Toutsu/GmRelayBot
1
1
Fork 0
Code Issues 18 Pull Requests Actions Packages Projects Releases 86 Wiki Activity

fix(web): ensure dataprotection-keys dir is owned by app user before switching USER
Deploy Telegram Bot / build-and-push (push) Successful in 3m58s
Details
Deploy Telegram Bot / scan-images (push) Successful in 1m58s
Details
Deploy Telegram Bot / deploy (push) Successful in 13s
Details

Browse Source 
The volume mount /app/dataprotection-keys was created under root:root
permissions on the host. When the container restarted with the 1.15.0
image, the non-root app user (uid=1654) could no longer read/write
DataProtection keys, causing every request to fail with
UnauthorizedAccessException and fall back to the generic /Error page.

Add RUN chown during the final Docker stage so the directory ownership
matches the runtime user before USER $APP_UID takes effect.
This commit is contained in:
Toutsu
2026-05-12 16:05:48 +03:00
parent c0a5482e1a
commit 81d4ec2c97
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/GmRelay.Web/Dockerfile
+1
View File
@@ -20,6 +20,7 @@ FROM mcr.microsoft.com/dotnet/aspnet:10.0-noble AS final
WORKDIR /app
RUN apt-get update && apt-get install -y --no-install-recommends libgssapi-krb5-2 && rm -rf /var/lib/apt/lists/*
COPY --from=build /app/publish .
RUN mkdir -p /app/dataprotection-keys && chown -R $APP_UID:$APP_UID /app/dataprotection-keys
ENV ASPNETCORE_URLS=http://+:8080
EXPOSE 8080
USER $APP_UID