From 58609cc30855da99006b614cb6f01a80b042c58d Mon Sep 17 00:00:00 2001 From: Matthew Valimaki Date: Wed, 23 Mar 2016 08:12:03 -0700 Subject: [PATCH 1/4] Add missing `nodejs` user. Signed-off-by: Matthew Valimaki --- alpine-consul-nginx-nodejs/Dockerfile | 4 +++- alpine-consul-nodejs/Dockerfile | 5 ++++- alpine-nodejs/Dockerfile | 7 +++++-- examples/user-consul-nginx-nodejs/Dockerfile | 11 +++++------ .../root/etc/services.d/app/run | 2 +- .../root/etc/services.d/nginx/finish | 8 -------- .../root/etc/services.d/nginx/run | 3 --- 7 files changed, 18 insertions(+), 22 deletions(-) delete mode 100755 examples/user-consul-nginx-nodejs/root/etc/services.d/nginx/finish delete mode 100755 examples/user-consul-nginx-nodejs/root/etc/services.d/nginx/run diff --git a/alpine-consul-nginx-nodejs/Dockerfile b/alpine-consul-nginx-nodejs/Dockerfile index f831455..72697a3 100644 --- a/alpine-consul-nginx-nodejs/Dockerfile +++ b/alpine-consul-nginx-nodejs/Dockerfile @@ -4,4 +4,6 @@ MAINTAINER Scott Mebberson # Install Node.js, and the latest version of npm (and Python in case any npm modules require building) RUN apk add --update nodejs git python make && \ rm -rf /var/cache/apk/* && \ - npm install -g npm + npm install -g npm && \ + addgroup nodejs && \ + adduser -g '' -DS -G nodejs -s /bin/sh nodejs diff --git a/alpine-consul-nodejs/Dockerfile b/alpine-consul-nodejs/Dockerfile index 956f5bf..4ea377f 100644 --- a/alpine-consul-nodejs/Dockerfile +++ b/alpine-consul-nodejs/Dockerfile @@ -1,7 +1,8 @@ FROM smebberson/alpine-consul-base:2.0.0 MAINTAINER Scott Mebberson -ENV NODE_VERSION=v4.4.1 NPM_VERSION=3 +ENV NODE_VERSION=v4.4.1 \ + NPM_VERSION=3 RUN apk add --update git curl make gcc g++ python linux-headers libgcc libstdc++ binutils-gold && \ curl -sSL https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}.tar.gz | tar -xz && \ @@ -15,3 +16,5 @@ RUN apk add --update git curl make gcc g++ python linux-headers libgcc libstdc++ rm -rf /etc/ssl /node-${NODE_VERSION} /usr/include \ /usr/share/man /tmp/* /var/cache/apk/* /root/.npm /root/.node-gyp \ /usr/lib/node_modules/npm/man /usr/lib/node_modules/npm/doc /usr/lib/node_modules/npm/html + addgroup nodejs && \ + adduser -g '' -DS -G nodejs -s /bin/sh nodejs diff --git a/alpine-nodejs/Dockerfile b/alpine-nodejs/Dockerfile index f39fe69..77a982e 100644 --- a/alpine-nodejs/Dockerfile +++ b/alpine-nodejs/Dockerfile @@ -1,7 +1,8 @@ FROM smebberson/alpine-base:1.2.1 MAINTAINER Scott Mebberson -ENV NODE_VERSION=v5.9.0 NPM_VERSION=3 +ENV NODE_VERSION=v5.9.0 \ + NPM_VERSION=3 RUN apk add --update git curl make gcc g++ python linux-headers libgcc libstdc++ binutils-gold && \ curl -sSL https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}.tar.gz | tar -xz && \ @@ -14,4 +15,6 @@ RUN apk add --update git curl make gcc g++ python linux-headers libgcc libstdc++ apk del gcc g++ linux-headers libgcc libstdc++ binutils-gold && \ rm -rf /etc/ssl /node-${NODE_VERSION} /usr/include \ /usr/share/man /tmp/* /var/cache/apk/* /root/.npm /root/.node-gyp \ - /usr/lib/node_modules/npm/man /usr/lib/node_modules/npm/doc /usr/lib/node_modules/npm/html + /usr/lib/node_modules/npm/man /usr/lib/node_modules/npm/doc /usr/lib/node_modules/npm/html && \ + addgroup nodejs && \ + adduser -g '' -DS -G nodejs -s /bin/sh nodejs diff --git a/examples/user-consul-nginx-nodejs/Dockerfile b/examples/user-consul-nginx-nodejs/Dockerfile index 19a86a0..82759f6 100644 --- a/examples/user-consul-nginx-nodejs/Dockerfile +++ b/examples/user-consul-nginx-nodejs/Dockerfile @@ -1,12 +1,11 @@ FROM smebberson/alpine-consul-nginx-nodejs MAINTAINER Scott Mebberson -ENV NODE_ENV=development NODE_PORT=4000 - -# Build the Node.js modules on the container itself -ADD root/app/package.json /app/package.json -RUN cd /app && \ - npm