Run wstcp proxy as non-root user

SergeyG-Solicy · SergeyG-Solicy · commit 2d96b169a51b · 2026-04-06T11:40:40.000+04:00
diff --git a/tlsnotary/Dockerfile.proxy b/tlsnotary/Dockerfile.proxy
@@ -16,10 +16,14 @@ RUN cargo install wstcp
 # ── Runtime ──────────────────────────────────────────────────────────────────
 FROM alpine:3.20
 
-RUN apk add --no-cache ca-certificates
+RUN apk add --no-cache ca-certificates \
+    && addgroup -S wstcp \
+    && adduser -S -G wstcp wstcp
 
 COPY --from=builder /usr/local/cargo/bin/wstcp /usr/local/bin/wstcp
 
+USER wstcp
+
 EXPOSE 55688
 
 # First arg after the image is the TCP target (e.g. notary:7047).
