From 1bfebb698ae8e9bd5cf09c07ed994b5a374ef378 Mon Sep 17 00:00:00 2001
From: "web@ppanel" <web@ppanel.dev>
Date: Mon, 8 Dec 2025 08:22:25 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20fix(docker):=20Update=20Dockerfi?=
 =?UTF-8?q?les=20to=20create=20non-root=20user=20with=20proper=20permissio?=
 =?UTF-8?q?ns?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker/ppanel-admin-web/Dockerfile | 14 +++++++++-----
 docker/ppanel-user-web/Dockerfile  | 10 ++++++----
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/docker/ppanel-admin-web/Dockerfile b/docker/ppanel-admin-web/Dockerfile
index 38cd185..b85c8fc 100644
--- a/docker/ppanel-admin-web/Dockerfile
+++ b/docker/ppanel-admin-web/Dockerfile
@@ -5,17 +5,21 @@ FROM oven/bun:latest AS base
 WORKDIR /app
 
 # Create a non-root user for running the production application
-RUN addgroup --system --gid 1001 nodejs \
-    && adduser --system --uid 1001 nextjs
-
-# Change to non-root user
-USER nextjs
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends adduser \
+ && rm -rf /var/lib/apt/lists/* \
+ && addgroup --system --gid 1001 nodejs \
+ && adduser --system --uid 1001 --ingroup nodejs --home /nonexistent --shell /usr/sbin/nologin nextjs
 
 # Copy necessary files for production
 COPY ./apps/admin/.next/standalone ./
 COPY ./apps/admin/.next/static ./apps/admin/.next/static
 COPY ./apps/admin/public ./apps/admin/public
 
+# Change to non-root user
+RUN chown -R nextjs:nodejs /app
+USER nextjs
+
 # Disable Next.js telemetry at runtime
 ENV NEXT_TELEMETRY_DISABLED=1
 
diff --git a/docker/ppanel-user-web/Dockerfile b/docker/ppanel-user-web/Dockerfile
index 99cadfd..5b1b780 100644
--- a/docker/ppanel-user-web/Dockerfile
+++ b/docker/ppanel-user-web/Dockerfile
@@ -5,17 +5,19 @@ FROM oven/bun:latest AS base
 WORKDIR /app
 
 # Create non-root user and set permissions
-RUN addgroup --system --gid 1001 nodejs \
-    && adduser --system --uid 1001 nextjs
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends adduser \
+ && rm -rf /var/lib/apt/lists/* \
+ && addgroup --system --gid 1001 nodejs \
+ && adduser --system --uid 1001 --ingroup nodejs --home /nonexistent --shell /usr/sbin/nologin nextjs
 
 # Copy build output and static files
 COPY ./apps/user/.next/standalone ./
 COPY ./apps/user/.next/static ./apps/user/.next/static
 COPY ./apps/user/public ./apps/user/public
 
-# Change ownership to non-root user
+# Change to non-root user
 RUN chown -R nextjs:nodejs /app
-
 USER nextjs
 
 # Disable Next.js telemetry