install --production +ENV NODE_ENV=development \ + NODE_PORT=4000 # Add image source ADD root / + +RUN cd /app && \ + npm install --production diff --git a/examples/user-consul-nginx-nodejs/root/etc/services.d/app/run b/examples/user-consul-nginx-nodejs/root/etc/services.d/app/run index 6c58d9d..11cc63d 100755 --- a/examples/user-consul-nginx-nodejs/root/etc/services.d/app/run +++ b/examples/user-consul-nginx-nodejs/root/etc/services.d/app/run @@ -2,4 +2,4 @@ cd /app -exec node server.js; +exec s6-setuidgid nodejs node /app/server.js; diff --git a/examples/user-consul-nginx-nodejs/root/etc/services.d/nginx/finish b/examples/user-consul-nginx-nodejs/root/etc/services.d/nginx/finish deleted file mode 100755 index a6543b8..0000000 --- a/examples/user-consul-nginx-nodejs/root/etc/services.d/nginx/finish +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/execlineb -S1 - -# only tell s6 to bring down the entire container, if it isn't already doing so -# http://skarnet.org/software/s6/s6-supervise.html -if { s6-test ${1} -ne 0 } -if { s6-test ${1} -ne 256 } - -s6-svscanctl -t /var/run/s6/services diff --git a/examples/user-consul-nginx-nodejs/root/etc/services.d/nginx/run b/examples/user-consul-nginx-nodejs/root/etc/services.d/nginx/run deleted file mode 100755 index 8d97e4c..0000000 --- a/examples/user-consul-nginx-nodejs/root/etc/services.d/nginx/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/with-contenv sh - -exec nginx; From 6ea8ad2716768aff34e1175b655a16b2f6f4b111 Mon Sep 17 00:00:00 2001 From: Matthew Valimaki Date: Wed, 23 Mar 2016 08:16:47 -0700 Subject: [PATCH 2/4] Do `npm install` as `nodejs` to ensure ownership `node_modules`. --- examples/user-consul-nginx-nodejs/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/examples/user-consul-nginx-nodejs/Dockerfile b/examples/user-consul-nginx-nodejs/Dockerfile index 82759f6..23db5a2 100644 --- a/examples/user-consul-nginx-nodejs/Dockerfile +++ b/examples/user-consul-nginx-nodejs/Dockerfile @@ -7,5 +7,9 @@ ENV NODE_ENV=development \ # Add image source ADD root / +USER nodejs + RUN cd /app && \ npm install --production + +USER root From db645a2b5e1b512434d09bec616bc0384242ff17 Mon Sep 17 00:00:00 2001 From: Matthew Valimaki Date: Wed, 23 Mar 2016 08:58:11 -0700 Subject: [PATCH 3/4] Updated remaining Node code to use `nodejs` user and group. Signed-off-by: Matthew Valimaki --- alpine-consul-nodejs/Dockerfile | 2 +- .../root/etc/services.d/app/run | 2 +- examples/user-consul-nodejs/Dockerfile | 15 ++++++++------- .../root/etc/services.d/app/run | 2 +- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/alpine-consul-nodejs/Dockerfile b/alpine-consul-nodejs/Dockerfile index 4ea377f..cd4a5b8 100644 --- a/alpine-consul-nodejs/Dockerfile +++ b/alpine-consul-nodejs/Dockerfile @@ -15,6 +15,6 @@ RUN apk add --update git curl make gcc g++ python linux-headers libgcc libstdc++ apk del gcc g++ linux-headers libgcc libstdc++ binutils-gold && \ rm -rf /etc/ssl /node-${NODE_VERSION} /usr/include \ /usr/share/man /tmp/* /var/cache/apk/* /root/.npm /root/.node-gyp \ - /usr/lib/node_modules/npm/man /usr/lib/node_modules/npm/doc /usr/lib/node_modules/npm/html + /usr/lib/node_modules/npm/man /usr/lib/node_modules/npm/doc /usr/lib/node_modules/npm/html && \ addgroup nodejs && \ adduser -g '' -DS -G nodejs -s /bin/sh nodejs diff --git a/examples/user-consul-nginx-nodejs/root/etc/services.d/app/run b/examples/user-consul-nginx-nodejs/root/etc/services.d/app/run index 11cc63d..1b37c76 100755 --- a/examples/user-consul-nginx-nodejs/root/etc/services.d/app/run +++ b/examples/user-consul-nginx-nodejs/root/etc/services.d/app/run @@ -2,4 +2,4 @@ cd /app -exec s6-setuidgid nodejs node /app/server.js; +exec s6-setuidgid nodejs node server.js; diff --git a/examples/user-consul-nodejs/Dockerfile