Mouws/protonmail-bridge-nextcoud-podman
1
0
Fork 1
mirror of https://github.com/shenxn/protonmail-bridge-docker.git synced 2025-12-06 08:27:08 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

run as non-root in docker (#38)

Browse Source
This commit is contained in:
Xiaonan Shen 2021-09-04 11:10:58 +08:00 committed by GitHub
commit eb44376525
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -38,7 +38,7 @@ tag | description
To initialize and add account to the bridge, run the following command. To initialize and add account to the bridge, run the following command.
``` ```
docker run --rm -it -v protonmail:/root shenxn/protonmail-bridge init docker run --rm -it -v protonmail:/home/protonmail shenxn/protonmail-bridge init
``` ```
Wait for the bridge to startup, use `login` command and follow the instructions to add your account into the bridge. Then use `info` to see the configuration information (username and password). After that, use `exit` to exit the bridge. You may need `CTRL+C` to exit the docker entirely. Wait for the bridge to startup, use `login` command and follow the instructions to add your account into the bridge. Then use `info` to see the configuration information (username and password). After that, use `exit` to exit the bridge. You may need `CTRL+C` to exit the docker entirely.
@ -48,7 +48,7 @@ Wait for the bridge to startup, use `login` command and follow the instructions
To run the container, use the following command. To run the container, use the following command.
``` ```
docker run -d --name=protonmail-bridge -v protonmail:/root -p 1025:25/tcp -p 1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge docker run -d --name=protonmail-bridge -v protonmail:/home/protonmail -p 1025:25/tcp -p 1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge
``` ```
## Kubernetes ## Kubernetes
@ -62,7 +62,7 @@ If you don't want to use Helm, you can also reference to the guide ([#6](https:/
Please be aware that running the command above will expose your bridge to the network. Remember to use firewall if you are going to run this in an untrusted network or on a machine that has public IP address. You can also use the following command to publish the port to only localhost, which is the same behavior as the official bridge package. Please be aware that running the command above will expose your bridge to the network. Remember to use firewall if you are going to run this in an untrusted network or on a machine that has public IP address. You can also use the following command to publish the port to only localhost, which is the same behavior as the official bridge package.
``` ```
docker run -d --name=protonmail-bridge -v protonmail:/root -p 127.0.0.1:1025:25/tcp -p 127.0.0.1:1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge docker run -d --name=protonmail-bridge -v protonmail:/home/protonmail -p 127.0.0.1:1025:25/tcp -p 127.0.0.1:1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge
``` ```
Besides, you can publish only port 25 (SMTP) if you don't need to receive any email (e.g. as a email notification service). Besides, you can publish only port 25 (SMTP) if you don't need to receive any email (e.g. as a email notification service).

7
build/Dockerfile
View File

@ -25,4 +25,11 @@ COPY gpgparams entrypoint.sh /protonmail/
# Copy protonmail # Copy protonmail
COPY --from=build /build/proton-bridge/proton-bridge /protonmail/ COPY --from=build /build/proton-bridge/proton-bridge /protonmail/
# Add a user 'protonmail' with UID 8535
RUN useradd -u 8535 -d /home/protonmail protonmail \
&& mkdir -p /home/protonmail \
&& chown protonmail: /home/protonmail
# change to non-privileged user for extra security
USER protonmail
ENTRYPOINT ["bash", "/protonmail/entrypoint.sh"] ENTRYPOINT ["bash", "/protonmail/entrypoint.sh"]

5
build/entrypoint.sh
View File

@ -2,6 +2,11 @@
set -ex set -ex
id
# Go to current user's homedir
cd
echo $PWD
# Initialize # Initialize
if [[ $1 == init ]]; then if [[ $1 == init ]]; then