docker: run imageproxy as non-privileged user

willnorris · Mar 22, 2019 · be01bc1 · be01bc1
1 parent bfa1f74
commit be01bc1
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,8 @@
 FROM golang:1.9 as build
 MAINTAINER Will Norris <will@willnorris.com>
 
+RUN useradd -u 1001 go
+
 WORKDIR /go/src/willnorris.com/go/imageproxy
 ADD . .
 
@@ -12,10 +14,13 @@ FROM scratch
 
 WORKDIR /go/bin
 
+COPY --from=build /etc/passwd /etc/passwd
 COPY --from=build /usr/share/zoneinfo /usr/share/zoneinfo
 COPY --from=build /etc/ssl/certs /etc/ssl/certs
 COPY --from=build /go/bin/imageproxy .
 
+USER go
+
 CMD ["-addr", "0.0.0.0:8080"]
 ENTRYPOINT ["/go/bin/imageproxy"]