49 lines
1.3 KiB
Docker
49 lines
1.3 KiB
Docker
FROM python:3.11-slim-bookworm
|
|
|
|
LABEL maintainer="Team M CTF"
|
|
|
|
# Variables d'environnement
|
|
ENV PYTHONUNBUFFERED=1 \
|
|
PYTHONDONTWRITEBYTECODE=1 \
|
|
PIP_NO_CACHE_DIR=1 \
|
|
PIP_DISABLE_PIP_VERSION_CHECK=1
|
|
|
|
# Création user non-root
|
|
RUN groupadd -r appuser && useradd -r -g appuser -u 1000 appuser
|
|
|
|
# Installation dépendances système (Libmagic + Curl pour healthcheck)
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
gcc \
|
|
libmagic1 \
|
|
libmariadb-dev \
|
|
curl \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
WORKDIR /app
|
|
|
|
# Installation dépendances Python
|
|
COPY requirements.txt .
|
|
RUN pip install --no-cache-dir -r requirements.txt
|
|
|
|
# Copie du code
|
|
COPY . .
|
|
|
|
# Permissions
|
|
RUN mkdir -p /app/uploads && \
|
|
chown -R appuser:appuser /app && \
|
|
chmod 755 /app && \
|
|
chmod 755 /app/uploads
|
|
|
|
# Sécurité : on passe en user limité
|
|
USER appuser
|
|
|
|
# --- CHANGEMENT ICI : Port 8000 ---
|
|
EXPOSE 8000
|
|
|
|
# Healthcheck sur le port 8000
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
|
|
CMD curl -f http://localhost:8000/health || exit 1
|
|
|
|
# Démarrage sur le port 8000
|
|
CMD ["gunicorn", "--bind", "0.0.0.0:8000", "--workers", "2", "--threads", "4", "--worker-class", "gthread", "--timeout", "30", "--access-logfile", "-", "--error-logfile", "-", "app:app"]
|