Update dockerfiles to run as non-root
This commit is contained in:
parent
898c24949b
commit
4eb251ce41
26
Dockerfile
26
Dockerfile
@ -5,10 +5,19 @@ ENV LANG C.UTF-8
|
||||
ENV LC_ALL C.UTF-8
|
||||
ENV PYTHONDONTWRITEBYTECODE 1
|
||||
ENV PYTHONFAULTHANDLER 1
|
||||
ENV PATH=/root/.local/bin:$PATH
|
||||
ENV PATH=/home/ftuser/.local/bin:$PATH
|
||||
ENV FT_APP_ENV="docker"
|
||||
|
||||
# Prepare environment
|
||||
RUN mkdir /freqtrade
|
||||
RUN mkdir /freqtrade \
|
||||
&& apt update \
|
||||
&& apt install -y sudo \
|
||||
&& apt-get clean \
|
||||
&& useradd -u 1000 -G sudo -U -m ftuser \
|
||||
&& chown ftuser:ftuser /freqtrade \
|
||||
# Allow sudoers
|
||||
&& echo "ftuser ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
|
||||
|
||||
WORKDIR /freqtrade
|
||||
|
||||
# Install dependencies
|
||||
@ -24,7 +33,8 @@ RUN cd /tmp && /tmp/install_ta-lib.sh && rm -r /tmp/*ta-lib*
|
||||
ENV LD_LIBRARY_PATH /usr/local/lib
|
||||
|
||||
# Install dependencies
|
||||
COPY requirements.txt requirements-hyperopt.txt /freqtrade/
|
||||
COPY --chown=ftuser:ftuser requirements.txt requirements-hyperopt.txt /freqtrade/
|
||||
USER ftuser
|
||||
RUN pip install --user --no-cache-dir numpy \
|
||||
&& pip install --user --no-cache-dir -r requirements-hyperopt.txt
|
||||
|
||||
@ -33,13 +43,13 @@ FROM base as runtime-image
|
||||
COPY --from=python-deps /usr/local/lib /usr/local/lib
|
||||
ENV LD_LIBRARY_PATH /usr/local/lib
|
||||
|
||||
COPY --from=python-deps /root/.local /root/.local
|
||||
|
||||
|
||||
COPY --from=python-deps /home/ftuser/.local /home/ftuser/.local
|
||||
|
||||
USER ftuser
|
||||
# Install and execute
|
||||
COPY . /freqtrade/
|
||||
RUN pip install -e . --no-cache-dir \
|
||||
COPY --chown=ftuser:ftuser . /freqtrade/
|
||||
|
||||
RUN pip install -e . --user --no-cache-dir \
|
||||
&& mkdir /freqtrade/user_data/ \
|
||||
&& freqtrade install-ui
|
||||
|
||||
|
@ -5,15 +5,20 @@ ENV LANG C.UTF-8
|
||||
ENV LC_ALL C.UTF-8
|
||||
ENV PYTHONDONTWRITEBYTECODE 1
|
||||
ENV PYTHONFAULTHANDLER 1
|
||||
ENV PATH=/root/.local/bin:$PATH
|
||||
ENV PATH=/home/ftuser/.local/bin:$PATH
|
||||
ENV FT_APP_ENV="docker"
|
||||
|
||||
# Prepare environment
|
||||
RUN mkdir /freqtrade
|
||||
WORKDIR /freqtrade
|
||||
RUN mkdir /freqtrade \
|
||||
&& apt-get update \
|
||||
&& apt-get -y install libatlas3-base curl sqlite3 libhdf5-serial-dev sudo \
|
||||
&& apt-get clean \
|
||||
&& useradd -u 1000 -G sudo -U -m ftuser \
|
||||
&& chown ftuser:ftuser /freqtrade \
|
||||
# Allow sudoers
|
||||
&& echo "ftuser ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get -y install libatlas3-base curl sqlite3 \
|
||||
&& apt-get clean
|
||||
WORKDIR /freqtrade
|
||||
|
||||
# Install dependencies
|
||||
FROM base as python-deps
|
||||
@ -37,13 +42,14 @@ FROM base as runtime-image
|
||||
COPY --from=python-deps /usr/local/lib /usr/local/lib
|
||||
ENV LD_LIBRARY_PATH /usr/local/lib
|
||||
|
||||
COPY --from=python-deps /root/.local /root/.local
|
||||
COPY --from=python-deps /home/ftuser/.local /home/ftuser/.local
|
||||
|
||||
USER ftuser
|
||||
# Install and execute
|
||||
COPY . /freqtrade/
|
||||
RUN apt-get install -y libhdf5-serial-dev \
|
||||
&& apt-get clean \
|
||||
&& pip install -e . --no-cache-dir \
|
||||
COPY --chown=ftuser:ftuser . /freqtrade/
|
||||
|
||||
RUN pip install -e . --user --no-cache-dir \
|
||||
&& mkdir /freqtrade/user_data/ \
|
||||
&& freqtrade install-ui
|
||||
|
||||
ENTRYPOINT ["freqtrade"]
|
||||
|
@ -1,7 +1,7 @@
|
||||
FROM freqtradeorg/freqtrade:develop
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get -y install git \
|
||||
&& apt-get clean \
|
||||
RUN sudo apt-get update \
|
||||
&& sudo apt-get -y install git \
|
||||
&& sudo apt-get clean \
|
||||
# The below dependency - pyti - serves as an example. Please use whatever you need!
|
||||
&& pip install pyti
|
||||
&& pip install --user pyti
|
||||
|
@ -3,8 +3,8 @@ FROM freqtradeorg/freqtrade:develop
|
||||
# Install dependencies
|
||||
COPY requirements-dev.txt /freqtrade/
|
||||
|
||||
RUN pip install numpy --no-cache-dir \
|
||||
&& pip install -r requirements-dev.txt --no-cache-dir
|
||||
RUN pip install numpy --user --no-cache-dir \
|
||||
&& pip install -r requirements-dev.txt --user --no-cache-dir
|
||||
|
||||
# Empty the ENTRYPOINT to allow all commands
|
||||
ENTRYPOINT []
|
||||
|
@ -1,7 +1,7 @@
|
||||
FROM freqtradeorg/freqtrade:develop_plot
|
||||
|
||||
|
||||
RUN pip install jupyterlab --no-cache-dir
|
||||
RUN pip install jupyterlab --user --no-cache-dir
|
||||
|
||||
# Empty the ENTRYPOINT to allow all commands
|
||||
ENTRYPOINT []
|
||||
|
@ -4,4 +4,4 @@ FROM freqtradeorg/freqtrade:${sourceimage}
|
||||
# Install dependencies
|
||||
COPY requirements-plot.txt /freqtrade/
|
||||
|
||||
RUN pip install -r requirements-plot.txt --no-cache-dir
|
||||
RUN pip install -r requirements-plot.txt --user --no-cache-dir
|
||||
|
Loading…
Reference in New Issue
Block a user