From 807b82f63398450db525b4721e770e835b214015 Mon Sep 17 00:00:00 2001 From: Timo Uttenweiler Date: Thu, 9 Apr 2026 11:19:27 +0200 Subject: [PATCH] Fix Docker volume permissions for /data (SQLite) Add su-exec to runner stage, run entrypoint as root to chown /data, then drop to nextjs user for migrations and app start. Fixes permission denied errors when Docker volume is mounted as root. Co-Authored-By: Claude Sonnet 4.6 --- Dockerfile | 5 ++--- docker-entrypoint.sh | 9 ++++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index ee68da7..a357cab 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,7 +34,7 @@ RUN npm run build FROM node:22-alpine AS runner WORKDIR /app -RUN apk add --no-cache python3 make g++ +RUN apk add --no-cache python3 make g++ su-exec ENV NODE_ENV=production ENV NEXT_TELEMETRY_DISABLED=1 @@ -66,8 +66,7 @@ RUN chmod +x docker-entrypoint.sh # Data directory for SQLite — must be a volume RUN mkdir -p /data && chown nextjs:nodejs /data -USER nextjs - +# Entrypoint runs as root, fixes /data permissions, then drops to nextjs via su-exec EXPOSE 3000 ENTRYPOINT ["./docker-entrypoint.sh"] diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index e93e7d8..46c5638 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,11 +1,14 @@ #!/bin/sh set -e -# Run Prisma migrations on every startup (idempotent) +# Fix /data permissions — Docker volumes are mounted as root by default +chown -R nextjs:nodejs /data + +# Run Prisma migrations as nextjs user echo "Running database migrations..." DATABASE_URL="${DATABASE_URL:-file:/data/leadflow.db}" \ - node node_modules/prisma/build/index.js migrate deploy \ + su-exec nextjs node node_modules/prisma/build/index.js migrate deploy \ --schema ./prisma/schema.prisma 2>&1 || echo "Migration warning (may already be up to date)" echo "Starting LeadFlow..." -exec node server.js +exec su-exec nextjs node server.js