Docker improvements

- Modify onionr.sh to parse env and supply args to run-onionr-node.py
- Run onionr by default rather than bash
- Run as unprivileged user by default instead of root
- Use /app for all code
- Specify python 3.7 (3.8 fails to build cffi)
- Use apt-get rather than apt (apt's CLI is not stable)
- Slight reformatting and consolidation

Dockerfile

@@ -1,28 +1,30 @@
-FROM python
+FROM python:3.7
 
-#Base settings
+USER root
-ENV HOME /root
+
+RUN mkdir /app
+WORKDIR /app
+
+ENV PORT=8080
+EXPOSE 8080
 
 #Install needed packages
-RUN apt update && apt install -y  tor locales
+RUN apt-get update && apt-get install -y tor locales
 
 RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
     locale-gen
-ENV LANG en_US.UTF-8  
+ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8
-ENV LANGUAGE en_US:en  
-ENV LC_ALL en_US.UTF-8  
 
-WORKDIR /srv/
+ADD ./requirements.txt /app/requirements.txt
-ADD ./requirements.txt /srv/requirements.txt
 RUN pip3 install --require-hashes -r requirements.txt
 
-WORKDIR /root/
 #Add Onionr source
-COPY . /root/
+COPY . /app/
-VOLUME /root/data/
 
-#Set upstart command
+VOLUME /app/data/
-CMD bash
 
-#Expose ports
+#Default to running as nonprivileged user
-EXPOSE 8080
+RUN chmod g=u -R /app
+USER 1000
+
+CMD ["bash", "./onionr.sh"]

onionr.sh

@@ -2,5 +2,22 @@
 ORIG_ONIONR_RUN_DIR=`pwd`
 export ORIG_ONIONR_RUN_DIR
 cd "$(dirname "$0")"
-cd src
+
-./__init__.py "$@"
+[[ -n "$USE_TOR" ]] || USE_TOR=1
+[[ -n "$PORT" ]] || PORT=8080
+[[ -n "$KEEP_LOG" ]] || KEEP_LOG=0
+[[ -n "$STORE_PLAINTEXT" ]] || STORE_PLAINTEXT=1
+
+PRIVKEY_OPT=""
+[[ -f "privkey.key" ]] && PRIVKEY_OPT="--private-key privkey.key"
+
+python run-onionr-node.py \
+	--open-ui 0 \
+	--onboarding 0 \
+	--bind-address 0.0.0.0 \
+	--port $PORT \
+	--use-tor $USE_TOR \
+	--keep-log-on-exit $KEEP_LOG \
+	--store-plaintext $STORE_PLAINTEXT \
+	$PRIVKEY_OPT \
+	"$@"