Non privileged port and UID/GID 1000

[backend] added additional log entry to log when unsupported file extension is used when uploading an activity [docker] changed container from port 80 to 8080 on docker compose example file [docker] removed user endurain creation from docker process and used UID and GID 1000 [docker] changed docker port from 80 to 8080 to use non privileged port [docker] adjusted start.sh script to use UID and GID 1000 instead of user endurain [docs] added new UID and GID env variables info
2026-01-09 07:47:58 -05:00 · 2025-01-06 10:58:58 +00:00
parent 43ee1105b6
commit 0603531758
5 changed files with 36 additions and 39 deletions
--- a/backend/app/activities/utils.py
+++ b/backend/app/activities/utils.py
@@ -159,7 +159,10 @@ def parse_and_store_activity_from_file(
                            idsToFileName += (
                                "_"  # Add an underscore if it's not the last item
                            )
-
+                else:
+                    core_logger.print_to_log_and_console(
+                        f"File extension not supported: {file_extension}", "error"
+                    )
                # Define the directory where the processed files will be stored
                processed_dir = "files/processed"

@@ -235,6 +238,10 @@ def parse_and_store_activity_from_uploaded_file(
                        idsToFileName += (
                            "_"  # Add an underscore if it's not the last item
                        )
+            else:
+                core_logger.print_to_log_and_console(
+                    f"File extension not supported: {file_extension}", "error"
+                )

            # Define the directory where the processed files will be stored
            processed_dir = "files/processed"
--- a/docker-compose.yml.example
+++ b/docker-compose.yml.example
@@ -22,7 +22,7 @@ services:
      - <local_path>/endurain/backend/files/processed:/app/backend/files/processed # necessary for processed original files persistence on container image updates
      - <local_path>/endurain/backend/logs:/app/backend/logs # log files for the backend
    ports:
-      - "8080:80" # Endurain port, change per your needs
+      - "8080:8080" # Endurain port, change per your needs
    depends_on:
      - postgres # mariadb or postgres
      - jaeger # optional
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -33,7 +33,9 @@ RUN poetry export -f requirements.txt --output requirements.txt --without-hashes
 FROM python:3.12

 # Define environment variables
-ENV TZ="UTC" \
+ENV UID=1000 \
+    GID=1000 \
+    TZ="UTC" \
    DB_TYPE="postgres" \
    DB_HOST="postgres" \
    DB_PORT=5432 \
@@ -55,9 +57,6 @@ ENV TZ="UTC" \
    GEOCODES_MAPS_API="changeme" \
    BEHIND_PROXY=false

-# Set a non-root user
-RUN adduser --disabled-password --gecos '' endurain
-
 # Set the working directory to /app/frontend
 WORKDIR /app/frontend

@@ -82,17 +81,17 @@ COPY docker/start.sh /docker-entrypoint.d/start.sh
 # Make the script executable
 RUN chmod +x /docker-entrypoint.d/start.sh

-# Change ownership to non-root user
-RUN chown -R endurain /app
+# Change ownership to UID and GID
+RUN chown -R $UID:$GID /app

-# Switch to non-root user
-USER endurain
+# Switch to the non-root user by UID and GID
+USER $UID:$GID

-# Make port 80 available to the world outside this container
-EXPOSE 80
+# Make port 8080 available to the world outside this container
+EXPOSE 8080

 # Add a healthcheck
-HEALTHCHECK --interval=30s --timeout=10s --start-period=30s CMD curl -f http://localhost/api/v1/about || exit 1
+HEALTHCHECK --interval=30s --timeout=10s --start-period=30s CMD curl -f http://localhost:8080/api/v1/about || exit 1

