data-dot-all · noah-paige · Feb 7, 2024 · Jan 11, 2024 · Jan 11, 2024 · Jan 11, 2024
diff --git a/backend/docker/dev/Dockerfile b/backend/docker/dev/Dockerfile
@@ -5,7 +5,7 @@ ARG NVM_VERSION=v0.37.2
 ARG PYTHON_VERSION=python3.9
 ARG CONTAINER_USER=cuser
 ARG CONTAINER_USER_GROUP=cuser
-
+ARG CONTAINER_UID
 
 
 # Clean cache
@@ -20,7 +20,7 @@ RUN dnf -y install -y \
 RUN dnf install $PYTHON_VERSION
 RUN dnf -y install python3-pip python3-devel git
 
-RUN groupadd -r ${CONTAINER_USER_GROUP} && useradd -m -r -g ${CONTAINER_USER_GROUP} ${CONTAINER_USER}
+RUN groupadd -r ${CONTAINER_USER_GROUP} && useradd -m -r -u ${CONTAINER_UID} -g ${CONTAINER_USER_GROUP} ${CONTAINER_USER}
 RUN useradd -m app
 RUN chown -R ${CONTAINER_USER}:root /usr/local
 RUN chown -R ${CONTAINER_USER}:root /tmp

diff --git a/compose/elasticsearch/Dockerfile b/compose/elasticsearch/Dockerfile
@@ -4,15 +4,5 @@ ARG ELK_VERSION
 # https://www.docker.elastic.co/
 FROM docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION}
 
-ARG CONTAINER_USER=cuser
-ARG CONTAINER_USER_GROUP=cuser
-
-RUN groupadd -r ${CONTAINER_USER_GROUP} && useradd -r -g ${CONTAINER_USER_GROUP} ${CONTAINER_USER}
-RUN chown -R ${CONTAINER_USER}:root /usr/share/elasticsearch
-RUN chown -R ${CONTAINER_USER}:root /tmp
-USER ${CONTAINER_USER}
-
-
-
 # Add your elasticsearch plugins setup here
 # Example: RUN elasticsearch-plugin install analysis-icu
diff --git a/compose/postgres/Dockerfile b/compose/postgres/Dockerfile
@@ -1,10 +1 @@
-FROM postgres:10
-
-ARG CONTAINER_USER=cuser
-ARG CONTAINER_USER_GROUP=cuser
-
-RUN groupadd -r ${CONTAINER_USER_GROUP} && useradd -r -g ${CONTAINER_USER_GROUP} ${CONTAINER_USER}
-RUN chown -R ${CONTAINER_USER}:root /var/lib/
-RUN chown -R ${CONTAINER_USER}:root /var/run/
-RUN chown -R ${CONTAINER_USER}:root /tmp
-USER ${CONTAINER_USER}
+FROM postgres:13.12
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -5,6 +5,8 @@ services:
     build:
       context: ./backend
       dockerfile: docker/dev/Dockerfile
+      args:
+        CONTAINER_UID: ${UID}
     entrypoint: /bin/bash -c 'aws configure set region "eu-west-1" &&. ~/.nvm/nvm.sh && uvicorn cdkproxymain:app --host 0.0.0.0 --port 2805 --reload'
     expose:
       - 2805
@@ -21,7 +23,8 @@ services:
       AWS_DEFAULT_REGION: "${AWS_DEFAULT_REGION:-eu-west-1}"
     volumes:
       - ./backend/dataall:/dataall
-      - $HOME/.aws/credentials:/root/.aws/credentials:ro
+      - $HOME/.aws/credentials:/home/cuser/.aws/credentials:ro
+      - $HOME/.aws/config:/home/cuser/.aws/config
       - ./config.json:/config.json
     restart:
       on-failure:60
@@ -32,6 +35,8 @@ services:
     build:
       context: ./backend
       dockerfile: docker/dev/Dockerfile
+      args:
+        CONTAINER_UID: ${UID}
     entrypoint: /bin/bash -c "../build/wait-for-it.sh elasticsearch:9200 -t 30 && python3.9 local_graphql_server.py"
     expose:
       - 5000
@@ -45,7 +50,7 @@ services:
       email_sender_id: "noreply@someawsdomain"
     volumes:
       - ./backend/dataall:/dataall
-      - $HOME/.aws/credentials:/root/.aws/credentials:ro
+      - $HOME/.aws/credentials:/home/cuser/.aws/credentials:ro
       - ./config.json:/config.json
     depends_on:
       - db

diff --git a/frontend/docker/prod/Dockerfile b/frontend/docker/prod/Dockerfile
@@ -21,28 +21,26 @@ RUN dnf upgrade -y;\
 # Installing libraries
 RUN dnf install -y tar gzip openssl nginx-$NGINX_VERSION
 
