diff --git a/Dockerfile b/Dockerfile index b32741e..4069b6f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,7 +22,8 @@ ENV PORT=3130 ENV HOSTNAME=0.0.0.0 RUN addgroup --system --gid 1001 nodejs \ - && adduser --system --uid 1001 nextjs + && adduser --system --uid 1001 nextjs \ + && apk add --no-cache su-exec # standalone 产物 COPY --from=builder /app/.next/standalone ./ @@ -35,7 +36,10 @@ RUN mkdir -p /app/data/history \ && chown -R nextjs:nodejs /app/data \ && chown -R nextjs:nodejs /app -USER nextjs +COPY scripts/docker-entrypoint.sh /docker-entrypoint.sh +RUN chmod +x /docker-entrypoint.sh + EXPOSE 3130 +ENTRYPOINT ["/docker-entrypoint.sh"] CMD ["node", "server.js"] diff --git a/scripts/docker-deploy.sh b/scripts/docker-deploy.sh index dc38019..7a19eb6 100644 --- a/scripts/docker-deploy.sh +++ b/scripts/docker-deploy.sh @@ -15,6 +15,12 @@ if [[ ! -f .env.local ]]; then fi mkdir -p data/history +# 容器内 nextjs 为 uid/gid 1001;bind mount 会覆盖镜像内 chown,宿主机需一致 +if chown -R 1001:1001 data/history 2>/dev/null; then + echo "==> data/history 权限已设为 1001:1001" +else + echo "WARN: 无法 chown data/history,将依赖容器 entrypoint 修复权限(需 root 运行容器)" +fi echo "==> 当前 commit: $(git rev-parse --short HEAD)" echo "==> 拉取最新代码..." diff --git a/scripts/docker-entrypoint.sh b/scripts/docker-entrypoint.sh new file mode 100644 index 0000000..1098d6c --- /dev/null +++ b/scripts/docker-entrypoint.sh @@ -0,0 +1,8 @@ +#!/bin/sh +set -e + +HISTORY_DIR="${HISTORY_DATA_DIR:-/app/data/history}" +mkdir -p "$HISTORY_DIR" +chown -R nextjs:nodejs "$HISTORY_DIR" + +exec su-exec nextjs "$@"