 # Run the FastAPI app
 ENTRYPOINT ["/docker-entrypoint.d/start.sh"]
--- a/docker/start.sh
+++ b/docker/start.sh
@@ -11,34 +11,23 @@ if [ -d "/app/backend/logs" ]; then
    HOST_UID=$(stat -c '%u' /app/backend/logs)  # Get UID if directory exists
    HOST_GID=$(stat -c '%g' /app/backend/logs)  # Get GID if directory exists
 else
-    echo "/app/backend/logs directory does not exist. Using default UID 1000."
-    HOST_UID=1000  # Default to 1000 if directory does not exist
-    HOST_GID=1000  # Default to 1000 if directory does not exist
+    echo "/app/backend/logs directory does not exist. Using default provided UID and GID. Default is 1000."
+    HOST_UID=${UID:-1000}
+    HOST_GID=${GID:-1000}
 fi

-# Get the current UID and GID of the 'endurain' user
-USER_UID=$(id -u endurain)
-USER_GID=$(id -g endurain)
-
-# Only adjust if the user UID/GID doesn't match the host directory UID/GID
-if [ "$USER_UID" -ne "$HOST_UID" ] || [ "$USER_GID" -ne "$HOST_GID" ]; then
+# Avoid setting ownership to root (UID/GID = 0)
+if [ "$HOST_UID" -ne 0 ] && [ "$HOST_GID" -ne 0 ]; then
    echo "Adjusting ownership to match host UID ($HOST_UID) and GID ($HOST_GID)..."
-
-    # Avoid setting the UID/GID to 0 (root user UID/GID)
-    if [ "$HOST_UID" -ne 0 ]; then
-        usermod -u "$HOST_UID" endurain
-    else
-        echo "Skipping UID change to 0 (root UID)."
-    fi
-
-    if [ "$HOST_GID" -ne 0 ]; then
-        groupmod -g "$HOST_GID" endurain
-    else
-        echo "Skipping GID change to 0 (root GID)."
-    fi
-
-    # Update the ownership of the mounted directories
-    chown -R endurain:endurain /app/backend/logs /app/backend/user_images /app/backend/files
+    for dir in /app/backend/logs /app/backend/user_images /app/backend/files; do
+        if [ -d "$dir" ]; then
+            chown -R "$HOST_UID:$HOST_GID" "$dir"
+        else
+            echo "Directory $dir does not exist, skipping chown."
+        fi
+    done
+else
+    echo "Directory is owned by root UID/GID (0). Adjusting will fail, change ownership manually to non-root, example 1000:1000."
 fi

 # Substitute MY_APP_ENDURAIN_HOST with the value of ENDURAIN_HOST
@@ -56,7 +45,7 @@ fi
 echo "Starting FastAPI with BEHIND_PROXY=$BEHIND_PROXY"

 # Define the base command for starting the FastAPI server as an array
-CMD=("uvicorn" "main:app" "--host" "0.0.0.0" "--port" "80")
+CMD=("uvicorn" "main:app" "--host" "0.0.0.0" "--port" "8080")

 # Add --proxy-headers if BEHIND_PROXY is true
 if [ "$BEHIND_PROXY" = "true" ]; then
--- a/docs/getting-started.md
+++ b/docs/getting-started.md
@@ -20,6 +20,8 @@ Table below shows supported environment variables. Variables marked with optiona

 Environment variable  | Default value | Optional | Notes |
 | --- | --- | --- | --- |
+| UID | 1000 | Yes | User ID for mounted volumes. Default is 1000 |
+| GID | 1000 | Yes | Group ID for mounted volumes. Default is 1000 |
 | TZ | UTC | Yes | Timezone definition. Useful for TZ calculation for activities that do not have coordinates associated, like indoor swim or weight training. If not specified UTC will be used. List of available time zones [here](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). Format `Europe/Lisbon` expected |
 | ENDURAIN_HOST | http://localhost:8080 | `No` | Required for internal communication and Strava. For Strava https must be used. Host or local ip (example: http://192.168.1.10:8080 or https://endurain.com) |
 | GEOCODES_MAPS_API | changeme | `No` | <a href="https://geocode.maps.co/">Geocode maps</a> offers a free plan consisting of 1 Request/Second. Registration necessary. |