如何在使用docker-compose和非root用户时将node_modules保留在容器中?
[英]How to keep node_modules inside container while using docker-compose and a non-root user?
问题描述
I'm looking for a way to achieve these goals at the same time: 
我正在寻找一种同时实现这些目标的方法:
- using a non-root user inside the container 在容器内使用非root用户
- keeping
node_modulesinside container (to not to "pollute" the working directory on the host)将node_modules保留在容器内(以免“污染”主机上的工作目录) - not using a
Dockerfile不使用Dockerfile
I'm not sure if these goals are considered "best practice". 我不确定这些目标是否被视为“最佳实践”。 For example, keeping node_modules inside the container has its disadvantages . 例如,将node_modules保留在容器内有其缺点 。
Currently my compose file is like this: 目前我的撰写文件是这样的:
services:
# ...
node:
image: "node:9"
user: "node"
working_dir: /home/node/app
environment:
# - NODE_ENV=production
- NPM_CONFIG_PREFIX=/home/node/.npm-global
- PATH=$PATH:/home/node/.npm-global/bin
volumes:
- ./proj/:/home/node/app
- /home/node/app/node_modules # mark1
ports:
- "3001:3001"
command: >
bash -c "echo hello
&& ls -lh /home/node/app/
&& npm install
&& npm i -g babel-cli
&& npm i -g flow-bin
&& npm start"
depends_on:
- redis
but there's 但是有
"Error: EACCES: permission denied, access'/home/node/app/node_modules'"."Error: EACCES: permission denied, access'/home/node/app/node_modules'".
If I comment out the #mark1 line, the container runs, however node_modules will be written onto the host (since ./proj is mounted ) 如果我注释掉#mark1行,则容器会运行,但是node_modules会被写入主机(因为./proj已经安装 )
I have read these two articles on the topic: 我已经阅读了关于这个主题的这两篇文章:
- https://blog.getjaco.com/jaco-labs-nodejs-docker-missing-manual/ https://blog.getjaco.com/jaco-labs-nodejs-docker-missing-manual/
- http://jdlm.info/articles/2016/03/06/lessons-building-node-app-docker.html http://jdlm.info/articles/2016/03/06/lessons-building-node-app-docker.html
but neither meets my goal. 但都达不到我的目标。
Update: 更新:
I added a line of ls -lh /home/node/app/ and found node_modules is owned by root . 我添加了一行ls -lh /home/node/app/ ,发现node_modules由root拥有。 This could be the problem. 这可能是问题所在。
1 个解决方案
解决方案1
1 2018-04-21 05:37:16
I ended up using a Dockerfile . 我最终使用了Dockerfile 。 It's minimum. 这是最低限度的。 (I keep some commented out lines for anyone may find them useful.) (我保留一些注释掉的行,任何人都可能觉得它们很有用。)
We need to change the owner of node_modules inside the container. 我们需要更改容器内node_modules的所有者。 It seems the ( update : Sorry. I forgot to remove the built container with node:9 image doesn't require this. 似乎node:9图像不需要这个。 So this is only for node:9-alpine . 所以这只适用于node:9-alpine 。 docker system prune . Both images need this. Here is a discussion on permissions/ownership of named volumes` ) ( 更新 :对不起。我忘了删除带有docker system prune的构建容器。两个映像都需要这个。这是关于命名卷的权限/所有权的讨论。 )
FROM node:9-alpine
#ENV NPM_CONFIG_PREFIX=/home/node/.npm-global
#ENV PATH=$PATH:/home/node/.npm-global/bin
RUN mkdir -p /home/node/app/node_modules
RUN chown -R node:node /home/node/app
#USER node
#WORKDIR /home/node/app
#RUN npm install --silent --progress=false ; \
# npm i -g babel-cli --silent --progress=false ;\
# npm i -g flow-bin --silent --progress=false
The docker-compose.yml ended up being like: docker-compose.yml最终如下:
services:
# ...
node:
# image: "node:9-alpine"
build: ./proj
user: "node"
working_dir: /home/node/app
environment:
# - NODE_ENV=production
- NPM_CONFIG_PREFIX=/home/node/.npm-global
- PATH=$PATH:/home/node/.npm-global/bin
volumes:
- ./proj/:/home/node/app
- /home/node/app/node_modules/
ports:
- "3006:3001"
command: >
/bin/sh -c "echo hello
&& ls -lh /home/node/app/
&& npm install
&& npm i -g babel-cli
&& npm i -g flow-bin
&& npm start"
depends_on:
- redis
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.