Merge pull request #643 from turbo124/debian

Updates for permission handling in the container
invoiceninja · Nov 23, 2024 · 4431abc · 4431abc
2 parents 34e5043 + d05e55a
commit 4431abc
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 12 deletions.
diff --git a/debian/Dockerfile b/debian/Dockerfile
@@ -127,6 +127,9 @@ RUN set -eux; \
     rm -f /tmp/ninja.tar && \
     chown -R www-data:www-data /var/www/html
 
+# After setting permissions, switch to www-data for remaining operations
+USER www-data
+
 # Install dependencies
 RUN composer install --no-dev --no-scripts --no-autoloader
 
@@ -137,6 +140,8 @@ RUN composer dump-autoload --optimize \
     && php artisan config:cache \
     && php artisan route:cache
 
+USER root
+
 # Setup supervisor
 COPY supervisor/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 
@@ -157,24 +162,27 @@ RUN mkdir -p \
     /var/www/html/storage/framework/sessions \
     /var/www/html/storage/framework/views \
     /var/www/html/storage/logs \
-    /var/www/html/public/uploads \
+    /var/www/html/public/storage \
     /var/run \
     /var/log/supervisor 
 
 # Set permissions
 RUN chown -R www-data:www-data \
     /var/www/html/storage \
     /var/www/html/bootstrap/cache \
-    /var/www/html/public/uploads \
+    /var/www/html/public/storage \
     /var/run \
     /var/log/supervisor \
     && chmod -R 775 \
-        /var/www/html/public/uploads \
+        /var/www/html/public/storage \
         /var/www/html/storage \
         /var/www/html/bootstrap/cache \
         /var/run \
         /var/log/supervisor 
 
+# Switch to www-data for runtime
+USER www-data
+
 # Health check
 HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \
     CMD php -v || exit 1

diff --git a/debian/docker-compose.yml b/debian/docker-compose.yml
@@ -16,7 +16,8 @@ services:
       - ./.env:/var/www/html/.env  
       - app_storage:/var/www/html/storage
       - app_cache:/var/www/html/bootstrap/cache
-      - public_files:/var/www/html/public  
+      - public_storage:/var/www/html/public/storage
+    user: www-data:www-data 
 
     networks:
       - app-network
@@ -39,10 +40,9 @@ services:
     volumes:
       - ./nginx/conf.d:/etc/nginx/conf.d:ro
       - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
-      - type: volume
-        source: public_files
-        target: /var/www/html/public
-        read_only: true
+    volumes_from:
+      - app
+
     networks:
       - app-network
     depends_on:
@@ -103,13 +103,11 @@ networks:
 volumes:
   app_storage:
     driver: local
-  app_public:
-    driver: local
   app_cache:
     driver: local
+  public_storage:
+    driver: local  # Persistent storage for user files
   mysql_data:
     driver: local
   redis_data:
-    driver: local
-  public_files:  
     driver: local