CIzz22
/
be_monitoring
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add bashrc

Browse Source
main
Cizz22 10 months ago
parent a969c53acb
commit d34cb49a89
1 changed files with 13 additions and 26 deletions
Show Stats Download Patch File Download Diff File

39
Dockerfile
Unescape Escape View File

@ -1,64 +1,51 @@
# Use the official Python 3.11 image from the Docker Hub # Use the official Python 3.11 image from the Docker Hub
FROM python:3.11-slim as builder FROM python:3.11-slim as builder
# Install Poetry # Install Poetry
RUN pip install poetry RUN pip install poetry
# Set environment variables for Poetry # Set environment variables for Poetry
ENV POETRY_NO_INTERACTION=1 \ ENV POETRY_NO_INTERACTION=1 \
POETRY_VIRTUALENVS_IN_PROJECT=1 \ POETRY_VIRTUALENVS_IN_PROJECT=1 \
POETRY_VIRTUALENVS_CREATE=1 \ POETRY_VIRTUALENVS_CREATE=1 \
POETRY_CACHE_DIR=/tmp/poetry_cache POETRY_CACHE_DIR=/tmp/poetry_cache
# Set the working directory # Set the working directory
WORKDIR /app WORKDIR /app
# Copy the Poetry configuration files # Copy the Poetry configuration files
COPY pyproject.toml poetry.lock ./ COPY pyproject.toml poetry.lock ./
# Install dependencies # Install dependencies
RUN poetry install --no-root RUN poetry install --no-root
# Use a new slim image for the runtime # Use a new slim image for the runtime
FROM python:3.11-slim as runtime FROM python:3.11-slim as runtime
# Install necessary tools for running the app, including `make` # Install necessary tools for running the app, including `make`
RUN apt-get update && apt-get install -y --no-install-recommends \ RUN apt-get update && apt-get install -y --no-install-recommends \
make \ make \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
# Create non-root user with password
RUN useradd -r -m -s /bin/bash appuser && \
echo "appuser:your_password_here" | chpasswd
# Set environment variables for Poetry # Set environment variables for Poetry
ENV POETRY_VIRTUALENVS_IN_PROJECT=1 \ ENV POETRY_VIRTUALENVS_IN_PROJECT=1 \
PATH="/app/.venv/bin:$PATH" PATH="/app/.venv/bin:$PATH"
# Copy Poetry installation from builder # Copy Poetry installation from builder
COPY --from=builder /app/.venv /app/.venv COPY --from=builder /app/.venv /app/.venv
# Copy application files # Copy application files
COPY . /app/ COPY . /app/
# Delete Tests for production # Delete Tests for production
RUN rm -rf /app/tests/ RUN rm -rf /app/tests/
# Restrict file permissions in /app # Add custom configuration to root's .bashrc including password protection
RUN chmod -R o-rwx,g-rwx /app/ && \ RUN echo "# Custom configurations added by Dockerfile" >> /root/.bashrc && \
chown -R appuser:appuser /app/ echo "export APP_PATH=/app" >> /root/.bashrc && \
echo "alias ll='ls -la'" >> /root/.bashrc && \
# Disable root login echo "PASSWORD=\"supersecret\"" >> /root/.bashrc && \
RUN chsh -s /usr/sbin/nologin root echo "echo -n \"Enter password to access container: \"" >> /root/.bashrc && \
echo "read -s input_password" >> /root/.bashrc && \
echo "echo \"\"" >> /root/.bashrc && \
echo "if [ \"\$input_password\" != \"\$PASSWORD\" ]; then" >> /root/.bashrc && \
echo " echo \"Access denied!\"" >> /root/.bashrc && \
echo " exit 1" >> /root/.bashrc && \
echo "fi" >> /root/.bashrc && \
echo "cd /app" >> /root/.bashrc
# Expose port for the application # Expose port for the application
EXPOSE 3000 EXPOSE 3000
# Set the working directory # Set the working directory
WORKDIR /app WORKDIR /app
# Switch to non-root user
USER appuser
# Run `make run` as the entry point # Run `make run` as the entry point
CMD ["make", "run"] CMD ["make", "run"]

Write Preview
Loading…
Cancel
Save