#237 - Minor suggestions to improve the container image

- use system ca certs
medizininformatik-initiative · Nov 15, 2023 · 584107b · 584107b
1 parent 54ab1df
commit 584107b
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 7 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -13,17 +13,12 @@ ENV FEASIBILITY_DATABASE_HOST="feasibility-network"
 ENV FEASIBILITY_DATABASE_PORT=5432
 ENV FEASIBILITY_DATABASE_USER=postgres
 ENV FEASIBILITY_DATABASE_PASSWORD=password
-ENV CERTIFICATE_PATH=/opt/codex-feasibility-backend/certs
-ENV TRUSTSTORE_PATH=/opt/codex-feasibility-backend/truststore
-ENV TRUSTSTORE_FILE=self-signed-truststore.jks
 
 RUN mkdir logging && \
-    mkdir -p $CERTIFICATE_PATH $TRUSTSTORE_PATH && \
-    chown -R 10001:10001 /opt/codex-feasibility-backend && \
-    chown 10001:10001 $CERTIFICATE_PATH $TRUSTSTORE_PATH
+    chown -R 10001:10001 /opt/codex-feasibility-backend
 USER 10001
 
 HEALTHCHECK --interval=5s --start-period=10s CMD curl -s -f http://localhost:8090/actuator/health || exit 1
 
 COPY ./docker-entrypoint.sh /
-ENTRYPOINT ["/bin/bash", "/docker-entrypoint.sh"]
+ENTRYPOINT ["java","-jar","feasibility-gui-backend.jar"]
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -8,6 +8,7 @@ services:
     depends_on:
       - feasibility-db
     environment:
+      USE_SYSTEM_CA_CERTS: 1
       SPRING_DATASOURCE_URL: ${CODEX_FEASIBILITY_BACKEND_DATASOURCE_URL:-jdbc:postgresql://feasibility-db:5432/codex_ui?currentSchema=codex}
       SPRING_DATASOURCE_USERNAME: ${CODEX_FEASIBILITY_BACKEND_DATASOURCE_USERNAME:-codex-postgres}
       SPRING_DATASOURCE_PASSWORD: ${CODEX_FEASIBILITY_BACKEND_DATASOURCE_PASSWORD:-codex-password}
@@ -70,6 +71,7 @@ services:
       - ${CODEX_FEASIBILITY_BACKEND_LOCAL_TERM_CODE_MAPPING_PATH:-./ontology/codex-term-code-mapping.json}:${CODEX_FEASIBILITY_BACKEND_ONTOLOGY_FILES_FOLDER:-/opt/codex-feasibility-backend/ontology}/codex-term-code-mapping.json
       - ${CODEX_FEASIBILITY_BACKEND_DSF_SECURITY_DIR:-/dev/null}:/opt/codex-feasibility-backend/dsf-security/
       - ${CODEX_FEASIBILITY_BACKEND_ONTOLOGY_DB_MIGRATION_FOLDER:-../ontology/migration}:/opt/codex-feasibility-backend/ontology/migration
+      - $(pwd)/certs:/certificates/
   feasibility-db:
     image: 'postgres:15-alpine'
     container_name: feasibility-db