Simplify the container starting process to allow it to run with a

unprivileged user

1 files changed, 12 insertions, 8 deletions

diff --git a/Dockerfile b/Dockerfile
index ffe50c4..0e9d51a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,24 +12,28 @@ RUN yarn build
 # production stage
 FROM alpine:3.15
 
-ENV USER lighttpd
-ENV GROUP lighttpd
-ENV GID 911
-ENV UID 911
+ENV GID 1000
+ENV UID 1000
 ENV PORT 8080
 ENV SUBFOLDER "/_"
+ENV INIT_ASSETS 1
 
-RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} && \
+RUN addgroup -S lighttpd -g ${GID} && adduser -D -S -u ${UID} lighttpd lighttpd && \
     apk add -U --no-cache lighttpd
 
-COPY entrypoint.sh /entrypoint.sh
-COPY lighttpd.conf /lighttpd.conf
+WORKDIR /www
 
-COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/
+COPY lighttpd.conf /lighttpd.conf
+COPY entrypoint.sh /entrypoint.sh
+COPY --from=build-stage --chown=${UID}:${GID} /app/dist /www/
 COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist/assets /www/default-assets
+
+USER ${UID}:${GID}
+
 HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
     CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:${PORT}/ || exit 1
 
 EXPOSE ${PORT}
 VOLUME /www/assets
+
 ENTRYPOINT ["/bin/sh", "/entrypoint.sh"]