feat: increased security

.drone.yml

@@ -22,7 +22,7 @@ steps:
     environment:
       IMAGE: localhost:5000/me:latest
       VIRTUAL_HOST: dusiburg.ru
-      VIRTUAL_PORT: 80
+      VIRTUAL_PORT: 3000
       LETSENCRYPT_HOST: dusiburg.ru
       LETSENCRYPT_EMAIL:
         from_secret: LETSENCRYPT_EMAIL

docker-compose.yml

@@ -5,7 +5,7 @@ services:
     networks:
       - proxy
     expose:
-      - 80
+      - 3000
     environment:
       - VIRTUAL_HOST=${VIRTUAL_HOST}
       - VIRTUAL_PORT=${VIRTUAL_PORT}

dockerfile

@@ -7,15 +7,14 @@ RUN npm run build
 
 FROM node:20-alpine
 WORKDIR /app
+RUN addgroup -S app && adduser -S app -G app
 COPY package*.json ./
 RUN npm install --omit=dev
 COPY --from=builder /app/.next ./.next
-COPY --from=builder --chown=node:node /app/.next/cache ./.next/cache
 COPY --from=builder /app/next.config.mjs ./
 COPY --from=builder /app/dictionary ./dictionary
 COPY --from=builder /app/public ./public
+RUN chown -R app:app /app
 USER app
-EXPOSE 80
+EXPOSE 3000
-CMD ["npm", "start", "--", "-p", "80", "-H", "0.0.0.0"]
+CMD ["npm", "start"]
-HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
-  CMD wget -q --spider http://localhost:80/ || exit 1