Skip to content

Commit f957839

Browse files
EventyretEventyret
authored
Merge pull request #76 from strapi-community/feature/security-dockerfiles
Feature/security dockerfiles
2 parents 0dc2b7d + 8e232fc commit f957839

File tree

2 files changed

+48
-54
lines changed

2 files changed

+48
-54
lines changed

templates/Dockerfile-prod.liquid

Lines changed: 23 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -1,53 +1,43 @@
1-
{%- if packageManager == "yarn" %}
1+
# Creating multi-stage build for production
22
FROM node:16-alpine as build
3-
# Installing libvips-dev for sharp Compatability
43
RUN apk update && apk add --no-cache build-base gcc autoconf automake zlib-dev libpng-dev vips-dev > /dev/null 2>&1
54
ARG NODE_ENV=production
65
ENV NODE_ENV=${NODE_ENV}
7-
WORKDIR /opt/
8-
COPY ./package.json ./yarn.lock ./
9-
ENV PATH /opt/node_modules/.bin:$PATH
10-
RUN yarn config set network-timeout 600000 -g && yarn install --production
11-
WORKDIR /opt/app
12-
COPY ./ .
13-
RUN yarn build
146

15-
FROM node:16-alpine
16-
RUN apk add --no-cache vips-dev
17-
ARG NODE_ENV=production
18-
ENV NODE_ENV=${NODE_ENV}
197
WORKDIR /opt/
20-
COPY --from=build /opt/node_modules ./node_modules
21-
ENV PATH /opt/node_modules/.bin:$PATH
22-
WORKDIR /opt/app
23-
COPY --from=build /opt/app ./
24-
EXPOSE 1337
25-
CMD ["yarn", "start"]
26-
8+
{%- if packageManager == "yarn" %}
9+
COPY package.json yarn.lock ./
10+
RUN yarn config set network-timeout 600000 -g && yarn install --production
2711
{%- else %}
28-
FROM node:16-alpine as build
29-
# Installing libvips-dev for sharp Compatability
30-
RUN apk update && apk add --no-cache build-base gcc autoconf automake zlib-dev libpng-dev vips-dev > /dev/null 2>&1
31-
ARG NODE_ENV=production
32-
ENV NODE_ENV=${NODE_ENV}
33-
WORKDIR /opt/
34-
COPY ./package.json ./package-lock.json ./
12+
COPY package.json package-lock.json ./
13+
RUN npm config set network-timeout 600000 -g && npm install --only=production
14+
{%- endif %}
3515
ENV PATH /opt/node_modules/.bin:$PATH
36-
RUN npm install --production
3716
WORKDIR /opt/app
38-
COPY ./ .
17+
COPY . .
18+
{%- if packageManager == "yarn" %}
19+
RUN yarn build
20+
{%- else %}
3921
RUN npm run build
22+
{%- endif %}
4023

24+
# Creating final production image
4125
FROM node:16-alpine
42-
# Installing libvips-dev for sharp Compatability
26+
RUN addgroup -g 1001 strapi && adduser -u 1001 -G strapi -s /bin/sh -D strapi
4327
RUN apk add --no-cache vips-dev
4428
ARG NODE_ENV=production
4529
ENV NODE_ENV=${NODE_ENV}
4630
WORKDIR /opt/
4731
COPY --from=build /opt/node_modules ./node_modules
48-
ENV PATH /opt/node_modules/.bin:$PATH
4932
WORKDIR /opt/app
5033
COPY --from=build /opt/app ./
34+
ENV PATH /opt/node_modules/.bin:$PATH
35+
36+
RUN chown -R strapi:strapi /opt/app
37+
USER strapi
5138
EXPOSE 1337
52-
CMD ["npm", "run","start"]
53-
{% endif %}
39+
{%- if packageManager == "yarn" %}
40+
CMD ["yarn", "start"]
41+
{%- else %}
42+
CMD ["npm", "run", "start"]
43+
{%- endif %}

templates/Dockerfile.liquid

Lines changed: 25 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,31 +1,35 @@
1-
{%- if packageManager == "yarn" %}
21
FROM node:16-alpine
3-
# Installing libvips-dev for sharp Compatability
2+
# Installing libvips-dev for sharp Compatibility
43
RUN apk update && apk add --no-cache build-base gcc autoconf automake zlib-dev libpng-dev nasm bash vips-dev
54
ARG NODE_ENV=development
65
ENV NODE_ENV=${NODE_ENV}
7-
WORKDIR /opt/
8-
COPY ./package.json ./yarn.lock ./
6+
RUN addgroup -g 1001 strapi && adduser -u 1001 -G strapi -s /bin/sh -D strapi
7+
8+
WORKDIR /opt/{%- if packageManager == "yarn" %}
9+
COPY package.json yarn.lock ./
10+
{%- else %}
11+
COPY package.json package-lock.json ./
12+
{% endif %}
913
ENV PATH /opt/node_modules/.bin:$PATH
10-
RUN yarn config set network-timeout 600000 -g && yarn install
14+
RUN chown -R strapi:strapi /opt/
15+
USER strapi{%- if packageManager == "yarn" %}
16+
COPY package.json yarn.lock ./
17+
RUN yarn config set network-timeout 600000 -g && yarn install
18+
{%- else %}
19+
COPY package.json package-lock.json ./
20+
RUN npm config set network-timeout 600000 -g && npm install
21+
{%- endif %}
22+
1123
WORKDIR /opt/app
12-
COPY ./ .
13-
RUN yarn build
24+
COPY . .
25+
{%- if packageManager == "yarn" %}
26+
RUN ["yarn", "build"]
27+
{%- else %}
28+
RUN ["npm", "run", "build"]
29+
{%- endif %}
1430
EXPOSE 1337
31+
{%- if packageManager == "yarn" %}
1532
CMD ["yarn", "develop"]
1633
{%- else %}
17-
FROM node:16-alpine
18-
# Installing libvips-dev for sharp Compatability
19-
RUN apk update && apk add --no-cache build-base gcc autoconf automake zlib-dev libpng-dev nasm bash vips-dev
20-
ARG NODE_ENV=development
21-
ENV NODE_ENV=${NODE_ENV}
22-
WORKDIR /opt/
23-
COPY ./package.json ./package-lock.json ./
24-
ENV PATH /opt/node_modules/.bin:$PATH
25-
RUN npm install
26-
WORKDIR /opt/app
27-
COPY ./ .
28-
RUN npm run build
29-
EXPOSE 1337
3034
CMD ["npm", "run", "develop"]
31-
{% endif %}
35+
{% endif %}

0 commit comments

Comments
 (0)