nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-05-29 23:34:53 -05:00
Code

[PS-2016] Add ability to change UID/GID for Bitwarden unified (#2495)

Browse Source
This commit is contained in:
Vince Grassia 2022-12-13 10:31:19 -05:00 committed by GitHub
parent 2469e10110
commit c6fbe8cc44
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 28 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docker-unified/Dockerfile
View File

@ -215,9 +215,6 @@ RUN apk add --update-cache \
unzip \ unzip \
&& rm -rf /var/cache/apk/* && rm -rf /var/cache/apk/*
# Create non-root user to run app
RUN adduser -s /bin/false -D bitwarden
# Create required directories # Create required directories
RUN mkdir -p /etc/bitwarden/attachments/send RUN mkdir -p /etc/bitwarden/attachments/send
RUN mkdir -p /etc/bitwarden/data-protection RUN mkdir -p /etc/bitwarden/data-protection
@ -228,26 +225,17 @@ RUN mkdir -p /etc/supervisor.d
RUN mkdir -p /var/log/bitwarden RUN mkdir -p /var/log/bitwarden
RUN mkdir -p /var/log/nginx/logs RUN mkdir -p /var/log/nginx/logs
RUN mkdir -p /app RUN mkdir -p /app
RUN chown -R bitwarden:bitwarden \
/app \
/etc/bitwarden \
/etc/nginx/http.d \
/etc/supervisor \
/etc/supervisor.d \
/var/lib/nginx \
/var/log \
/run
# Copy all apps from dotnet-build stage # Copy all apps from dotnet-build stage
WORKDIR /app WORKDIR /app
COPY --chown=bitwarden:bitwarden --from=dotnet-build /app ./ COPY --from=dotnet-build /app ./
# Copy Web files from web-setup stage # Copy Web files from web-setup stage
COPY --chown=bitwarden:bitwarden --from=web-setup /tmp/build /app/Web COPY --from=web-setup /tmp/build /app/Web
# Set up supervisord # Set up supervisord
COPY --chown=bitwarden:bitwarden docker-unified/supervisord/*.ini /etc/supervisor.d/ COPY docker-unified/supervisord/*.ini /etc/supervisor.d/
COPY --chown=bitwarden:bitwarden docker-unified/supervisord/supervisord.conf /etc/supervisor/supervisord.conf COPY docker-unified/supervisord/supervisord.conf /etc/supervisor/supervisord.conf
RUN rm -f /etc/supervisord.conf RUN rm -f /etc/supervisord.conf
# Set up nginx # Set up nginx
@ -285,5 +273,4 @@ RUN apk add --update-cache \
VOLUME ["/etc/bitwarden"] VOLUME ["/etc/bitwarden"]
WORKDIR /app WORKDIR /app
USER bitwarden:bitwarden
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

21
docker-unified/entrypoint.sh
View File

@ -1,5 +1,14 @@
#!/bin/sh #!/bin/sh
# Set up user group
GID="${GID:-1000}"
addgroup -g $GID bitwarden
GROUP_NAME=$(cat /etc/group | grep ":$GID:" | cut -d ':' -f 1)
# Set up user
UID="${UID:-1000}"
adduser -s /bin/false -D -u $UID -G $GROUP_NAME bitwarden
# Translate environment variables for application settings # Translate environment variables for application settings
VAULT_SERVICE_URI=https://$BW_DOMAIN VAULT_SERVICE_URI=https://$BW_DOMAIN
MYSQL_CONNECTION_STRING="server=$BW_DB_SERVER;database=$BW_DB_DATABASE;user=$BW_DB_USERNAME;password=$BW_DB_PASSWORD" MYSQL_CONNECTION_STRING="server=$BW_DB_SERVER;database=$BW_DB_DATABASE;user=$BW_DB_USERNAME;password=$BW_DB_PASSWORD"
@ -78,4 +87,14 @@ sed -i "s/autostart=true/autostart=${BW_ENABLE_NOTIFICATIONS}/" /etc/supervisor.
sed -i "s/autostart=true/autostart=${BW_ENABLE_SCIM}/" /etc/supervisor.d/scim.ini sed -i "s/autostart=true/autostart=${BW_ENABLE_SCIM}/" /etc/supervisor.d/scim.ini
sed -i "s/autostart=true/autostart=${BW_ENABLE_SSO}/" /etc/supervisor.d/sso.ini sed -i "s/autostart=true/autostart=${BW_ENABLE_SSO}/" /etc/supervisor.d/sso.ini
exec /usr/bin/supervisord chown -R $UID:$GID \
/app \
/etc/bitwarden \
/etc/nginx/http.d \
/etc/supervisor \
/etc/supervisor.d \
/var/lib/nginx \
/var/log \
/run
su-exec $UID:$GID /usr/bin/supervisord

4
docker-unified/settings.env
View File

@ -23,6 +23,10 @@ BW_INSTALLATION_KEY=xxxxxxxxxxxx
##################### #####################
# Learn more here: https://bitwarden.com/help/environment-variables/ # Learn more here: https://bitwarden.com/help/environment-variables/
# Container UID/GID
#UID=1000
#GID=1000
# Webserver ports # Webserver ports
#BW_PORT_HTTP=8080 #BW_PORT_HTTP=8080
#BW_PORT_HTTPS=8443 #BW_PORT_HTTPS=8443