Can't connect to nodejs server in docker container after settting USER

Question

I have a Dockerfile that works fine when running as root. If I add a non-privileged user it runs:

docker ps (I changed the container names)

f63a4ae42ba9        nonroot   "sh /app/docker-st..."   16 minutes ago      Up 16 minutes       0.0.0.0:3002->3002/tcp   nonroot
4bd547b40246        root      "sh /app/docker-st..."   3 hours ago         Up 3 hours          0.0.0.0:3003->3002/tcp   root

But I do not get a server response. It looks like it can connect however.

wget http://localhost:3002/stats
--2017-07-20 14:40:27--  http://localhost:3002/stats
Resolving localhost... ::1, 127.0.0.1
Connecting to localhost|::1|:3002... connected.
HTTP request sent, awaiting response... No data received.
Retrying.

The container running as root works fine:

wget http://localhost:3003/stats
--2017-07-20 14:40:31--  http://localhost:3003/stats
Resolving localhost... ::1, 127.0.0.1
Connecting to localhost|::1|:3003... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5866 (5.7K) [application/json]
Saving to: ‘stats.1

This is my Dockerfile:

FROM node:6

WORKDIR /app

RUN apt-get update && \
  apt-get install -y \
  libgconf2-4 libxss1 libxtst6 libnss3 libasound2 xvfb dbus-x11 libgtk2.0-common \
  imagemagick ghostscript poppler-utils && \
  rm -rf /var/lib/apt/lists/*

ENV NODE_ENV="production"
COPY ./package.json /app/
RUN npm install

ENV \
ELECTRONEXPORT_HOST="0.0.0.0" \
ELECTRONEXPORT_PORT="3002" \
ELECTRONEXPORT_DATA="/data" \
ELECTRONEXPORT_LOGDIR="/var/log/spider_export" \
ELECTRONEXPORT_LOGSIZE="1" \
DEBUG="electronpdf*,pdf*"

COPY docker-start.sh start.js /app/
COPY src/ /app/src

RUN groupadd -r sbe && \
useradd --no-log-init -r -g sbe sbe && \
chown -R sbe:sbe /app && \
chmod -R 755 /app

# Run as a non-privileged user
USER sbe

EXPOSE 3002

CMD ["sh", "/app/docker-start.sh"]

And these are the lines that were added that present the issue:

RUN groupadd -r sbe && \
useradd --no-log-init -r -g sbe sbe && \
chown -R sbe:sbe /app && \
chmod -R 755 /app

# Run as a non-privileged user
USER sbe

Edit : I have found this error in the log

A JavaScript error occurred in the main process
Uncaught Exception:
Error: Failed to get 'appData' path
    at Error (native)
    at Object.<anonymous> (/app/node_modules/electron/dist/resources/electron.asar/browser/init.js:149:39)
    at Module._compile (module.js:556:32)
    at Object.Module._extensions..js (module.js:565:10)
    at Module.load (module.js:473:32)
    at tryModuleLoad (module.js:432:12)
    at Function.Module._load (module.js:424:3)
    at Module.runMain (module.js:590:10)
    at run (bootstrap_node.js:402:7)
    at startup (bootstrap_node.js:157:9)

Answer 1

I solved this by reordering the npm install. It seems that electron puts things somewhere which my chmod was not hitting.

By changing the user before npm install the issues is resolved

RUN groupadd -r sbe && \
useradd --no-log-init -m -r -g sbe sbe && \
chown -R sbe:sbe /app && \
chmod -R 755 /app

# Run as a non-privileged user (inside the container)
USER sbe
ENV NODE_ENV="production"
COPY ./package.json /app/
RUN npm install