
-To launch container:
+Then launch the container:
 
 ```sh
-cd /path/to/docker-compose.yml
+cd /path/to/docker-compose.yml/
 docker-compose up -d
 ```
 
-Default assets will be automatically installed in the `/www/assets` directory. Use `UID` and/or `GID` env var to change the assets owner, also in `docker-compose.yml`:
-
-```yaml
-environment:
-  - UID=1000
-  - GID=1000
-```
-
 ### Using the release tarball (prebuilt, ready to use)
 
 Download and extract the latest release (`homer.zip`) from the [release page](https://github.com/bastienwirtz/homer/releases), rename the `assets/config.yml.dist` file to `assets/config.yml`, and put it behind a web server.
diff --git a/docker-compose.yml b/docker-compose.yml
index 884703c..231e72a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,7 +10,6 @@ services:
       - /your/local/assets/:/www/assets
     ports:
       - 8080:8080
-    #environment:
-    #  - UID=1000
-    #  - GID=1000
-    restart: unless-stopped
+    user: 1000:1000 # default
+    environment:
+      - INIT_ASSETS=1 # default
diff --git a/entrypoint.sh b/entrypoint.sh
index e10e17e..eba1cb2 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,23 +1,18 @@
 #!/bin/sh
 
-# Ensure default assets are present.
-while true; do echo n; done | cp -Ri /www/default-assets/* /www/assets/ &> /dev/null
+PERMISSION_ERROR="Check assets directory permissions & docker user or skip default assets install by setting the INIT_ASSETS env var to 0"
 
-# Ensure compatibility with previous version (config.yml was in the root directory)
-if [ -f "/www/config.yml" ]; then
-    yes n | cp -i /www/config.yml /www/assets/ &> /dev/null
-fi
-
-# Install default config if no one is available.
-yes n | cp -i /www/default-assets/config.yml.dist /www/assets/config.yml &> /dev/null
+# Default assets & exemple configuration installation if possible.
+if [[ "${INIT_ASSETS}" == "1" ]] && [[ ! -f "/www/config.yml" ]]; then
+    echo "No configuration found, installing default config & assets"
+    if [[ ! -w "/www/assets/" ]]; then echo "Assets directory not writable. $PERMISSION_ERROR" && exit 1; fi
+    
+    while true; do echo n; done | cp -Ri /www/default-assets/* /www/assets/ &> /dev/null
+    if [[ $? -ne 0 ]]; then echo "Fail to copy default assets. $PERMISSION_ERROR" && exit 1; fi
 
-# Create symbolic link for hosting in subfolder.
-if [[ -n "${SUBFOLDER}" ]]; then
-  ln -s /www "/www/$SUBFOLDER"
-  chown -h $USER:$GROUP "/www/$SUBFOLDER"
+    yes n | cp -i /www/default-assets/config.yml.dist /www/assets/config.yml &> /dev/null
+    if [[ $? -ne 0 ]]; then echo "Fail to copy default config file. $PERMISSION_ERROR" && exit 1; fi
 fi
 
-chown -R $UID:$GID /www/assets
-
 echo "Starting webserver"
 lighttpd -D -f /lighttpd.conf
diff --git a/lighttpd.conf b/lighttpd.conf
index 04b0bed..32e14da 100644
--- a/lighttpd.conf
+++ b/lighttpd.conf
@@ -2,8 +2,8 @@ include "/etc/lighttpd/mime-types.conf"
 
 server.port           = env.PORT
 server.modules        = ( "mod_alias" )
-server.username       = env.USER
-server.groupname      = env.GROUP
+server.username       = "lighttpd"
+server.groupname      = "lighttpd"
 server.document-root  = "/www"
 alias.url             = ( env.SUBFOLDER => "/www" )
 server.indexfiles     = ("index.html")
diff --git a/src/assets/app.scss b/src/assets/app.scss
index aa8b077..ae2cb6b 100644
--- a/src/assets/app.scss
+++ b/src/assets/app.scss
@@ -104,6 +104,10 @@ body {
 
     .dashboard-title {
       padding: 6px 0 0 80px;
+
+      &.no-logo {
+        padding-left: 0;
+      }
     }
 
     .first-line {