This commit is contained in:
Leonid Pershin
@@ -22,14 +22,19 @@ RUN dotnet publish -c Release -o /app/publish /p:UseAppHost=false
|
|||||||
FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS final
|
FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS final
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
# Install PostgreSQL client for healthcheck (optional)
|
# Install PostgreSQL client, create user, and prepare directories
|
||||||
RUN apt-get update && apt-get install -y postgresql-client && rm -rf /var/lib/apt/lists/*
|
RUN apt-get update && apt-get install -y --no-install-recommends postgresql-client && rm -rf /var/lib/apt/lists/* \
|
||||||
|
&& groupadd -r appuser && useradd -r -g appuser appuser \
|
||||||
|
&& mkdir -p /app/logs
|
||||||
|
|
||||||
# Copy published application
|
# Copy published application (safe: only contains compiled output from dotnet publish)
|
||||||
COPY --from=publish /app/publish .
|
COPY --from=publish /app/publish .
|
||||||
|
|
||||||
# Create directory for logs
|
# Set ownership after copying files
|
||||||
RUN mkdir -p /app/logs && chmod 755 /app/logs
|
RUN chown -R appuser:appuser /app
|
||||||
|
|
||||||
|
# Switch to non-root user
|
||||||
|
USER appuser
|
||||||
|
|
||||||
# Expose ports (if needed for health checks or metrics)
|
# Expose ports (if needed for health checks or metrics)
|
||||||
EXPOSE 8080
|
EXPOSE 8080
|
||||||
|
|||||||
Reference in New Issue
Block a user