Run runtime images as the built-in non-root .NET app user and install Web runtime OS dependencies with --no-install-recommends.
This commit is contained in:
@@ -33,5 +33,7 @@ WORKDIR /app
|
|||||||
# Копируем только AOT-результаты из билда
|
# Копируем только AOT-результаты из билда
|
||||||
COPY --from=build /app/publish .
|
COPY --from=build /app/publish .
|
||||||
|
|
||||||
|
USER $APP_UID
|
||||||
|
|
||||||
# Запуск скомпилированного AOT бинарного файла напрямую
|
# Запуск скомпилированного AOT бинарного файла напрямую
|
||||||
ENTRYPOINT ["./GmRelay.Bot"]
|
ENTRYPOINT ["./GmRelay.Bot"]
|
||||||
|
|||||||
@@ -18,8 +18,9 @@ RUN dotnet publish "GmRelay.Web.csproj" -c Release -o /app/publish /p:UseAppHost
|
|||||||
# Stage 2: Runtime
|
# Stage 2: Runtime
|
||||||
FROM mcr.microsoft.com/dotnet/aspnet:10.0-noble AS final
|
FROM mcr.microsoft.com/dotnet/aspnet:10.0-noble AS final
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
RUN apt-get update && apt-get install -y libgssapi-krb5-2 && rm -rf /var/lib/apt/lists/*
|
RUN apt-get update && apt-get install -y --no-install-recommends libgssapi-krb5-2 && rm -rf /var/lib/apt/lists/*
|
||||||
COPY --from=build /app/publish .
|
COPY --from=build /app/publish .
|
||||||
ENV ASPNETCORE_URLS=http://+:8080
|
ENV ASPNETCORE_URLS=http://+:8080
|
||||||
EXPOSE 8080
|
EXPOSE 8080
|
||||||
|
USER $APP_UID
|
||||||
ENTRYPOINT ["dotnet", "GmRelay.Web.dll"]
|
ENTRYPOINT ["dotnet", "GmRelay.Web.dll"]
|
||||||
|
|||||||
Reference in New Issue
Block a user