curo/Business-Management
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Align all app containers to UID 1001, add infra protocol, update README

Browse Source 
- frontend prod: USER root for adduser, then USER appuser (1001:1001); fixes
  build failure caused by nginx-unprivileged already setting USER nginx
- docker-compose: frontend user updated to 1001:1001 (was 101:101)
- CLAUDE.md: add infrastructure change protocol (update README + test both
  stacks after any Dockerfile/compose/nginx change); fix stale passlib ref
- README: container table shows nginx-unprivileged image, UID column, internal
  port 8080 note; Current State notes all containers run as non-root

Both dev and prod stacks tested and verified (health, login, /users/me,
frontend serving, all containers confirmed non-root via docker inspect).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
curo1305
2026-04-13 17:29:02 +02:00
parent a5baef73d9
commit e117a33a73
5 changed files with 49 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
changelog/2026-04-13_rootless-containers.md
+18 -1
View File
@@ -15,7 +15,24 @@ All containers now run as non-root users with explicit UID:GID assignments enfor
| `frontend` (prod) | `nginx` | `101:101` | Switched to `nginxinc/nginx-unprivileged:alpine`; listens on 8080 |
| `frontend` (dev) | `appuser` | `1001:1001` | Created via `adduser` in builder stage |
## Files Modified
# 2026-04-13 — Frontend prod UID 1001, infra change protocol, README update
**Timestamp:** 2026-04-13T01:00:00
## Summary
Aligned frontend prod container to UID 1001 (same as all other app containers), added infrastructure change protocol to CLAUDE.md, updated README with container table and rootless note. Both dev and prod stacks verified working.
## Files Modified (this entry)
- `frontend/Dockerfile` — prod stage: added `USER root` + `addgroup`/`adduser` for appuser 1001:1001, `USER appuser`; removed stale 101 reference
- `docker-compose.yml` — frontend `user:` updated from `"101:101"` to `"1001:1001"`
- `CLAUDE.md` — added Infrastructure change protocol section; fixed stale passlib reference in stack table
- `README.md` — updated container table with `nginxinc/nginx-unprivileged:alpine`, UID columns, internal port note; added rootless note to Current State
---
## Files Modified (previous entry)
- `backend/Dockerfile` — added `groupadd`/`useradd` for appuser (1001:1001), `--chown` on all `COPY` directives, `USER appuser`
- `frontend/Dockerfile` — builder stage: added `addgroup`/`adduser` for appuser (1001:1001), `USER appuser`; prod stage: switched to `nginxinc/nginx-unprivileged:alpine`, `EXPOSE 8080`