From 5135ffe4c6163fe64bda07f96206f6360fddd299 Mon Sep 17 00:00:00 2001 From: Vylyne <94922829+Vylyne@users.noreply.github.com> Date: Tue, 17 Feb 2026 10:15:50 -0500 Subject: [PATCH] Moved to a non-root model. - Added buildargs to specify the User ID and Group IDs. - entrypoint now defaults to running as 1000:1000 rather then 0:0. --- Dockerfile | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 816bdd3c3..37f1879a3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,9 @@ +# globally defining Arguments and Defaults ARG NUSQLITE3_DIR="/usr/local/lib/nusqlite3" ARG NUSQLITE3_PATH="${NUSQLITE3_DIR}/libnusqlite3.so" +# default Process user id and group id +ARG PUID=1000 +ARG PGID=1000 ### STAGE 0: Build client ### FROM node:20-alpine AS build-client @@ -25,7 +29,7 @@ RUN apk add --no-cache --update \ unzip WORKDIR /server -COPY index.js package* /server +COPY index.js package* /server/ COPY /server /server/server RUN case "$TARGETPLATFORM" in \ @@ -45,19 +49,28 @@ FROM node:20-alpine ARG NUSQLITE3_DIR ARG NUSQLITE3_PATH +ARG PUID +ARG PGID # Install only runtime dependencies RUN apk add --no-cache --update \ tzdata \ ffmpeg \ - tini + tini \ + shadow \ + && groupmod -g ${PGID} -n audiobookshelf node\ + && usermod -u ${PUID} -l audiobookshelf -d /home/audiobookshelf -m node \ + && apk del shadow \ + && mkdir -p /config /metadata \ + && chown -R audiobookshelf:audiobookshelf /config /metadata \ + && chmod a=rwx /config /metadata WORKDIR /app # Copy compiled frontend and server from build stages -COPY --from=build-client /client/dist /app/client/dist -COPY --from=build-server /server /app -COPY --from=build-server ${NUSQLITE3_PATH} ${NUSQLITE3_PATH} +COPY --chmod=755 --from=build-client /client/dist /app/client/dist +COPY --chmod=755 --from=build-server /server /app +COPY --chmod=755 --from=build-server ${NUSQLITE3_PATH} ${NUSQLITE3_PATH} EXPOSE 80 @@ -69,5 +82,6 @@ ENV SOURCE="docker" ENV NUSQLITE3_DIR=${NUSQLITE3_DIR} ENV NUSQLITE3_PATH=${NUSQLITE3_PATH} +USER audiobookshelf ENTRYPOINT ["tini", "--"] CMD ["node", "index.js"]