set runner user of web service

2023-09-26 21:39:49 +02:00 · 2023-09-26 21:39:49 +02:00 · 713af96b9e
commit 713af96b9e
parent fc6141e2b9
6 changed files with 37 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -45,6 +45,9 @@ services:
        depends_on:
            mariadb:
                condition: service_healthy
        environment:
            - USER_UID=<runner user uid>
            - USER_GID=<runner user gid>
        ports:
            - 80:80
            - 8090:8090
@ -91,6 +94,10 @@ docker compose up -d
 ### Docker Compose
 Set the following environment variables in your shell:
 * `USER_UID`: your user ID
 * `USER_GID`: your user's group ID
 Execute the following command from the repo root:
 ```bash
 docker compose up -d
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -8,6 +8,9 @@ services:
        depends_on:
            mariadb:
                condition: service_healthy
        environment:
            - USER_UID
            - USER_GID
        ports:
            - 80:80
            - 5000:5000
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -2,7 +2,7 @@ FROM ubuntu:focal AS mapg_base
 ENV DEBIAN_FRONTEND noninteractive
-RUN apt update --fix-missing && apt install -y curl git unzip mariadb-client nginx \
+RUN apt update --fix-missing && apt install -y sudo curl git unzip mariadb-client nginx \
    php-apcu php7.4-cli php7.4-curl php7.4-fpm php7.4-mbstring php7.4-mysql php7.4-zip php7.4-xml
 RUN mkdir -p /run/php
@ -30,6 +30,7 @@ EXPOSE 8090
 EXPOSE 9229
 ENTRYPOINT docker/scripts/entry-point-dev.sh
 FROM mapg_base AS mapg_release
 RUN apt update --fix-missing && apt install -y cron
@ -37,7 +38,7 @@ RUN apt update --fix-missing && apt install -y cron
 WORKDIR /var/www/mapguesser
 COPY ./ /var/www/mapguesser
 RUN docker/scripts/release.sh &&\
-    rm -rf /var/www/mapguesser/.git /var/www/mapguesser/.env
+    rm -rf /var/www/mapguesser/.git
 EXPOSE 80
 EXPOSE 8090
--- a/docker/scripts/entry-point-dev.sh
+++ b/docker/scripts/entry-point-dev.sh
@ -2,7 +2,10 @@
 set -e
-chmod 777 cache
+if [ -z "$USER_UID" ] or [ -z "$USER_GID" ]; then
    echo "USER_UID and USER_GID should be set"
    exit 1
 fi
 echo "Installing Composer packages..."
 if [ -f .env ]; then
@ -20,11 +23,16 @@ echo "Installing Yarn packages..."
 echo "Migrating DB..."
 ./mapg db:migrate
 echo "Set runner user..."
 groupadd --gid $USER_GID mapg
 useradd --uid $USER_UID --gid $USER_GID mapg
 sed -i -e "s/^user = .*$/user = mapg/g" -e "s/^group = .*$/group = mapg/g" /etc/php/7.4/fpm/pool.d/www.conf
 set +e
 /usr/sbin/php-fpm7.4 -F &
 /usr/sbin/nginx -g 'daemon off;' &
-/usr/bin/node --inspect=0.0.0.0:9229 multi &
+sudo -u mapg -g mapg /usr/bin/node --inspect=0.0.0.0:9229 multi &
 wait -n
--- a/docker/scripts/entry-point.sh
+++ b/docker/scripts/entry-point.sh
@ -2,18 +2,29 @@
 set -e
 if [ -z "$USER_UID" ] or [ -z "$USER_GID" ]; then
    echo "USER_UID and USER_GID should be set"
    exit 1
 fi
 echo "Migrating DB..."
 ./mapg db:migrate
 echo "Installing crontab..."
 /usr/bin/crontab docker/scripts/cron
 echo "Set runner user..."
 groupadd --gid $USER_GID mapg
 useradd --uid $USER_UID --gid $USER_GID mapg
 chown mapg:mapg cache
 sed -i -e "s/^user = .*$/user = mapg/g" -e "s/^group = .*$/group = mapg/g" /etc/php/7.4/fpm/pool.d/www.conf
 set +e
 /usr/sbin/cron -f &
 /usr/sbin/php-fpm7.4 -F &
 /usr/sbin/nginx -g 'daemon off;' &
-/usr/bin/node multi &
+sudo -u mapg -g mapg /usr/bin/node multi &
 wait -n
--- a/docker/scripts/release.sh
+++ b/docker/scripts/release.sh
@ -2,8 +2,6 @@
 set -e
 chmod 777 cache
 echo "Installing Composer packages..."
 composer create-project --no-dev
@ -28,3 +26,5 @@ find public/static/img -type f -iname '*.svg' -exec svgo {} -o {} \;
 echo "Linking view files..."
 ./mapg view:link
 rm .env