Last active
December 20, 2022 16:24
-
-
Save isapir/549943df527fedac64170082c93e0ff0 to your computer and use it in GitHub Desktop.
Dockerfile for Tomcat running as non-root user
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM eclipse-temurin:11-jdk-jammy | |
## allow to set a user id and group to match the host user for easy file sharing | |
ARG USER_ID=1000 | |
## Tomcat version | |
ARG TOMCAT_VERSION=9.0.70 | |
ENV SETUP_DIR "/var/local/tomcat" | |
ENV USER_ID ${USER_ID} | |
ENV TOMCAT_VERSION ${TOMCAT_VERSION} | |
ENV TOMCAT_FILENAME "apache-tomcat-${TOMCAT_VERSION}" | |
ENV CATALINA_HOME "${SETUP_DIR}/${TOMCAT_FILENAME}" | |
ENV CATALINA_BASE "/srv/www/catalina-base" | |
RUN echo "setup dir: ${SETUP_DIR}" \ | |
&& mkdir -p ${SETUP_DIR} \ | |
&& cd ${SETUP_DIR} \ | |
\ | |
## download Tomcat binaries | |
&& wget https://dlcdn.apache.org/tomcat/tomcat-9/v${TOMCAT_VERSION}/bin/${TOMCAT_FILENAME}.tar.gz \ | |
&& tar -xvf ${TOMCAT_FILENAME}.tar.gz \ | |
&& cd ${TOMCAT_FILENAME} \ | |
\ | |
## create uid=1000(tomcat) gid=1000(tomcat) | |
&& useradd --uid ${USER_ID} --user-group --shell /bin/bash tomcat \ | |
\ | |
## set group and group permissions to directories | |
&& chgrp -R tomcat ${CATALINA_HOME} \ | |
&& chmod -R g+rX ${CATALINA_HOME} \ | |
&& chmod -R g+w "${CATALINA_HOME}/logs" "${CATALINA_HOME}/temp" "${CATALINA_HOME}/work" \ | |
\ | |
&& export CATALINA_HOME=${CATALINA_HOME} \ | |
&& export CATALINA_BASE=${CATALINA_BASE} \ | |
\ | |
## create catalina-base dir and set group permissions | |
&& mkdir -p ${CATALINA_BASE} \ | |
&& chgrp -R tomcat ${CATALINA_BASE} \ | |
&& chmod -R g+srwX ${CATALINA_BASE} \ | |
\ | |
## switch to new user and populate catalina-base with default files | |
&& su tomcat \ | |
&& ${CATALINA_HOME}/bin/makebase.sh ${CATALINA_BASE} \ | |
\ | |
## add default html page | |
&& echo "Hello Tomcat" > ${CATALINA_BASE}/webapps/ROOT/index.html | |
WORKDIR ${CATALINA_HOME} | |
## allow other containers to connect | |
EXPOSE 8080 | |
ENTRYPOINT [ "bin/catalina.sh", "run" ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment