From d8b78ad27773a460fd3505377f052a9bbb35cd90 Mon Sep 17 00:00:00 2001
From: William Petit <wpetit@cadoles.com>
Date: Wed, 27 Mar 2024 09:19:08 +0100
Subject: [PATCH] feat(docker): run as non-root user

---
 Dockerfile | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 2010728..2228e9e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -24,7 +24,10 @@ RUN make GORELEASER_ARGS='build --rm-dist --single-target --snapshot' goreleaser
 RUN /src/dist/bouncer_linux_amd64_v1/bouncer -c '' config dump > /src/dist/bouncer_linux_amd64_v1/config.yml \
     && yq -i '.layers.queue.templateDir = "/usr/share/bouncer/layers/queue/templates"' /src/dist/bouncer_linux_amd64_v1/config.yml \
     && yq -i '.admin.auth.privateKey = "/etc/bouncer/admin-key.json"' /src/dist/bouncer_linux_amd64_v1/config.yml \
-    && yq -i '.redis.adresses = ["redis:6379"]' /src/dist/bouncer_linux_amd64_v1/config.yml
+    && yq -i '.redis.adresses = ["redis:6379"]' /src/dist/bouncer_linux_amd64_v1/config.yml \
+    && yq -i '.redis.writeTimeout = "30s"' /src/dist/bouncer_linux_amd64_v1/config.yml \
+    && yq -i '.redis.readTimeout = "30s"' /src/dist/bouncer_linux_amd64_v1/config.yml \
+    && yq -i '.redis.dialTimeout = "30s"' /src/dist/bouncer_linux_amd64_v1/config.yml
 
 FROM reg.cadoles.com/proxy_cache/library/alpine:3.19.1 AS RUNTIME
 
@@ -43,6 +46,10 @@ RUN ln -s /usr/share/bouncer/bin/bouncer /usr/local/bin/bouncer
 EXPOSE 8080
 EXPOSE 8081
 
+RUN adduser -D -H bouncer
+
 ENV BOUNCER_CONFIG=/etc/bouncer/config.yml
 
+USER bouncer
+
 CMD ["bouncer"]
\ No newline at end of file