diff --git a/Dockerfile b/Dockerfile index fb69f0d..d26eee4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,13 +18,20 @@ RUN touch ${DATA_PATH}/pv-groups.json && \ # Generate unicode locale so that cyrillic characters display properly RUN apt-get update -y && apt-get install -y locales && \ echo en_US.UTF-8 UTF-8 > /etc/locale.gen && \ - dpkg-reconfigure --frontend=noninteractive locales + dpkg-reconfigure --frontend=noninteractive locales && \ + rm -Rf var/lib/apt/lists/* ENV LANG en_US.UTF-8 VOLUME ${DATA_PATH} +EXPOSE 25565/tcp + + +ENV GID=988 +ENV UID=999 + ENV MEMORY=4G ENV PROXY_SECRET=00000000-0000-0000-0000-000000000000 @@ -60,13 +67,19 @@ ENV SONAR_DB_NAME=sonar_db ENV SONAR_DB_USERNAME=sonar ENV SONAR_DB_PASSWORD=0000 -WORKDIR ${WORKDIR_PATH}/config -EXPOSE 25565/tcp +WORKDIR ${WORKDIR_PATH}/config # TODO: Make awk commands sapn multiple lines # TODO: Use one call to awk to perform substitutions CMD \ + # Create and switch to user with desired UID and GID. + # All processes that create/change files in ${DATA_PATH} + # must be run under this user. + groupadd -g ${GID} worker && \ + useradd -M -g ${GID} -u ${UID} worker && \ + chmod -R o-rwx ${WORKDIR_PATH} && \ + # Add proxy secret sed -i "s/_PROXY_SECRET_/${PROXY_SECRET}/g" forwarding.secret && \ @@ -115,4 +128,7 @@ CMD \ sed -i "s/_SONAR_DB_USERNAME_/${SONAR_DB_USERNAME}/g" plugins/sonar/config.yml && \ sed -i "s/_SONAR_DB_PASSWORD_/${SONAR_DB_PASSWORD}/g" plugins/sonar/config.yml && \ - java -Xms${MEMORY} -Xmx${MEMORY} -XX:+UseG1GC -XX:G1HeapRegionSize=4M -XX:+UnlockExperimentalVMOptions -XX:+ParallelRefProcEnabled -XX:+AlwaysPreTouch -XX:MaxInlineLevel=15 -jar *.jar + # Change UID and GID of used files to desired values. + chown -R worker:worker ${WORKDIR_PATH} && \ + + su worker -c "java -Xms${MEMORY} -Xmx${MEMORY} -XX:+UseG1GC -XX:G1HeapRegionSize=4M -XX:+UnlockExperimentalVMOptions -XX:+ParallelRefProcEnabled -XX:+AlwaysPreTouch -XX:MaxInlineLevel=15 -jar *.jar"