Merge pull request #68 from Kong/docker

Use non-root user
Kong · Jan 8, 2025 · 0127fb1 · 0127fb1
2 parents 372a20c + 4b8cb14
commit 0127fb1
Showing 1 changed file with 22 additions and 3 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:jammy-20240808
+FROM ubuntu:jammy
 
 LABEL name="httpbin"
 LABEL description="A simple HTTP service."
@@ -9,11 +9,30 @@ ENV HOME=/httpbin
 
 WORKDIR /httpbin
 
-RUN apt update -y && apt install python3-pip libssl-dev libffi-dev git -y && pip3 install --no-cache-dir pipenv
+ARG UID=10001
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    httpbin
+
+RUN chown httpbin /httpbin
+RUN chmod u+rwx /httpbin
+
+RUN apt-get update -y && apt-get install python3-pip libssl-dev libffi-dev git libcap2-bin -y
 
 ADD . .
-RUN pipenv sync
 
+RUN setcap CAP_NET_BIND_SERVICE=+eip /usr/bin/python3.10
 EXPOSE 80
 
+USER httpbin
+ENV PATH="/httpbin/.local/bin:$PATH"
+
+RUN pip3 install --no-cache-dir pipenv
+RUN pipenv sync
+
 CMD ["pipenv", "run", "gunicorn", "-b", "0.0.0.0:80", "httpbin:app", "-k", "gevent"]