From b49574f39bd553012d829e217bf8e02c211988bf Mon Sep 17 00:00:00 2001 From: MayaTheShy Date: Sun, 22 Mar 2026 19:15:04 -0400 Subject: [PATCH] fix: SQLite readonly error in Docker container - Add entrypoint script that ensures /data is owned by node user before dropping privileges with su-exec - Remove USER node from Dockerfile (entrypoint handles it) - Change client depends_on to service_healthy so nginx waits for the server to pass its healthcheck before starting --- web/docker-compose.yml | 2 +- web/server/Dockerfile | 13 ++++++++----- web/server/docker-entrypoint.sh | 9 +++++++++ 3 files changed, 18 insertions(+), 6 deletions(-) create mode 100755 web/server/docker-entrypoint.sh diff --git a/web/docker-compose.yml b/web/docker-compose.yml index dea68c8..8b63c42 100644 --- a/web/docker-compose.yml +++ b/web/docker-compose.yml @@ -27,7 +27,7 @@ services: - inventory-network depends_on: server: - condition: service_started + condition: service_healthy restart: unless-stopped networks: diff --git a/web/server/Dockerfile b/web/server/Dockerfile index 3d3468e..abb0aaa 100644 --- a/web/server/Dockerfile +++ b/web/server/Dockerfile @@ -2,7 +2,8 @@ FROM node:18-alpine # Build tools needed for better-sqlite3 native compilation -RUN apk add --no-cache python3 make g++ +# su-exec for dropping privileges in entrypoint +RUN apk add --no-cache python3 make g++ su-exec WORKDIR /app @@ -15,16 +16,18 @@ RUN apk del python3 make g++ COPY . . -# Create data directory for SQLite with proper ownership -RUN mkdir -p /data && chown node:node /data +# Create data directory for SQLite +RUN mkdir -p /data VOLUME /data -# Run as non-root user for security -USER node +# Entrypoint fixes /data permissions then drops to node user +COPY docker-entrypoint.sh /usr/local/bin/ +RUN chmod +x /usr/local/bin/docker-entrypoint.sh EXPOSE 3001 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ CMD node -e "require('http').get('http://localhost:3001/api/health',r=>{process.exit(r.statusCode===200?0:1)}).on('error',()=>process.exit(1))" +ENTRYPOINT ["docker-entrypoint.sh"] CMD ["node", "server.js"] diff --git a/web/server/docker-entrypoint.sh b/web/server/docker-entrypoint.sh new file mode 100755 index 0000000..042a099 --- /dev/null +++ b/web/server/docker-entrypoint.sh @@ -0,0 +1,9 @@ +#!/bin/sh +set -e + +# Ensure data directory exists and is writable by the node user +mkdir -p /data +chown node:node /data + +# Drop privileges and exec the CMD +exec su-exec node "$@"