Merge pull request #314 from CodeForPhilly/uwsgi_user

Add a 'paws' user to secure web server

Author: c-simpson

src/server/Dockerfile

@@ -41,5 +41,8 @@ RUN chmod +x  bin/startServer.sh
 # RUN ufw allow 5000
 WORKDIR /app
 
+RUN useradd -m pawsapp
+USER pawsapp
+
 CMD bin/startServer.sh
 #>> start.log 2>&1 

src/server/bin/startServer.sh

@@ -11,4 +11,4 @@ echo "SLEEPING.. WAITING FOR DB"; sleep 5; echo "WAKING"; alembic upgrade head;
 
 # --no-reload prevents Flask restart, which usually happens in middle of create_base_users()
 #TODO: SECURITY - ensure we are not running in debug mode in production
-uwsgi --http-socket :5000 --plugin python38 --module wsgi:app --chdir /app --pythonpath . --processes 2 --threads 4
+uwsgi --http-socket :5000 --plugin python38 --module wsgi:app --chdir /app --pythonpath . --processes 2 --threads 4 --master