diff options
author | romaingimbert <romain.gimbert@orange.com> | 2019-02-26 16:23:30 +0100 |
---|---|---|
committer | romaingimbert <romain.gimbert@orange.com> | 2019-02-26 16:23:30 +0100 |
commit | e0e7ba60753556c5a135ebc057ad3780cddacb28 (patch) | |
tree | 8a2bf910834f4907894f2f72ccc79c63ad4e7062 /Dockerfile | |
parent | 44a7f7d91b329a26fb814428af4a230d35ceff50 (diff) |
Design container to run as non-root
-change docker file
Change-Id: I2da9777dbb4b5feb9c5fb26ddb88f8df9a047bb2
Issue-ID: EXTAPI-202
Signed-off-by: romaingimbert <romain.gimbert@orange.com>
Diffstat (limited to 'Dockerfile')
-rw-r--r-- | Dockerfile | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -20,6 +20,9 @@ ARG SERVER_PORT ARG PKG_FILENAME=nbi-rest-services-3.0.1.jar ADD target/$PKG_FILENAME app.jar +RUN addgroup -S appgroup +RUN adduser -S appuser -G appgroup + COPY src/main/resources/certificate /certs ARG CERT_PASS=changeit RUN for cert in $(ls -d /certs/*); do \ @@ -32,6 +35,8 @@ RUN for cert in $(ls -d /certs/*); do \ --noprompt; \ done +USER appuser:appgroup + ENV SERVER_PORT=${SERVER_PORT:-8080} ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom" |