From 64f101a2180d60f87752f12fb840e43aa8f9ac17 Mon Sep 17 00:00:00 2001 From: 53845714nF Date: Thu, 22 Aug 2024 16:13:47 +0200 Subject: [PATCH] Non root User in Dockerfile + New certs --- Readme.md | 4 ++-- src/Dockerfile | 15 +++++++++++---- src/letsencrypt.pem | 31 ------------------------------- 3 files changed, 13 insertions(+), 37 deletions(-) delete mode 100644 src/letsencrypt.pem diff --git a/Readme.md b/Readme.md index b432873..ea200db 100644 --- a/Readme.md +++ b/Readme.md @@ -49,10 +49,10 @@ And last but not least, since it is written in golang, you can export the projec ### 📂 Volume - `/etc/ssl/certs/` - You can map a volume with the certificates to `/etc/ssl/certs/` in the container. -This helps by problems with the SMTP Authentication. In default are only lets-encrypt certificates supported. +This helps by problems with the SMTP Authentication. Certificates from the Alpine package `ca-certificates` are supported by default. ## 📃 Docs -Please take a look at the GitHub Wiki tab there are sequence diagrams for the process (sign up, login) and a database model. +Please take a look at the GitHub [Wiki](https://github.com/53845714nF/hasura-jwt/wiki) tab there are sequence diagrams for the process (sign up, login) and a database model. ## 🤖 Similar Projects There is are similar project like this: diff --git a/src/Dockerfile b/src/Dockerfile index b078a2f..b77de50 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -1,15 +1,22 @@ -FROM golang:1.23.0-alpine3.20 AS build +FROM golang:1.23.0-alpine3.20 AS builder +ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64 + +RUN apk --no-cache add ca-certificates + WORKDIR /app COPY . . RUN go mod download -ENV CGO_ENABLED=0 GOOS=linux RUN go build -o hasura-jwt ./cmd/api-server FROM scratch + +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +USER 1001:1001 + WORKDIR /app -COPY --from=build /app/hasura-jwt hasura-jwt -COPY letsencrypt.pem /etc/ssl/certs/ +COPY --from=builder /app/hasura-jwt hasura-jwt +EXPOSE 3000 ENTRYPOINT ["./hasura-jwt"] \ No newline at end of file diff --git a/src/letsencrypt.pem b/src/letsencrypt.pem deleted file mode 100644 index b85c803..0000000 --- a/src/letsencrypt.pem +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw -TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh -cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 -WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu -ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY -MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc -h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ -0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U -A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW -T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH -B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC -B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv -KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn -OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn -jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw -qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI -rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV -HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq -hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL -ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ -3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK -NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 -ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur -TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC -jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc -oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq -4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA -mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d -emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= ------END CERTIFICATE-----