Enhance Dockerfile to create vector store and chat history directories with appropriate permissions, and run the application as a non-root user
Browse files- Dockerfile +11 -0
Dockerfile
CHANGED
|
@@ -9,6 +9,10 @@ RUN apt-get update && apt-get install -y \
|
|
| 9 |
software-properties-common \
|
| 10 |
&& rm -rf /var/lib/apt/lists/*
|
| 11 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12 |
# Copy requirements first to leverage Docker cache
|
| 13 |
COPY requirements.txt .
|
| 14 |
RUN pip install --no-cache-dir -r requirements.txt
|
|
@@ -16,8 +20,15 @@ RUN pip install --no-cache-dir -r requirements.txt
|
|
| 16 |
# Copy the rest of the application
|
| 17 |
COPY . .
|
| 18 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 19 |
# Make port 8000 available to the world outside this container
|
| 20 |
EXPOSE 8000
|
| 21 |
|
|
|
|
|
|
|
|
|
|
| 22 |
# Run the application
|
| 23 |
CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "8000"]
|
|
|
|
| 9 |
software-properties-common \
|
| 10 |
&& rm -rf /var/lib/apt/lists/*
|
| 11 |
|
| 12 |
+
# Create directory for vector store and set permissions
|
| 13 |
+
RUN mkdir -p /app/vector_store /app/chat_history && \
|
| 14 |
+
chmod 777 /app/vector_store /app/chat_history
|
| 15 |
+
|
| 16 |
# Copy requirements first to leverage Docker cache
|
| 17 |
COPY requirements.txt .
|
| 18 |
RUN pip install --no-cache-dir -r requirements.txt
|
|
|
|
| 20 |
# Copy the rest of the application
|
| 21 |
COPY . .
|
| 22 |
|
| 23 |
+
# Set permissions for the application directory
|
| 24 |
+
RUN chown -R 1000:1000 /app && \
|
| 25 |
+
chmod -R 755 /app
|
| 26 |
+
|
| 27 |
# Make port 8000 available to the world outside this container
|
| 28 |
EXPOSE 8000
|
| 29 |
|
| 30 |
+
# Run the application as non-root user
|
| 31 |
+
USER 1000
|
| 32 |
+
|
| 33 |
# Run the application
|
| 34 |
CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "8000"]
|