From a9f6cf4c886372cf641c94552c0e9549313d3d7f Mon Sep 17 00:00:00 2001
From: DM <deemox@gmail.com>
Date: Thu, 12 Dec 2024 07:47:43 -0800
Subject: [PATCH] Change Dockerfile to run app under non-root user

---
 Dockerfile | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 1942fe053f..1985cbba61 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,9 +1,20 @@
 FROM alpine:3.18
 
-RUN apk --no-cache upgrade && apk --no-cache add ca-certificates
+ARG USER=centrifugo
+ARG UID=1000
+ARG GID=1000
 
-COPY centrifugo /usr/local/bin/centrifugo 
+RUN addgroup -S -g $GID $USER && \
+    adduser -S -G $USER -u $UID $USER
+
+RUN apk --no-cache upgrade && \
+    apk --no-cache add ca-certificates && \
+    update-ca-certificates
+
+USER $USER
 
 WORKDIR /centrifugo
 
+COPY centrifugo /usr/local/bin/centrifugo
+
 CMD ["centrifugo"]