archives/snowflake
2
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git synced 2025-10-13 11:11:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'docker-nonroot' into 'main'

Browse source 
chore: Dockerfile: run proxy as non-root user

See merge request tpo/anti-censorship/pluggable-transports/snowflake!455
This commit is contained in:
WofWca 2025-07-24 16:25:49 +00:00
commit 37541868c5
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Dockerfile
View file

@ -8,8 +8,15 @@ WORKDIR /app/proxy
RUN go get
RUN CGO_ENABLED=0 go build -o proxy -ldflags '-extldflags "-static" -w -s' .
RUN groupadd nonroot
RUN useradd --gid nonroot nonroot
FROM scratch
COPY --from=build /etc/passwd /etc/passwd
COPY --from=build /etc/group /etc/group
USER nonroot:nonroot
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=build /usr/share/zoneinfo /usr/share/zoneinfo
COPY --from=build /usr/share/tor/geoip* /usr/share/tor/