feat: non-root self hosted images for standard deployment (#5701)

* Use IHttpMessageHandlerFactory For HTTP Communication Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> * feat: allow custom app-id.json location for rootless Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> * fix: new build context wont allow copying git context * feat: allow images to run as non-root user * fix: build failures caused by bad merge * build: we don't need to copy the `.git` dir * Revert "build: we don't need to copy the `.git` dir" This reverts commit 32c2f6236a. * Use `IHttpClientFactory` in more places * update build workflow * fix: compatibility with the existin run.sh script * fix: compatibility with existing run.sh script * Add SelfHosted GlobalSettings for Setup * Fix my build error * Add other services * Add IConfiguration * fix: missing gosu command for rootful mode * fix: try using .net core certificate handling * fix: add `SSL_CERT_DIR` to remaining images * Remove X509ChainCustomization activation code * Revert "Use IHttpMessageHandlerFactory For HTTP Communication" This reverts commit c93be6d52b. * Revert "fix: build failures caused by bad merge" This reverts commit 3e4639489b. * Revert "Use `IHttpClientFactory` in more places" This reverts commit 284501a493. * remove unused code * re-add error log for installation id * remove missing error message in log * build: remove duplicate docker+qemu setup steps Co-authored-by: Opeyemi <Alaoopeyemi101@gmail.com> * build: optimize for simpler builds over caching * build: restore previous method for getting the GIT_HASH * fix: add missing build args to remaining images * fix: rm extraneous source revision id arg * fmt: apply consistent spacing and rm redundant WORKDIR directive * build: update migrator to use simpler build; apply consistent spacing * fix: merge conflicts; simplify changes * fix: add publish branch check back --------- Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> Co-authored-by: Opeyemi <Alaoopeyemi101@gmail.com>
2025-06-30 07:36:14 -05:00 · 2025-05-30 10:29:47 -07:00
parent 0b2b573bd3
commit 63f5811aa9
41 changed files with 1045 additions and 478 deletions
--- a/util/Attachments/entrypoint.sh
+++ b/util/Attachments/entrypoint.sh
@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash

 # Setup

@ -19,19 +19,27 @@ then
    LGID=65534
 fi

-# Create user and group
+if [ "$(id -u)" = "0" ]
+then
+    # Create user and group

-groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
-groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
-useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
-usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
-mkhomedir_helper $USERNAME
+    groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
+    groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
+    useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
+    usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
+    mkhomedir_helper $USERNAME

-# The rest...
+    # The rest...

-chown -R $USERNAME:$GROUPNAME /bitwarden_server
-mkdir -p /etc/bitwarden/core/attachments
-chown -R $USERNAME:$GROUPNAME /etc/bitwarden
+    chown -R $USERNAME:$GROUPNAME /bitwarden_server
+    mkdir -p /etc/bitwarden/core/attachments
+    chown -R $USERNAME:$GROUPNAME /etc/bitwarden
+    gosu_cmd="gosu $USERNAME:$GROUPNAME"
+else
+    gosu_cmd=""
+fi

-exec gosu $USERNAME:$GROUPNAME dotnet /bitwarden_server/Server.dll \
-    /contentRoot=/etc/bitwarden/core/attachments /webRoot=. /serveUnknown=true
+exec $gosu_cmd /bitwarden_server/Server \
+    /contentRoot=/etc/bitwarden/core/attachments \
+    /webRoot=. \
+    /serveUnknown=true