Fix volume permissions: entrypoint chowns /data to uid 1000, run app as non-root

This commit is contained in:
inputnoise
2026-05-25 20:50:10 +02:00
parent 03b10b6f86
commit bcc425b6fb
3 changed files with 11 additions and 2 deletions

View File

@@ -2,7 +2,7 @@ FROM python:3.12-slim
WORKDIR /app WORKDIR /app
RUN apt-get update && apt-get install -y ffmpeg && rm -rf /var/lib/apt/lists/* RUN apt-get update && apt-get install -y ffmpeg gosu && rm -rf /var/lib/apt/lists/*
COPY backend/requirements.txt ./backend/requirements.txt COPY backend/requirements.txt ./backend/requirements.txt
RUN pip install --no-cache-dir -r backend/requirements.txt && pip install --no-cache-dir -U yt-dlp RUN pip install --no-cache-dir -r backend/requirements.txt && pip install --no-cache-dir -U yt-dlp
@@ -11,4 +11,5 @@ COPY backend/ ./backend/
EXPOSE 8000 EXPOSE 8000
ENTRYPOINT ["/app/backend/entrypoint.sh"]
CMD ["uvicorn", "backend.main:app", "--host", "0.0.0.0", "--port", "8000"] CMD ["uvicorn", "backend.main:app", "--host", "0.0.0.0", "--port", "8000"]

3
backend/entrypoint.sh Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/sh
chown -R 1000:1000 /data 2>/dev/null || true
exec gosu 1000:1000 "$@"

View File

@@ -462,8 +462,10 @@ def start_download(
file_path = None file_path = None
stream_index = 0 stream_index = 0
output_lines: list[str] = []
for line in process.stdout: for line in process.stdout:
line = line.strip() line = line.strip()
output_lines.append(line)
if re.search(r"\[download\] Destination:", line): if re.search(r"\[download\] Destination:", line):
stream_index += 1 stream_index += 1
m = re.search(r"\[download\]\s+([\d.]+)%", line) m = re.search(r"\[download\]\s+([\d.]+)%", line)
@@ -480,7 +482,10 @@ def start_download(
resolution = detect_resolution(file_path) if file_path else None resolution = detect_resolution(file_path) if file_path else None
on_complete(download_id, file_path, resolution) on_complete(download_id, file_path, resolution)
else: else:
on_error(download_id, f"yt-dlp exited with code {process.returncode}") tail = "\n".join(output_lines[-20:]) if output_lines else "(no output)"
import logging
logging.getLogger(__name__).error("yt-dlp failed (code %d):\n%s", process.returncode, tail)
on_error(download_id, f"yt-dlp exited with code {process.returncode}:\n{tail}")
thread = threading.Thread(target=_run_download, daemon=True) thread = threading.Thread(target=_run_download, daemon=True)
thread.start() thread.start()