Add non-root user to Dockerfile and update permissions

perfectly-preserved-pie · Nov 12, 2024 · 8b17506 · 8b17506
1 parent eda2cdb
commit 8b17506
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,10 +1,14 @@
 FROM python:3.11-slim
 
+# Set the working directory
 WORKDIR /app
 
 # Switch to root user to install dependencies
 USER root
 
+# Create the nonroot user and set permissions
+RUN adduser --disabled-password --gecos "" nonroot && chown -R nonroot /app
+
 # Copy everything into the working directory
 COPY . /app
 
@@ -17,12 +21,11 @@ RUN uv pip install --system --no-cache-dir -r requirements.txt
 # Switch back to non-root user
 USER nonroot
 
-# Install curl
-#RUN apt-get update && apt-get install -y curl
+# Install curl (if needed, uncomment this line)
+# RUN apt-get update && apt-get install -y curl
 
 # Run the app using gunicorn.
 # Expose the port gunicorn is listening on (80).
 # Set the number of workers to 10.
-# Preload the app to avoid the overhead of loading the app for each worker. See https://www.joelsleppy.com/blog/gunicorn-application-preloading/
-# Set the app to be the server variable in app.py.
-CMD ["gunicorn", "-b", "0.0.0.0:80", "-k", "gevent", "--workers=10", "--preload", "app:server"]
+# Preload the app to avoid the overhead of loading the app for each worker.
+CMD ["gunicorn", "-b", "0.0.0.0:80", "-k", "gevent", "--workers=10", "--preload", "app:server"]