From e6ebb4e1511229c83a56c0751affb04ff1c9cf91 Mon Sep 17 00:00:00 2001 From: Simone Locci Date: Wed, 27 Aug 2025 18:51:24 +0200 Subject: [PATCH] Improve docker security --- Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Dockerfile b/Dockerfile index 5c1f091..6ba6581 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,8 @@ FROM python:3.13-slim AS builder LABEL maintainer="Simone Locci " +RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser + WORKDIR /build RUN pip install --no-cache-dir poetry COPY pyproject.toml poetry.lock ./ @@ -16,9 +18,12 @@ ENV PYTHONDONTWRITEBYTECODE=1 \ WORKDIR /app COPY --from=builder /usr/local/lib/python3.13/site-packages /usr/local/lib/python3.13/site-packages COPY --from=builder /usr/local/bin /usr/local/bin +COPY --from=builder /etc/passwd /etc/passwd +COPY --from=builder /etc/group /etc/group COPY app ./app COPY log_config.yml . EXPOSE 8000 +USER appuser CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000", "--log-config", "log_config.yml"]