From 3fd745196f07159b9108ff957940ab9d2bf97315 Mon Sep 17 00:00:00 2001
From: tristan <tristan@yuno.malio.fr>
Date: Mon, 6 Apr 2026 17:42:39 +0200
Subject: [PATCH] fix : mount /var/www as /mnt/apps, fix docker socket GID for
 www-data

- Mount host /var/www into /mnt/apps to avoid conflict with container /var/www/html
- Use GID 987 (host docker group) instead of 999 for socket access
- Add group_add in docker-compose for container-level GID

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 infra/prod/Dockerfile         |  6 ++----
 infra/prod/docker-compose.yml | 30 ++++++++++++++++--------------
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/infra/prod/Dockerfile b/infra/prod/Dockerfile
index c21262f..e79bc2f 100644
--- a/infra/prod/Dockerfile
+++ b/infra/prod/Dockerfile
@@ -75,10 +75,8 @@ RUN echo "APP_ENV=prod" > /var/www/html/.env
 RUN mkdir -p /var/www/html/var/log /var/www/html/var/uploads \
     && chown -R www-data:www-data /var/www/html/var
 
-# Allow www-data to use Docker socket
-# The socket GID varies per host; we set it at container startup via entrypoint
-# As fallback, install docker group with common GID
-RUN groupadd -g 999 docker 2>/dev/null; usermod -aG docker www-data
+# Allow www-data to use Docker socket (GID 987 matches host's docker group)
+RUN groupadd -g 987 dockerhost 2>/dev/null; usermod -aG dockerhost www-data
 
 WORKDIR /var/www/html
 EXPOSE 80
diff --git a/infra/prod/docker-compose.yml b/infra/prod/docker-compose.yml
index 101f716..759e683 100644
--- a/infra/prod/docker-compose.yml
+++ b/infra/prod/docker-compose.yml
@@ -1,15 +1,17 @@
 services:
-  app:
-    image: gitea.malio.fr/malio-dev/central:${CENTRAL_IMAGE_TAG:-latest}
-    container_name: central-app
-    env_file: .env
-    ports:
-      - "8084:80"
-    volumes:
-      - ./config/jwt:/var/www/html/config/jwt:ro
-      - ./uploads:/var/www/html/var/uploads
-      - /var/run/docker.sock:/var/run/docker.sock
-      - /var/www:/mnt/apps
-    extra_hosts:
-      - "host.docker.internal:host-gateway"
-    restart: unless-stopped
+    app:
+        image: gitea.malio.fr/malio-dev/central:${CENTRAL_IMAGE_TAG:-latest}
+        container_name: central-app
+        env_file: .env
+        ports:
+            - "8084:80"
+        group_add:
+            - "987"
+        volumes:
+            - ./config/jwt:/var/www/html/config/jwt:ro
+            - ./uploads:/var/www/html/var/uploads
+            - /var/run/docker.sock:/var/run/docker.sock
+            - /var/www:/mnt/apps
+        extra_hosts:
+            - "host.docker.internal:host-gateway"
+        restart: unless-stopped