decentral1se
commented
2 years ago LGTM @heyarne! I'm not a dev on this project but I'd like to see this turn into a PR :pray:
I am happy to create a pull request if somebody tells me how I'd deal with the different locations of .ssb-go-room-secrets in the different setups. Maybe pass the $REPO environment var in docker-compose.yml?
Would it be possible to retain the original location and instead just chown it? So then the home of the new user is /app/ but they also have permissions on /.ssb-go-room-secrets. This gives better backwards compat for people doing an upgrade.
I think the change your suggesting is the following. This seems fine but people might forget to update their configs.
Maybe that is OK if there is a big warning on the release notes + docs on the migration away from the root user.
diff --git a/docker-compose.yml b/docker-compose.yml
index f8b07fe..bfee332 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,5 +11,7 @@ services:
ports:
- "3000:3000" # Proxypass this port through NGINX or Apache as your HTTP landing & dashboard page
- "0.0.0.0:8008:8008" # This is the port SSB clients connect to
+ environment:
+ REPO=/app
volumes:
- ./ssb-go-room-secrets:/ssb-go-room-secrets
I have made some improvements to the project's
Dockerfilelocally, but I don't know how they would translate into thedocker-compose-based setup because I don't use it. This is my Dockerfile:I'm using multi-stage builds so the container running the app only contains a bare minimum alpine install and the go-ssb-room binaries. I also changed the container's user so it doesn't run root, which is recommended best practice.
I am happy to create a pull request if somebody tells me how I'd deal with the different locations of
.ssb-go-room-secretsin the different setups. Maybe pass the$REPOenvironment var indocker-compose.yml?