docker: Fix permission issues, remove user from container

This commit is contained in:
Valentin Tolmer 2021-11-27 20:19:55 +01:00 committed by nitnelave
parent 9653d64eb1
commit 6191fb226a
3 changed files with 32 additions and 18 deletions

View File

@ -42,26 +42,16 @@ RUN cargo build --release -p lldap \
# Final image # Final image
FROM alpine:3.14 FROM alpine:3.14
RUN set -x \
# Add user
&& addgroup --gid 10001 app \
&& adduser --disabled-password \
--gecos '' \
--ingroup app \
--home /app \
--uid 10001 \
app \
# Create the /data folder
&& mkdir /data && chown app:app /data \
&& apk add --no-cache bash
USER app
WORKDIR /app WORKDIR /app
COPY --chown=app:app --from=builder /app/app/index.html /app/app/main.js /app/app/style.css app/ COPY --from=builder /app/app/index.html /app/app/main.js /app/app/style.css app/
COPY --chown=app:app --from=builder /app/app/pkg app/pkg COPY --from=builder /app/app/pkg app/pkg
COPY --chown=app:app --from=builder /app/target/release/lldap lldap COPY --from=builder /app/target/release/lldap lldap
COPY docker-entrypoint.sh . COPY docker-entrypoint.sh lldap_config.docker_template.toml ./
RUN set -x \
&& apk add --no-cache bash \
&& chmod a+r -R .
ENV LDAP_PORT=3890 ENV LDAP_PORT=3890
ENV HTTP_PORT=17170 ENV HTTP_PORT=17170

View File

@ -83,6 +83,8 @@ volumes:
services: services:
lldap: lldap:
image: nitnelave/lldap image: nitnelave/lldap
# Change this to the user:group you want.
user: "33:33"
ports: ports:
# For LDAP # For LDAP
- "3890:3890" - "3890:3890"
@ -90,6 +92,8 @@ services:
- "17170:17170" - "17170:17170"
volumes: volumes:
- "lldap_data:/data" - "lldap_data:/data"
# Alternatively, you can mount a local folder
# - "./lldap_data:/data"
environment: environment:
- LLDAP_JWT_SECRET=REPLACE_WITH_RANDOM - LLDAP_JWT_SECRET=REPLACE_WITH_RANDOM
- LLDAP_LDAP_USER_PASS=REPLACE_WITH_PASSWORD - LLDAP_LDAP_USER_PASS=REPLACE_WITH_PASSWORD

View File

@ -15,4 +15,24 @@ for SECRET in LLDAP_JWT_SECRET LLDAP_LDAP_USER_PASS; do
fi fi
done done
CONFIG_FILE=/data/lldap_config.toml
if [[ ( ! -w "/data" ) ]] || [[ ( ! -d "/data" ) ]]; then
echo "[entrypoint] The /data folder doesn't exist or cannot be written to. Make sure to mount
a volume or folder to /data to persist data across restarts, and that the current user can
write to it."
exit 1
fi
if [[ ! -f "$CONFIG_FILE" ]]; then
echo "[entrypoint] Copying the default config to $CONFIG_FILE"
echo "[entrypoint] Edit this file to configure LLDAP."
cp /app/lldap_config.docker_template.toml $CONFIG_FILE
fi
if [[ ! -r "$CONFIG_FILE" ]]; then
echo "[entrypoint] Config file is not readable. Check the permissions"
exit 1;
fi
exec /app/lldap "$@" exec /app/lldap "$@"