fix: run app as spejstore user, not root

This commit is contained in:
palid 2024-02-01 12:36:39 +01:00
parent 401f9c3761
commit 0f45ab9cd1
Signed by: palid
SSH key fingerprint: SHA256:Mus3wCd2x6nxtARI0DpWGT7lIWbNy3R90BVDg0j35PI
2 changed files with 4 additions and 2 deletions

View file

@ -45,5 +45,6 @@
"yzhang.markdown-all-in-one"
]
}
}
},
"containerUser": "spejstore"
}

View file

@ -12,6 +12,7 @@ ADD requirements.txt /code/
RUN pip install --no-cache-dir -r requirements.txt
ADD . /code/
RUN python -m pip install gunicorn
RUN groupadd --gid 1000 spejstore && useradd --uid 1000 --gid 1000 --home /code --shell /bin/bash spejstore
USER spejstore
CMD bash -c "python manage.py collectstatic --no-input --clear && python manage.py migrate && gunicorn --workers 1 --threads 4 -b 0.0.0.0:8000 --capture-output --error-logfile - --access-logfile - spejstore.wsgi:application"