ARG PY_VER=3.10 # Default user is 'luminlab' with uid 1000, gid 1000 FROM python:${PY_VER} as lean # Install nginx and give permissions to 'luminlab' # See https://www.rockyourcode.com/run-docker-nginx-as-non-root-user/ RUN apt-get -y update && apt-get -y install nginx # Set up a new user named "luminlab" with user ID 1000 RUN useradd -m -u 1000 luminlab # groupadd luminlab &&\ # usermod -aG luminlab luminlab RUN mkdir -p /var/cache/nginx \ /var/log/nginx \ /var/lib/nginx RUN touch /var/run/nginx.pid # RUN touch /run/nginx.pid RUN chown -R luminlab /var/cache/nginx \ /var/log/nginx \ /var/lib/nginx \ /var/run/nginx.pid # RUN chmod 777 /var/cache/nginx /var/run /var/log/nginx # COPY --chown=luminlab .nginx/nginx.conf /etc/nginx/conf.d/default.conf COPY --chown=luminlab .nginx/nginx.conf /etc/nginx/nginx.conf # # Set home to the user's home directory # ENV HOME=/home/luminlab \ # PATH=/home/luminlab/.local/bin:$PATH # # Set the working directory to the user's home directory # WORKDIR $HOME/app # syntax=docker/dockerfile:1.4 # ENV HOME=/home/luminlab \ # PATH=/home/luminlab/.local/bin:$PATH # RUN mkdir $HOME/app # 1. For build React app FROM node:16-slim AS node # Set working directory WORKDIR /app # COPY package.json /app/package.json COPY package-lock.json /app/package-lock.json # Same as npm install RUN npm ci # COPY --chown=luminlab:luminlab . . ENV CI=true ENV PORT=3000 # CMD [ "npm", "start" ] # FROM development AS build # RUN npm run build # Install dependencies and build app as non-root # USER luminlab # ENV HOME=/home/luminlab \ # PATH=/home/luminlab/.local/bin:$PATH # RUN mkdir $HOME/app # WORKDIR $HOME/app # COPY --chown=pn requirements.txt requirements.txt # RUN pip install --no-cache-dir -r requirements.txt # # Copy nginx configuration # COPY --chown=luminlab nginx.conf /etc/nginx/sites-available/default # COPY --chown=luminlab . . USER luminlab:luminlab FROM lean AS prod # Copy config nginx # COPY --chown=luminlab:luminlab --from=dev /var/cache/nginx /var/cache/nginx # COPY --chown=luminlab:luminlab --from=dev /var/log/nginx /var/log/nginx # COPY --chown=luminlab:luminlab --from=dev /var/lib/nginx /var/lib/nginx COPY --chown=luminlab --from=node /app ./app # Remove default nginx static assets # RUN rm -rf ./* # WORKDIR /usr/share/nginx/html WORKDIR /app # Copy static assets from builder stage # RUN chown -R luminlab:luminlab /var # Switch to the "user" user # ENTRYPOINT ["sh", "run_hf.sh"] ENTRYPOINT ["/bin/bash", "run_hf.sh"] # ENTRYPOINT ["nginx", "-g", "daemon off;"]