fix: support non-root user container startup

- Guard /etc/resolv.conf write and crond behind root check in entrypoint; non-root containers now stay alive via 'tail -f /dev/null' instead of failing when crond exits with EPERM - Set PM2_HOME to ${QL_DIR}/data/.pm2 (inside the data volume) so PM2 does not fall back to /root/.pm2, which is inaccessible to non-root users - Pre-create /ql/.tmp and /ql/shell/preload during image build and make them world-writable so non-root processes can write runtime files - Wrap directory creation in initFile.ts with try/catch + recursive:true so a permission error on ~/.ssh (HOME=/root for non-root user) is logged as a warning instead of crashing the server init
2026-06-13 06:16:12 +08:00 · 2026-05-24 06:39:38 +00:00 · 2026-05-24 06:39:38 +00:00 · cb93a1f0d3
commit cb93a1f0d3
parent d25340a857
4 changed files with 21 additions and 6 deletions
--- a/back/loaders/initFile.ts
+++ b/back/loaders/initFile.ts
@ -104,7 +104,11 @@ const files = [
 export default async () => {
  for (const dirPath of directories) {
    if (!(await fileExist(dirPath))) {
-      await fs.mkdir(dirPath);
+      try {
+        await fs.mkdir(dirPath, { recursive: true });
+      } catch (err: any) {
+        Logger.warn(`Unable to create directory ${dirPath}: ${err.message}`);
+      }
    }
  }

--- a/docker/310.Dockerfile
+++ b/docker/310.Dockerfile
@ -65,11 +65,14 @@ RUN git clone --depth=1 -b ${QL_BRANCH} ${QL_URL} ${QL_DIR} \
  && git clone --depth=1 -b ${QL_BRANCH} https://github.com/${QL_MAINTAINER}/qinglong-static.git /static \
  && mkdir -p ${QL_DIR}/static \
  && cp -rf /static/* ${QL_DIR}/static \
-  && rm -rf /static
+  && rm -rf /static \
+  && mkdir -p ${QL_DIR}/.tmp ${QL_DIR}/shell/preload \
+  && chmod -R a+w ${QL_DIR}/.tmp ${QL_DIR}/shell/preload ${QL_DIR}/static

 ENV PNPM_HOME=${QL_DIR}/data/dep_cache/node \
  PYTHON_HOME=${QL_DIR}/data/dep_cache/python3 \
  PYTHONUSERBASE=${QL_DIR}/data/dep_cache/python3 \
+  PM2_HOME=${QL_DIR}/data/.pm2 \
  HOME=/root

 ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:${PNPM_HOME}:${PYTHON_HOME}/bin:${HOME}/bin \
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -65,11 +65,14 @@ RUN git clone --depth=1 -b ${QL_BRANCH} ${QL_URL} ${QL_DIR} \
  && git clone --depth=1 -b ${QL_BRANCH} https://github.com/${QL_MAINTAINER}/qinglong-static.git /static \
  && mkdir -p ${QL_DIR}/static \
  && cp -rf /static/* ${QL_DIR}/static \
-  && rm -rf /static
+  && rm -rf /static \
+  && mkdir -p ${QL_DIR}/.tmp ${QL_DIR}/shell/preload \
+  && chmod -R a+w ${QL_DIR}/.tmp ${QL_DIR}/shell/preload ${QL_DIR}/static

 ENV PNPM_HOME=${QL_DIR}/data/dep_cache/node \
  PYTHON_HOME=${QL_DIR}/data/dep_cache/python3 \
  PYTHONUSERBASE=${QL_DIR}/data/dep_cache/python3 \
+  PM2_HOME=${QL_DIR}/data/.pm2 \
  HOME=/root

 ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:${PNPM_HOME}:${PYTHON_HOME}/bin:${HOME}/bin \
--- a/docker/docker-entrypoint.sh
+++ b/docker/docker-entrypoint.sh
@ -15,10 +15,10 @@ log_with_style() {
  printf "\n[%s] [%7s]  %s\n" "${timestamp}" "${level}" "${message}"
 }

-# Fix DNS resolution issues in Alpine Linux
+# Fix DNS resolution issues in Alpine Linux (requires root)
 # Alpine uses musl libc which has known DNS resolver issues with certain domains
 # Adding ndots:0 prevents unnecessary search domain appending
-if [ -f /etc/alpine-release ]; then
+if [ "$(id -u)" = "0" ] && [ -f /etc/alpine-release ]; then
  if ! grep -q "^options ndots:0" /etc/resolv.conf 2>/dev/null; then
    echo "options ndots:0" >> /etc/resolv.conf
    log_with_style "INFO" "🔧  0. 已配置 DNS 解析优化 (ndots:0)"
@ -50,6 +50,11 @@ fi

 log_with_style "SUCCESS" "🎉  容器启动成功!"

+if [ "$(id -u)" = "0" ]; then
  crond -f >/dev/null
+else
+  # crond requires root in Alpine; keep container alive without it
+  exec tail -f /dev/null
+fi

 exec "$@"