github/TREK
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

harden runtime config and automate first-run permissions

Browse Source 
Run the container as a non-root user in production to fail fast on insecure deployments. Add DEBUG env-based request/response logging for container diagnostics, and introduce a one-shot init-permissions service in docker-compose so fresh installs automatically fix data/uploads ownership for SQLite write access.
This commit is contained in:
fgbona
2026-03-30 13:19:01 -03:00
parent d04629605e
commit 10ebf46a98
4 changed files with 50 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docker-compose.yml
View File

@@ -1,7 +1,23 @@
services:
init-permissions:
image: alpine:3.20
container_name: trek-init-permissions
user: "0:0"
command: >
sh -c "mkdir -p /app/data /app/uploads &&
chown -R 1000:1000 /app/data /app/uploads &&
chmod -R u+rwX /app/data /app/uploads"
volumes:
- ./data:/app/data
- ./uploads:/app/uploads
restart: "no"
app:
image: mauriceboe/trek:latest
container_name: trek
depends_on:
init-permissions:
condition: service_completed_successfully
ports:
- "3000:3000"
environment: