Skip to content

更好的docker支持 #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
117503445 merged 1 commit into from
Oct 6, 2025
Merged

更好的docker支持 #45

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,15 @@
FROM golang:1.23 AS build
ARG GOPROXY=https://proxy.golang.org,direct
WORKDIR /workspace
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 go test ./...
RUN CGO_ENABLED=0 go build -o app

FROM gcr.io/distroless/static-debian12 AS prod
WORKDIR /workspace
COPY --from=build /workspace/app app
ENTRYPOINT [ "./app"]
FROM scratch
COPY --from=build /workspace/app /app
ENV dav="/,/data,null,null,false"
EXPOSE 80
VOLUME [ "/data" ]
ENTRYPOINT [ "/app"]
35 changes: 18 additions & 17 deletions doc/nonroot_zh_CN.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,27 +4,32 @@

## 步骤

以 Docker Compose 为例,假设你希望共享 `./data/dir1` 和 `./data/dir2` 两个目录。首先,准备一个 `docker-compose.yml` 文件:
以 Docker Compose 为例,假设你希望共享 `./data/dir1` 和 `./data/dir2` 两个目录。首先,准备好您的目录

```bash
mkdir -p ./data # 这里只是一个示例,您可以用任何方式创建目录
```

接下来,获取目录的 UID 和 GID

```bash
ls -nd ./data | awk '{ print $3":"$4 }'
```

然后,创建一个 `docker-compose.yml` 文件:

```yaml
services:
go_webdav:
image: 117503445/go_webdav
restart: unless-stopped
volumes:
- ./data:/home/nonroot
- ./data:/data
environment:
- "dav=/dir1,/home/nonroot/dir1,null,null,false;/dir2,/home/nonroot/dir2,null,null,false"
- "dav=/dir1,/data/dir1,null,null,false;/dir2,/data/dir2,null,null,false"
ports:
- "80:80"
user: "nonroot" # 指定容器内的用户为 nonroot
```

接下来,创建目录并赋予 777 权限:

```bash
mkdir -p ./data/dir1 ./data/dir2
chmod 777 ./data/dir1 ./data/dir2
user: "1000:1000" # 填写正确的UID和GID以确保以正确的用户执行
```

最后,启动容器:
Expand All @@ -35,10 +40,6 @@ docker compose up -d

## 注意事项

`117503445/go_webdav` 是基于 [gcr.io/distroless/static-debian12](https://github.com/GoogleContainerTools/distroless) 制作的。镜像中的 `nonroot` 用户是非 root 用户,UID 为 65532,并对 `/home/nonroot` 目录有写入权限。

- 如果你没有提前创建 `data` 目录,容器启动后会自动创建该目录。但由于这是由具有 root 权限的 Docker Daemon 创建的,可能会导致权限问题。
- 如果你没有提前创建 `dir1` 和 `dir2` 目录,容器启动后会由 `GoWebdav` 创建这些目录。但由于它们属于 `nonroot` 用户,所以外部的普通用户无法写入。
- 如果你没有提前赋予 `777` 权限,`GoWebdav` 的 `nonroot` 用户将无法写入这些目录。

docker 支持通过`--user "UID:GID"`的方式指定用户,所以我们可以用这个功能让容器运行在非 root 用户下
不过您仍需提前创建 `data` 目录,以防止 Docker Daemon 使用 root 权限创建,导致权限问题。
在上述情景中,容器内外都是普通用户。如果你只要求容器内是普通用户、外部是 root 用户,或者容器内是 root 用户、外部是普通用户,可能会更简单一些。