use gosu to fix /data permissions errors

pull/513/head
Florent Poinsaut 2018-04-15 22:28:05 +02:00 committed by Chocobozzz
parent 864e782bc2
commit 399d20eae6
3 changed files with 57 additions and 15 deletions

View File

@ -50,18 +50,6 @@ balancer, although any HTTP reverse proxy will work fine. See the example
Nginx configuration `support/nginx/peertube` file to get an idea of
recommendations and requirements to run PeerTube the most efficiently.
When starting the containers for the first time, you will get permissions errors for the data volume, like this one:
```
Error: EACCES: permission denied, mkdir '/data/logs'
```
The peertube user inside the container has a UID and GID of 991 so you have to change the folder's owner, in the case you're using `./data`:
```
chown -R 991:991 data/
```
**Important**: note that you'll get the initial `root` user password from the
program output, so check out your logs to find them.

View File

@ -1,13 +1,45 @@
FROM node:8-stretch
RUN set -ex; \
if ! command -v gpg > /dev/null; then \
apt-get update; \
apt-get install -y --no-install-recommends \
gnupg \
dirmngr \
; \
rm -rf /var/lib/apt/lists/*; \
fi
# Install dependencies
RUN apt-get update \
&& apt-get -y install ffmpeg \
&& rm /var/lib/apt/lists/* -fR
# Add peertube user
RUN groupadd -g 991 peertube \
&& useradd -u 991 -g peertube -m peertube
RUN groupadd -r peertube \
&& useradd -r -g peertube -m peertube
# grab gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.10
RUN set -ex; \
\
fetchDeps='ca-certificates wget'; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
rm -rf /var/lib/apt/lists/*; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
export GNUPGHOME="$(mktemp -d)"; \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \
chmod +x /usr/local/bin/gosu; \
gosu nobody true; \
\
apt-get purge -y --auto-remove wget
# Download the latest version
RUN git clone https://github.com/Chocobozzz/PeerTube /app \
@ -25,7 +57,13 @@ RUN cp /app/config/default.yaml /app/support/docker/production/config/default.ya
ENV NODE_ENV production
ENV NODE_CONFIG_DIR /app/support/docker/production/config
USER root
RUN mkdir /data && chown peertube:peertube /data
VOLUME /data
COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]
# Run the application
CMD ["npm", "start"]
VOLUME ["/data"]
EXPOSE 9000

View File

@ -0,0 +1,16 @@
#!/bin/sh
set -e
# first arg is `-f` or `--some-option`
# or first arg is `something.conf`
if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then
set -- npm "$@"
fi
# allow the container to be started with `--user`
if [ "$1" = 'npm' -a "$(id -u)" = '0' ]; then
chown -R peertube: /data
exec gosu peertube "$0" "$@"
fi
exec "$@"