Skip to content

Commit bcc676d

Browse files
Amelie-ArtmannAmelie-Artmann
committed
harden docker container
1 parent 7d7eba1 commit bcc676d

2 files changed

Lines changed: 13 additions & 1 deletion

File tree

Dockerfile

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,22 @@
11
FROM python:3.11-slim
22

3+
# create non-root user
4+
RUN useradd -m appuser
5+
36
WORKDIR /rag
47

58
COPY requirements.txt .
69
RUN pip install --no-cache-dir -r requirements.txt
710

811
COPY . .
912

13+
RUN chown -R appuser:appuser /rag
14+
15+
# switch to non-root user
16+
USER appuser
17+
18+
# healthcheck
19+
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
20+
CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:5000')" || exit 1
21+
1022
CMD ["python3", "-m", "app.api.testing_server"]

app/api/testing_server.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -154,4 +154,4 @@ def vote():
154154

155155
if __name__ == "__main__":
156156
prepare_pairs()
157-
app.run(host="0.0.0.0", port=5000, debug=True)
157+
app.run(host="0.0.0.0", port=5000, debug=False)

0 commit comments

Comments
 (0)