Run as unprivileged user (#20)

Squashed commit of the following:

commit 6a7884c1fb
Author: Thor77 <thor77@thor77.org>
Date:   Sat Mar 25 16:07:05 2023 +0100

    Run as unprivileged user

commit 0bef82b1e9
Author: Thor77 <thor77@thor77.org>
Date:   Sat Mar 25 16:06:29 2023 +0100

    Add dumb-init entrypoint

    to allow for clean shutdown

commit 92b5d44110
Author: Thor77 <thor77@thor77.org>
Date:   Sat Mar 25 16:05:18 2023 +0100

    Update base image to debian bullseye

closes #20

Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2023-04-26 22:12:14 +02:00
parent ec19c9e945
commit d96da5143a
Signed by: luzifer
GPG key ID: D91C3E91E4CAD6F5

View file

@ -1,4 +1,4 @@
FROM debian:stretch FROM debian:bullseye
LABEL maintainer Knut Ahlers <knut@ahlers.me> LABEL maintainer Knut Ahlers <knut@ahlers.me>
@ -6,9 +6,8 @@ LABEL maintainer Knut Ahlers <knut@ahlers.me>
ENV TEAMSPEAK_VERSION=3.13.7 \ ENV TEAMSPEAK_VERSION=3.13.7 \
TEAMSPEAK_SHA256=775a5731a9809801e4c8f9066cd9bc562a1b368553139c1249f2a0740d50041e TEAMSPEAK_SHA256=775a5731a9809801e4c8f9066cd9bc562a1b368553139c1249f2a0740d50041e
SHELL ["/bin/bash", "-exo", "pipefail", "-c"]
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y curl bzip2 ca-certificates --no-install-recommends \ && apt-get install -y curl bzip2 ca-certificates dumb-init --no-install-recommends \
&& curl -sSfLo teamspeak3-server_linux-amd64.tar.bz2 \ && curl -sSfLo teamspeak3-server_linux-amd64.tar.bz2 \
"https://files.teamspeak-services.com/releases/server/${TEAMSPEAK_VERSION}/teamspeak3-server_linux_amd64-${TEAMSPEAK_VERSION}.tar.bz2" \ "https://files.teamspeak-services.com/releases/server/${TEAMSPEAK_VERSION}/teamspeak3-server_linux_amd64-${TEAMSPEAK_VERSION}.tar.bz2" \
&& echo "${TEAMSPEAK_SHA256} *teamspeak3-server_linux-amd64.tar.bz2" | sha256sum -c - \ && echo "${TEAMSPEAK_SHA256} *teamspeak3-server_linux-amd64.tar.bz2" | sha256sum -c - \
@ -16,13 +15,18 @@ RUN apt-get update \
&& rm teamspeak3-server_linux-amd64.tar.bz2 \ && rm teamspeak3-server_linux-amd64.tar.bz2 \
&& apt-get purge -y curl bzip2 && apt-get autoremove -y \ && apt-get purge -y curl bzip2 && apt-get autoremove -y \
&& apt-get clean \ && apt-get clean \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/* \
&& groupadd -g 1000 teamspeak \
&& useradd -u 1000 -g 1000 teamspeak \
&& chown -R teamspeak:teamspeak /opt/teamspeak3-server_linux_amd64
COPY docker-ts3.sh /opt/docker-ts3.sh COPY docker-ts3.sh /opt/docker-ts3.sh
# Inject a Volume for any TS3-Data that needs to be persisted or to be accessible from the host. (e.g. for Backups) # Inject a Volume for any TS3-Data that needs to be persisted or to be accessible from the host. (e.g. for Backups)
VOLUME ["/teamspeak3"] VOLUME ["/teamspeak3"]
USER teamspeak
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD ["/opt/docker-ts3.sh"] CMD ["/opt/docker-ts3.sh"]
# Expose the Standard TS3 port, for files, for serverquery # Expose the Standard TS3 port, for files, for serverquery