Run as non-privileged user

psf · Aug 18, 2023 · 4923332 · 4923332
1 parent 4759eb1
commit 4923332
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 10 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -29,8 +29,20 @@ LABEL version=${APP_VERSION}
 LABEL description="A simple HTTP service."
 LABEL org.kennethreitz.vendor="Kenneth Reitz"
 
+RUN useradd \
+    --system \
+    --shell /bin/nologin \
+    --no-create-home \
+    --home /opt/httpbin \
+    httpbin
+
 COPY --from=build /opt/httpbin /opt/httpbin
+WORKDIR /opt/httpbin
+
 ADD httpbin.bash /opt/httpbin/bin
 RUN chmod +x /opt/httpbin/bin/httpbin.bash
-EXPOSE 80
+RUN chown --recursive httpbin /opt/httpbin
+EXPOSE 8080
 CMD ["/opt/httpbin/bin/httpbin.bash"]
+
+USER httpbin
diff --git a/README.md b/README.md
@@ -11,14 +11,7 @@ httpbin is a [Kenneth Reitz](http://kennethreitz.org/bitcoin) Project.
 
 ```sh
 docker pull ghcr.io/psf/httpbin
-docker run -p 80:80 ghcr.io/psf/httpbin
-```
-
-Some enviroments do not allow to bind to a privileged port. To run it on a
-different port instead of port 80, set the environment variables as follows:
-
-```sh
-docker run -e HTTPIN_PORT=8000 -p 8000:8000 ghcr.io/psf/httpbin
+docker run -p 80:8080 ghcr.io/psf/httpbin
 ```
 
 ## Using `httpbin` as a Library

diff --git a/httpbin.bash b/httpbin.bash
@@ -1,5 +1,5 @@
 #!/bin/bash
 exec /opt/httpbin/bin/gunicorn \
-    -b ${HTTPBIN_HOST:-0.0.0.0}:${HTTPBIN_PORT:-80} \
+    -b ${HTTPBIN_HOST:-0.0.0.0}:${HTTPBIN_PORT:-8080} \
     -k gevent \
     httpbin:app