diff --git a/Dockerfile b/Dockerfile index 64721ee..96735b1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,12 +48,13 @@ FROM alpine:3 WORKDIR /app -# Install runtime dependencies +# Install runtime dependencies including su-exec for user switching RUN apk add --no-cache \ ca-certificates \ wget \ ffmpeg \ - libheif + libheif \ + su-exec # Copy backend binary COPY --from=backend-builder /app/sbv . @@ -61,15 +62,24 @@ COPY --from=backend-builder /app/sbv . # Copy frontend build COPY --from=frontend-builder /app/frontend/dist ./frontend/dist +# Copy entrypoint script +COPY docker-entrypoint.sh /usr/local/bin/ +RUN chmod +x /usr/local/bin/docker-entrypoint.sh + # Create data directory for database RUN mkdir -p /data # Set environment variables -ENV PORT=8081 -ENV DB_PATH_PREFIX=/data +ENV PORT=8081 \ + DB_PATH_PREFIX=/data \ + PUID=1000 \ + PGID=1000 # Expose port EXPOSE 8081 +# Use entrypoint to handle user switching +ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] + # Run the application CMD ["./sbv"] diff --git a/README.md b/README.md index 02b390a..16baf3a 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,8 @@ Run the latest stable version: docker run -d \ -p 8081:8081 \ -v $(pwd)/data:/data \ + -e PUID=1000 \ + -e PGID=1000 \ ghcr.io/lowcarbdev/sbv:stable ``` @@ -26,6 +28,9 @@ services: - "8081:8081" volumes: - ./data:/data + environment: + - PUID=1000 + - PGID=1000 restart: unless-stopped ``` @@ -47,6 +52,13 @@ services: - **Frontend**: React with Vite and Bootstrap CSS - **Database**: SQLite (stores messages, including media as BLOBs) +## Environment Variables + +- `PUID` - User ID to run the application as (default: `1000`) +- `PGID` - Group ID to run the application as (default: `1000`) + +**Note on PUID/PGID**: Setting these to match your host user ensures that files created in the mounted volume have the desired permissions. Find your UID/GID with `id -u` and `id -g`. + ## Data Persistence The Docker setup uses a bind mount to persist the database: diff --git a/compose.yaml b/compose.yaml index 662b450..dc41ec2 100644 --- a/compose.yaml +++ b/compose.yaml @@ -13,6 +13,8 @@ services: environment: - PORT=8081 - DB_PATH_PREFIX=/data + - PUID=1000 + - PGID=1000 restart: unless-stopped healthcheck: test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8081/api/health"] diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh new file mode 100644 index 0000000..3af2fc9 --- /dev/null +++ b/docker-entrypoint.sh @@ -0,0 +1,34 @@ +#!/bin/sh +set -e + +# Default UID and GID if not specified +PUID="${PUID:-1000}" +PGID="${PGID:-1000}" + +# Create group if it doesn't exist +if ! getent group sbv >/dev/null 2>&1; then + addgroup -g "${PGID}" sbv +fi + +# Create user if it doesn't exist +if ! getent passwd sbv >/dev/null 2>&1; then + adduser -D -u "${PUID}" -G sbv sbv +fi + +# Ensure the user has the correct UID/GID +if [ "$(id -u sbv)" != "${PUID}" ] || [ "$(id -g sbv)" != "${PGID}" ]; then + deluser sbv >/dev/null 2>&1 || true + delgroup sbv >/dev/null 2>&1 || true + addgroup -g "${PGID}" sbv + adduser -D -u "${PUID}" -G sbv sbv +fi + +# Ensure data directory exists and has correct permissions +mkdir -p "${DB_PATH_PREFIX:-/data}" +chown -R sbv:sbv "${DB_PATH_PREFIX:-/data}" + +# Log the user we're running as +echo "Running as UID=${PUID} GID=${PGID}" + +# Switch to the sbv user and execute the application +exec su-exec sbv "$@"