fix : mount /var/www as /mnt/apps, fix docker socket GID for www-data

- Mount host /var/www into /mnt/apps to avoid conflict with container /var/www/html - Use GID 987 (host docker group) instead of 999 for socket access - Add group_add in docker-compose for container-level GID Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-06 17:42:39 +02:00
parent 8481fe8fef
commit 3fd745196f
2 changed files with 18 additions and 18 deletions
--- a/infra/prod/Dockerfile
+++ b/infra/prod/Dockerfile
@@ -75,10 +75,8 @@ RUN echo "APP_ENV=prod" > /var/www/html/.env
 RUN mkdir -p /var/www/html/var/log /var/www/html/var/uploads \
    && chown -R www-data:www-data /var/www/html/var

-# Allow www-data to use Docker socket
-# The socket GID varies per host; we set it at container startup via entrypoint
-# As fallback, install docker group with common GID
-RUN groupadd -g 999 docker 2>/dev/null; usermod -aG docker www-data
+# Allow www-data to use Docker socket (GID 987 matches host's docker group)
+RUN groupadd -g 987 dockerhost 2>/dev/null; usermod -aG dockerhost www-data

 WORKDIR /var/www/html
 EXPOSE 80
--- a/infra/prod/docker-compose.yml
+++ b/infra/prod/docker-compose.yml
@@ -1,15 +1,17 @@
 services:
-  app:
-    image: gitea.malio.fr/malio-dev/central:${CENTRAL_IMAGE_TAG:-latest}
-    container_name: central-app
-    env_file: .env
-    ports:
-      - "8084:80"
-    volumes:
-      - ./config/jwt:/var/www/html/config/jwt:ro
-      - ./uploads:/var/www/html/var/uploads
-      - /var/run/docker.sock:/var/run/docker.sock
-      - /var/www:/mnt/apps
-    extra_hosts:
-      - "host.docker.internal:host-gateway"
-    restart: unless-stopped
+    app:
+        image: gitea.malio.fr/malio-dev/central:${CENTRAL_IMAGE_TAG:-latest}
+        container_name: central-app
+        env_file: .env
+        ports:
+            - "8084:80"
+        group_add:
+            - "987"
+        volumes:
+            - ./config/jwt:/var/www/html/config/jwt:ro
+            - ./uploads:/var/www/html/var/uploads
+            - /var/run/docker.sock:/var/run/docker.sock
+            - /var/www:/mnt/apps
+        extra_hosts:
+            - "host.docker.internal:host-gateway"
+        restart: unless-stopped