b/examples/user-consul-nodejs/Dockerfile index 4543bef..5d98a62 100644 --- a/examples/user-consul-nodejs/Dockerfile +++ b/examples/user-consul-nodejs/Dockerfile @@ -1,14 +1,15 @@ FROM smebberson/alpine-consul-nodejs MAINTAINER Scott Mebberson -ENV NODE_ENV=development NODE_PORT=4000 - -# Build the Node.js modules on the container itself -ADD root/app/package.json /tmp/package.json -RUN cd /tmp && npm install --production +ENV NODE_ENV=development \ + NODE_PORT=4000 # Add image source ADD root / -# Replace the node_modules with those built on the image -RUN rm -rf /app/node_modules && cp -r /tmp/node_modules /app/node_modules +USER nodejs + +RUN cd /app && \ + npm install --production + +USER root diff --git a/examples/user-consul-nodejs/root/etc/services.d/app/run b/examples/user-consul-nodejs/root/etc/services.d/app/run index 6c58d9d..1b37c76 100755 --- a/examples/user-consul-nodejs/root/etc/services.d/app/run +++ b/examples/user-consul-nodejs/root/etc/services.d/app/run @@ -2,4 +2,4 @@ cd /app -exec node server.js; +exec s6-setuidgid nodejs node server.js; From 17050706d0e2346acf62187eb999ce86c41fb6dd Mon Sep 17 00:00:00 2001 From: Matthew Valimaki Date: Wed, 23 Mar 2016 09:00:37 -0700 Subject: [PATCH 4/4] Replace tabs. Signed-off-by: Matthew Valimaki --- alpine-consul-nodejs/Dockerfile | 2 +- alpine-nodejs/Dockerfile | 2 +- examples/user-consul-nginx-nodejs/Dockerfile | 2 +- examples/user-consul-nodejs/Dockerfile | 2 +- examples/user-consul-nodejs/run | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/alpine-consul-nodejs/Dockerfile b/alpine-consul-nodejs/Dockerfile index cd4a5b8..9f2bc13 100644 --- a/alpine-consul-nodejs/Dockerfile +++ b/alpine-consul-nodejs/Dockerfile @@ -2,7 +2,7 @@ FROM smebberson/alpine-consul-base:2.0.0 MAINTAINER Scott Mebberson ENV NODE_VERSION=v4.4.1 \ - NPM_VERSION=3 + NPM_VERSION=3 RUN apk add --update git curl make gcc g++ python linux-headers libgcc libstdc++ binutils-gold && \ curl -sSL https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}.tar.gz | tar -xz && \ diff --git a/alpine-nodejs/Dockerfile b/alpine-nodejs/Dockerfile index 77a982e..caeb97b 100644 --- a/alpine-nodejs/Dockerfile +++ b/alpine-nodejs/Dockerfile @@ -2,7 +2,7 @@ FROM smebberson/alpine-base:1.2.1 MAINTAINER Scott Mebberson ENV NODE_VERSION=v5.9.0 \ - NPM_VERSION=3 + NPM_VERSION=3 RUN apk add --update git curl make gcc g++ python linux-headers libgcc libstdc++ binutils-gold && \ curl -sSL https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}.tar.gz | tar -xz && \ diff --git a/examples/user-consul-nginx-nodejs/Dockerfile b/examples/user-consul-nginx-nodejs/Dockerfile index 23db5a2..c4145e3 100644 --- a/examples/user-consul-nginx-nodejs/Dockerfile +++ b/examples/user-consul-nginx-nodejs/Dockerfile @@ -2,7 +2,7 @@ FROM smebberson/alpine-consul-nginx-nodejs MAINTAINER Scott Mebberson ENV NODE_ENV=development \ - NODE_PORT=4000 + NODE_PORT=4000 # Add image source ADD root / diff --git a/examples/user-consul-nodejs/Dockerfile b/examples/user-consul-nodejs/Dockerfile index 5d98a62..c6b713f 100644 --- a/examples/user-consul-nodejs/Dockerfile +++ b/examples/user-consul-nodejs/Dockerfile @@ -2,7 +2,7 @@ FROM smebberson/alpine-consul-nodejs MAINTAINER Scott Mebberson ENV NODE_ENV=development \ - NODE_PORT=4000 + NODE_PORT=4000 # Add image source ADD root / diff --git a/examples/user-consul-nodejs/run b/examples/user-consul-nodejs/run index 0081bda..9d6814a 100755 --- a/examples/user-consul-nodejs/run +++ b/examples/user-consul-nodejs/run @@ -1,3 +1,3 @@ # run the user-consul-nodejs image -docker run --rm --name user-consul-nodejs --link user-consul:consul-agent -p 4000:4000 smebberson/user-consul-nodejs +docker run --rm --name user-consul-nodejs -p 4000:4000 smebberson/user-consul-nodejs