mirror of
https://github.com/lldap/lldap.git
synced 2024-11-25 09:06:03 +00:00
docker: Fix permission issues, remove user from container
This commit is contained in:
parent
9653d64eb1
commit
6191fb226a
3 changed files with 32 additions and 18 deletions
26
Dockerfile
26
Dockerfile
|
@ -42,26 +42,16 @@ RUN cargo build --release -p lldap \
|
|||
# Final image
|
||||
FROM alpine:3.14
|
||||
|
||||
RUN set -x \
|
||||
# Add user
|
||||
&& addgroup --gid 10001 app \
|
||||
&& adduser --disabled-password \
|
||||
--gecos '' \
|
||||
--ingroup app \
|
||||
--home /app \
|
||||
--uid 10001 \
|
||||
app \
|
||||
# Create the /data folder
|
||||
&& mkdir /data && chown app:app /data \
|
||||
&& apk add --no-cache bash
|
||||
|
||||
USER app
|
||||
WORKDIR /app
|
||||
|
||||
COPY --chown=app:app --from=builder /app/app/index.html /app/app/main.js /app/app/style.css app/
|
||||
COPY --chown=app:app --from=builder /app/app/pkg app/pkg
|
||||
COPY --chown=app:app --from=builder /app/target/release/lldap lldap
|
||||
COPY docker-entrypoint.sh .
|
||||
COPY --from=builder /app/app/index.html /app/app/main.js /app/app/style.css app/
|
||||
COPY --from=builder /app/app/pkg app/pkg
|
||||
COPY --from=builder /app/target/release/lldap lldap
|
||||
COPY docker-entrypoint.sh lldap_config.docker_template.toml ./
|
||||
|
||||
RUN set -x \
|
||||
&& apk add --no-cache bash \
|
||||
&& chmod a+r -R .
|
||||
|
||||
ENV LDAP_PORT=3890
|
||||
ENV HTTP_PORT=17170
|
||||
|
|
|
@ -83,6 +83,8 @@ volumes:
|
|||
services:
|
||||
lldap:
|
||||
image: nitnelave/lldap
|
||||
# Change this to the user:group you want.
|
||||
user: "33:33"
|
||||
ports:
|
||||
# For LDAP
|
||||
- "3890:3890"
|
||||
|
@ -90,6 +92,8 @@ services:
|
|||
- "17170:17170"
|
||||
volumes:
|
||||
- "lldap_data:/data"
|
||||
# Alternatively, you can mount a local folder
|
||||
# - "./lldap_data:/data"
|
||||
environment:
|
||||
- LLDAP_JWT_SECRET=REPLACE_WITH_RANDOM
|
||||
- LLDAP_LDAP_USER_PASS=REPLACE_WITH_PASSWORD
|
||||
|
|
|
@ -15,4 +15,24 @@ for SECRET in LLDAP_JWT_SECRET LLDAP_LDAP_USER_PASS; do
|
|||
fi
|
||||
done
|
||||
|
||||
CONFIG_FILE=/data/lldap_config.toml
|
||||
|
||||
if [[ ( ! -w "/data" ) ]] || [[ ( ! -d "/data" ) ]]; then
|
||||
echo "[entrypoint] The /data folder doesn't exist or cannot be written to. Make sure to mount
|
||||
a volume or folder to /data to persist data across restarts, and that the current user can
|
||||
write to it."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ ! -f "$CONFIG_FILE" ]]; then
|
||||
echo "[entrypoint] Copying the default config to $CONFIG_FILE"
|
||||
echo "[entrypoint] Edit this file to configure LLDAP."
|
||||
cp /app/lldap_config.docker_template.toml $CONFIG_FILE
|
||||
fi
|
||||
|
||||
if [[ ! -r "$CONFIG_FILE" ]]; then
|
||||
echo "[entrypoint] Config file is not readable. Check the permissions"
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
exec /app/lldap "$@"
|
||||
|
|
Loading…
Reference in a new issue