From dd3def00cce704f0209b7391ec6f1555e915e392 Mon Sep 17 00:00:00 2001
From: Giovanni Rezcjikov <rezcjikov@mail.ru>
Date: Sat, 21 Feb 2026 21:33:41 +0300
Subject: [PATCH] feat: increased security

---
 .drone.yml         | 2 +-
 docker-compose.yml | 2 +-
 dockerfile         | 9 ++++-----
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index bad1fd4..c3ad527 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -22,7 +22,7 @@ steps:
     environment:
       IMAGE: localhost:5000/me:latest
       VIRTUAL_HOST: dusiburg.ru
-      VIRTUAL_PORT: 80
+      VIRTUAL_PORT: 3000
       LETSENCRYPT_HOST: dusiburg.ru
       LETSENCRYPT_EMAIL:
         from_secret: LETSENCRYPT_EMAIL
diff --git a/docker-compose.yml b/docker-compose.yml
index 1152f9f..e8eeaa6 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,7 +5,7 @@ services:
     networks:
       - proxy
     expose:
-      - 80
+      - 3000
     environment:
       - VIRTUAL_HOST=${VIRTUAL_HOST}
       - VIRTUAL_PORT=${VIRTUAL_PORT}
diff --git a/dockerfile b/dockerfile
index 5242e83..f9fe815 100644
--- a/dockerfile
+++ b/dockerfile
@@ -7,15 +7,14 @@ RUN npm run build
 
 FROM node:20-alpine
 WORKDIR /app
+RUN addgroup -S app && adduser -S app -G app
 COPY package*.json ./
 RUN npm install --omit=dev
 COPY --from=builder /app/.next ./.next
-COPY --from=builder --chown=node:node /app/.next/cache ./.next/cache
 COPY --from=builder /app/next.config.mjs ./
 COPY --from=builder /app/dictionary ./dictionary
 COPY --from=builder /app/public ./public
+RUN chown -R app:app /app
 USER app
-EXPOSE 80
-CMD ["npm", "start", "--", "-p", "80", "-H", "0.0.0.0"]
-HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
-  CMD wget -q --spider http://localhost:80/ || exit 1
+EXPOSE 3000
+CMD ["npm", "start"]
\ No newline at end of file