Update haproxy to run as user haproxy

[aai/aai-common.git] / aai-common-docker / aai-haproxy-image / src / main / docker / Dockerfile

diff --git a/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile b/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile
index a96c364..9e9d80c 100644 (file)
--- a/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile
+++ b/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile
@@ -13,16 +13,18 @@ RUN apk add --no-cache \
     shadow \
     util-linux && \
     groupadd haproxy -g 1000 && \
-    adduser -u 1000 -S -D -G haproxy -s /bin/bash haproxy
+    adduser -u 1000 -S -D -G haproxy -s /bin/bash haproxy && \
+    chown -R haproxy:haproxy /usr/local/etc/haproxy
 
 RUN mkdir -p /etc/ssl/certs/ && mkdir -p /etc/ssl/private
 
-COPY aai.pem /etc/ssl/private/aai.pem
-COPY docker-entrypoint.sh /docker-entrypoint.sh
-COPY resolvers.conf /usr/local/etc/haproxy/resolvers.conf
-COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
+COPY --chown=haproxy aai.pem /etc/ssl/private/aai.pem
+COPY --chown=haproxy docker-entrypoint.sh /docker-entrypoint.sh
+COPY --chown=haproxy resolvers.conf /usr/local/etc/haproxy/resolvers.conf
+COPY --chown=haproxy haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
 
 RUN chmod +x /docker-entrypoint.sh
+USER haproxy
 
 ENTRYPOINT [ "/docker-entrypoint.sh" ]
 CMD [ "haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy/resolvers.conf" ]