-
-
 RUN groupadd -r ${CONTAINER_USER_GROUP} && useradd -m -r -g ${CONTAINER_USER_GROUP} ${CONTAINER_USER}
 
-RUN mkdir -p /var/cache/nginx && chown -R ${CONTAINER_USER}:root /var/cache/nginx && \
-    mkdir -p /var/log/nginx  && chown -R ${CONTAINER_USER}:root /var/log/nginx && \
-    mkdir -p /var/lib/nginx  && chown -R ${CONTAINER_USER}:root /var/lib/nginx && \
-    touch /run/nginx.pid && chown -R ${CONTAINER_USER}:root /run/nginx.pid && \
+RUN mkdir -p /var/cache/nginx /var/log/nginx /var/lib/nginx /var/run/nginx /var/www/html && \
+    chown -R ${CONTAINER_USER}:${CONTAINER_USER_GROUP} /var/cache/nginx /var/log/nginx /var/lib/nginx /var/run/nginx /var/www/html && \
+    touch /run/nginx.pid && chown -R ${CONTAINER_USER}:${CONTAINER_USER_GROUP} /run/nginx.pid && \
     mkdir -p /etc/nginx/templates /etc/nginx/ssl/certs && \
-    chown -R ${CONTAINER_USER}:root /etc/nginx
+    chown -R ${CONTAINER_USER}:${CONTAINER_USER_GROUP} /etc/nginx
 
+# Install necessary packages and grant permissions
+RUN setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx
 
+WORKDIR /app
 
-RUN chown -R ${CONTAINER_USER}:root /usr/local
-RUN chown -R ${CONTAINER_USER}:root /etc/nginx
-RUN chown -R ${CONTAINER_USER}:root /usr/share/nginx
-RUN chown -R ${CONTAINER_USER}:root /tmp
-RUN chown -R ${CONTAINER_USER}:root /app
-USER ${CONTAINER_USER}
-
+RUN chown -R ${CONTAINER_USER}:${CONTAINER_USER_GROUP} /usr/local
+RUN chown -R ${CONTAINER_USER}:${CONTAINER_USER_GROUP} /etc/nginx
+RUN chown -R ${CONTAINER_USER}:${CONTAINER_USER_GROUP} /usr/share/nginx
+RUN chown -R ${CONTAINER_USER}:${CONTAINER_USER_GROUP} /tmp
+RUN chown -R ${CONTAINER_USER}:${CONTAINER_USER_GROUP} /app
 
-WORKDIR /app
+USER ${CONTAINER_USER}
 
 RUN touch ~/.bashrc
 
@@ -53,16 +51,16 @@ RUN echo '. ~/.nvm/nvm.sh' >> ~/.bashrc
 RUN . ~/.nvm/nvm.sh && npm install -g npm@9 yarn
 
 
-COPY --chown=${CONTAINER_USER}:root ./frontend/package.json ./frontend/yarn.lock ./
-COPY --chown=${CONTAINER_USER}:root ./config.json /
+COPY --chown=${CONTAINER_USER}:${CONTAINER_USER_GROUP} ./frontend/package.json ./frontend/yarn.lock ./
+COPY --chown=${CONTAINER_USER}:${CONTAINER_USER_GROUP} ./config.json /
 # Copy vesion.json to docker root, because app scripts read it from ".."
-COPY --chown=${CONTAINER_USER}:root ./version.json /
+COPY --chown=${CONTAINER_USER}:${CONTAINER_USER_GROUP} ./version.json /
 
 RUN . ~/.nvm/nvm.sh && yarn install
 
 ENV PATH="./node_modules/.bin:$PATH"
 
-COPY --chown=${CONTAINER_USER}:root ./frontend/docker/prod/nginx.config /etc/nginx/nginx.template
+COPY --chown=${CONTAINER_USER}:${CONTAINER_USER_GROUP} ./frontend/docker/prod/nginx.config /etc/nginx/nginx.template
 
 ENV SERVERNAME=$DOMAIN
 
@@ -79,7 +77,7 @@ RUN sed -i 's/user nginx;/#user nginx;/g' /etc/nginx/nginx.conf
 
 RUN cat /etc/nginx/nginx.conf
 
-COPY --chown=${CONTAINER_USER}:root ./frontend ./
+COPY --chown=${CONTAINER_USER}:${CONTAINER_USER_GROUP} ./frontend ./
 
 RUN . ~/.nvm/nvm.sh && yarn build
 

diff --git a/frontend/docker/prod/nginx.config b/frontend/docker/prod/nginx.config
@@ -1,4 +1,4 @@
-user nginx;
+user cuser cuser;
 worker_processes auto;
 error_log /var/log/nginx/error.log;
 pid /run/nginx.pid;