hardening docker images

6C656C65 · 6C656C65 · commit 94cc38f53eb8 · 2025-04-22T15:14:21.000+02:00
diff --git a/.dockerignore b/.dockerignore
@@ -4,10 +4,13 @@ __pycache__/
 config/*.txt
 logs/*.log
 
+tests/
+config.ini.example
+
 .github
 .bumpversion.cfg
 .gitignore
 .git
 .pylintrc
 .readthedocs.yaml
-CHANGELOFG.md
+CHANGELOG.md
diff --git a/Dockerfile b/Dockerfile
@@ -1,12 +1,15 @@
-FROM python:3.13-slim
-
+FROM python:3.13-slim as builder
 WORKDIR /app
-
 COPY requirements.txt .
-RUN pip install --no-cache-dir -r requirements.txt
+RUN pip install --no-cache-dir --prefix=/install -r requirements.txt
 
-COPY . .
 
+FROM python:3.13-slim
+RUN useradd -m -s /bin/bash pyproxy
+WORKDIR /app
+COPY --from=builder /install /usr/local
+COPY . .
+RUN chown -R pyproxy:pyproxy /app
+USER pyproxy
 EXPOSE 8080
-
 ENTRYPOINT ["python3", "pyproxy.py"]
