summaryrefslogtreecommitdiffstats
path: root/Dockerfile
diff options
context:
space:
mode:
authorromaingimbert <romain.gimbert@orange.com>2019-02-26 16:23:30 +0100
committerromaingimbert <romain.gimbert@orange.com>2019-02-26 16:23:30 +0100
commite0e7ba60753556c5a135ebc057ad3780cddacb28 (patch)
tree8a2bf910834f4907894f2f72ccc79c63ad4e7062 /Dockerfile
parent44a7f7d91b329a26fb814428af4a230d35ceff50 (diff)
Design container to run as non-root
-change docker file Change-Id: I2da9777dbb4b5feb9c5fb26ddb88f8df9a047bb2 Issue-ID: EXTAPI-202 Signed-off-by: romaingimbert <romain.gimbert@orange.com>
Diffstat (limited to 'Dockerfile')
-rw-r--r--Dockerfile5
1 files changed, 5 insertions, 0 deletions
diff --git a/Dockerfile b/Dockerfile
index 9cc5868..91a6a9d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,6 +20,9 @@ ARG SERVER_PORT
ARG PKG_FILENAME=nbi-rest-services-3.0.1.jar
ADD target/$PKG_FILENAME app.jar
+RUN addgroup -S appgroup
+RUN adduser -S appuser -G appgroup
+
COPY src/main/resources/certificate /certs
ARG CERT_PASS=changeit
RUN for cert in $(ls -d /certs/*); do \
@@ -32,6 +35,8 @@ RUN for cert in $(ls -d /certs/*); do \
--noprompt; \
done
+USER appuser:appgroup
+
ENV SERVER_PORT=${SERVER_PORT:-8080}
ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom"