diff --git a/Dockerfile b/Dockerfile index 83080de2..1d6ee6a9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,14 +11,21 @@ FROM alpine:latest LABEL maintainer="AdGuard Team " # Update CA certs -RUN apk --no-cache --update add ca-certificates && \ - rm -rf /var/cache/apk/* && mkdir -p /opt/adguardhome +RUN apk --no-cache --update add ca-certificates libcap && \ + rm -rf /var/cache/apk/* && mkdir -p /opt/adguardhome/conf /opt/adguardhome/work COPY --from=build /src/AdGuardHome/AdGuardHome /opt/adguardhome/AdGuardHome +RUN chown -R nobody: /opt/adguardhome \ + && setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome + EXPOSE 53/tcp 53/udp 67/tcp 67/udp 68/tcp 68/udp 80/tcp 443/tcp 853/tcp 853/udp 3000/tcp VOLUME ["/opt/adguardhome/conf", "/opt/adguardhome/work"] +WORKDIR /opt/adguardhome/work + +USER nobody + ENTRYPOINT ["/opt/adguardhome/AdGuardHome"] -CMD ["-c", "/opt/adguardhome/conf/AdGuardHome.yaml", "-w", "/opt/adguardhome/work"] \ No newline at end of file +CMD ["-c", "/opt/adguardhome/conf/AdGuardHome.yaml", "-w", "/opt/adguardhome/work"] diff --git a/Dockerfile.travis b/Dockerfile.travis index 327ccb8d..3a4ba640 100644 --- a/Dockerfile.travis +++ b/Dockerfile.travis @@ -2,15 +2,22 @@ FROM alpine:latest LABEL maintainer="AdGuard Team " # Update CA certs -RUN apk --no-cache --update add ca-certificates && \ - rm -rf /var/cache/apk/* && mkdir -p /opt/adguardhome +RUN apk --no-cache --update add ca-certificates libcap && \ + rm -rf /var/cache/apk/* && mkdir -p /opt/adguardhome/conf /opt/adguardhome/work COPY ./AdGuardHome /opt/adguardhome/AdGuardHome +RUN chown -R nobody: /opt/adguardhome \ + && setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome + EXPOSE 53/tcp 53/udp 67/tcp 67/udp 68/tcp 68/udp 80/tcp 443/tcp 853/tcp 853/udp 3000/tcp VOLUME ["/opt/adguardhome/conf", "/opt/adguardhome/work"] +WORKDIR /opt/adguardhome/work + +USER nobody + ENTRYPOINT ["/opt/adguardhome/AdGuardHome"] CMD ["-h", "0.0.0.0", "-c", "/opt/adguardhome/conf/AdGuardHome.yaml", "-w", "/opt/adguardhome/work"]