Skip to content

fix: improve docker security, reliability and default performance #213

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 26, 2025
Merged

fix: improve docker security, reliability and default performance #213

merged 3 commits into from
Oct 26, 2025

Conversation

@MathisVerstrepen
Copy link
Owner

This pull request updates the Docker configuration for the API service to improve security and reliability. The main changes include installing additional dependencies, creating necessary data directories, and ensuring the application runs under a non-root user. The startup command is also updated to use gunicorn instead of uvicorn directly, and ownership of data directories is enforced at container startup.

Security and User Management:

  • Installed git and openssh-client in the API Docker image to support repository cloning and SSH operations.
  • Ensured the application runs as a non-root user by switching to appuser at container startup in both production and development compose files, using su appuser. [1] [2]

Data Directory Setup:

  • Created /app/data/user_files and /app/data/cloned_repos directories in the Docker image to ensure required paths exist for user files and cloned repositories.
  • Enforced ownership of /app/data by appuser at container startup to avoid permission issues. [1] [2]

Application Startup Improvements:

  • Updated the startup command to use gunicorn with the Uvicorn worker for improved production reliability, replacing the previous direct uvicorn invocation. [1] [2]
  • Removed the USER appuser directive from the Dockerfile to allow dynamic user switching at runtime via the compose command.

@MathisVerstrepen MathisVerstrepen self-assigned this Oct 26, 2025
@MathisVerstrepen MathisVerstrepen added the bug Something isn't working as expected, or there's an error in existing functionality. label Oct 26, 2025
@MathisVerstrepen MathisVerstrepen merged commit 6eb5a68 into main Oct 26, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@MathisVerstrepen MathisVerstrepen

Labels

bug Something isn't working as expected, or there's an error in existing functionality.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MathisVerstrepen