Skip to content

Commit

Permalink
feat(dockerfile.prod): increased security adding a non root user
Browse files Browse the repository at this point in the history
Increased security for docker image optimized size
  • Loading branch information
Eventyret committed May 24, 2023
1 parent 0dc2b7d commit d8d52ee
Showing 1 changed file with 22 additions and 32 deletions.
54 changes: 22 additions & 32 deletions templates/Dockerfile-prod.liquid
Original file line number Diff line number Diff line change
@@ -1,53 +1,43 @@
{%- if packageManager == "yarn" %}
# Creating multi-stage build for production
FROM node:16-alpine as build
# Installing libvips-dev for sharp Compatability
RUN apk update && apk add --no-cache build-base gcc autoconf automake zlib-dev libpng-dev vips-dev > /dev/null 2>&1
ARG NODE_ENV=production
ENV NODE_ENV=${NODE_ENV}

WORKDIR /opt/
COPY ./package.json ./yarn.lock ./
ENV PATH /opt/node_modules/.bin:$PATH
{%- if packageManager == "yarn" %}
COPY package.json yarn.lock ./
RUN yarn config set network-timeout 600000 -g && yarn install --production
{%- else%}
COPY package.json package-lock.json ./
RUN npm config set network-timeout 600000 -g && npm install --only=production
{%endif%}
ENV PATH /opt/node_modules/.bin:$PATH
WORKDIR /opt/app
COPY ./ .
COPY . .
{%- if packageManager == "yarn" %}
RUN yarn build
{%- else%}
RUN npm run build
{%endif%}

# Creating final production image
FROM node:16-alpine
RUN addgroup -g 1001 strapi && adduser -u 1001 -G strapi -s /bin/sh -D strapi
RUN apk add --no-cache vips-dev
ARG NODE_ENV=production
ENV NODE_ENV=${NODE_ENV}
WORKDIR /opt/
COPY --from=build /opt/node_modules ./node_modules
ENV PATH /opt/node_modules/.bin:$PATH
WORKDIR /opt/app
COPY --from=build /opt/app ./
EXPOSE 1337
CMD ["yarn", "start"]

{%- else %}
FROM node:16-alpine as build
# Installing libvips-dev for sharp Compatability
RUN apk update && apk add --no-cache build-base gcc autoconf automake zlib-dev libpng-dev vips-dev > /dev/null 2>&1
ARG NODE_ENV=production
ENV NODE_ENV=${NODE_ENV}
WORKDIR /opt/
COPY ./package.json ./package-lock.json ./
ENV PATH /opt/node_modules/.bin:$PATH
RUN npm install --production
WORKDIR /opt/app
COPY ./ .
RUN npm run build

FROM node:16-alpine
# Installing libvips-dev for sharp Compatability
RUN apk add --no-cache vips-dev
ARG NODE_ENV=production
ENV NODE_ENV=${NODE_ENV}
WORKDIR /opt/
COPY --from=build /opt/node_modules ./node_modules
ENV PATH /opt/node_modules/.bin:$PATH
WORKDIR /opt/app
COPY --from=build /opt/app ./
RUN chown -R strapi:strapi /opt/app
USER strapi
EXPOSE 1337
{%- if packageManager == "yarn" %}
CMD ["yarn", "start"]
{%- else %}
CMD ["npm", "run","start"]
{% endif %}
{%endif%}

0 comments on commit d8d52ee

Please sign in to comment.