aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Dockerfile11
1 files changed, 9 insertions, 2 deletions
diff --git a/Dockerfile b/Dockerfile
index ef1f492..a69379c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -24,12 +24,16 @@ RUN go build -o neko .
# Stage 3: Final Image
FROM debian:bullseye-slim
+
+# Create a non-root user
+RUN groupadd -r neko && useradd -r -g neko neko
+
WORKDIR /app
COPY --from=backend-builder /app/neko .
COPY --from=backend-builder /app/static ./static
-# Ensure data directory exists
-RUN mkdir -p /app/data
+# Ensure data directory exists and set permissions
+RUN mkdir -p /app/data && chown -R neko:neko /app/data
# Default environment variables
ENV NEKO_PORT=8080
@@ -37,4 +41,7 @@ ENV NEKO_DB=/app/data/neko.db
EXPOSE 8080
+# Switch to non-root user
+USER neko
+
CMD ["./neko", "-s", "8080", "-d", "/app/data/neko.db"]
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-25 21:33:17 +0000