Non root User in Dockerfile + New certs

53845714nF · Aug 22, 2024 · 64f101a · 64f101a
1 parent 8220ca7
commit 64f101a
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 37 deletions.
diff --git a/Readme.md b/Readme.md
@@ -49,10 +49,10 @@ And last but not least, since it is written in golang, you can export the projec
 
 ### 📂 Volume
   - `/etc/ssl/certs/` - You can map a volume with the certificates to `/etc/ssl/certs/` in the container.
-This helps by problems with the SMTP Authentication. In default are only lets-encrypt certificates supported.
+This helps by problems with the SMTP Authentication. Certificates from the Alpine package `ca-certificates` are supported by default.
 
 ## 📃 Docs
-Please take a look at the GitHub Wiki tab there are sequence diagrams for the process (sign up, login) and a database model.
+Please take a look at the GitHub [Wiki](https://github.com/53845714nF/hasura-jwt/wiki) tab there are sequence diagrams for the process (sign up, login) and a database model.
 
 ## 🤖 Similar Projects
 There is are similar project like this:

diff --git a/src/Dockerfile b/src/Dockerfile
@@ -1,15 +1,22 @@
-FROM golang:1.23.0-alpine3.20 AS build
+FROM golang:1.23.0-alpine3.20 AS builder
+ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64
+
+RUN apk --no-cache add ca-certificates
+
 WORKDIR /app
 COPY . .
 
 RUN go mod download
 
-ENV CGO_ENABLED=0 GOOS=linux
 RUN go build -o hasura-jwt ./cmd/api-server
 
 FROM scratch
+
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+USER 1001:1001
+
 WORKDIR /app
-COPY --from=build /app/hasura-jwt hasura-jwt
-COPY letsencrypt.pem /etc/ssl/certs/
+COPY --from=builder /app/hasura-jwt hasura-jwt
 
+EXPOSE 3000
 ENTRYPOINT ["./hasura-jwt"]
diff --git a/src/letsencrypt.pem b/src/letsencrypt.pem