Fix Docker volume permissions for /data (SQLite)

Add su-exec to runner stage, run entrypoint as root to chown /data, then drop to nextjs user for migrations and app start. Fixes permission denied errors when Docker volume is mounted as root. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-09 11:19:27 +02:00
parent 7db914084e
commit 807b82f633
2 changed files with 8 additions and 6 deletions
--- a/5
+++ b/5
@@ -34,7 +34,7 @@ RUN npm run build
 FROM node:22-alpine AS runner
 WORKDIR /app

-RUN apk add --no-cache python3 make g++
+RUN apk add --no-cache python3 make g++ su-exec

 ENV NODE_ENV=production
 ENV NEXT_TELEMETRY_DISABLED=1
@@ -66,8 +66,7 @@ RUN chmod +x docker-entrypoint.sh
 # Data directory for SQLite — must be a volume
 RUN mkdir -p /data && chown nextjs:nodejs /data

-USER nextjs
-
+# Entrypoint runs as root, fixes /data permissions, then drops to nextjs via su-exec
 EXPOSE 3000

 ENTRYPOINT ["./docker-entrypoint.sh"]
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -1,11 +1,14 @@
 #!/bin/sh
 set -e

-# Run Prisma migrations on every startup (idempotent)
+# Fix /data permissions — Docker volumes are mounted as root by default
+chown -R nextjs:nodejs /data
+
+# Run Prisma migrations as nextjs user
 echo "Running database migrations..."
 DATABASE_URL="${DATABASE_URL:-file:/data/leadflow.db}" \
-  node node_modules/prisma/build/index.js migrate deploy \
+  su-exec nextjs node node_modules/prisma/build/index.js migrate deploy \
  --schema ./prisma/schema.prisma 2>&1 || echo "Migration warning (may already be up to date)"

 echo "Starting LeadFlow..."
-exec node server.js
+exec su-exec nextjs node server.js