From a857c19572607acb873c3fb488784a75a67d8ff5 Mon Sep 17 00:00:00 2001
From: michael <michael.c@kkts.com.au>
Date: Mon, 16 Jul 2018 22:38:44 +1000
Subject: [PATCH 1/2] use su-exec to run npm as user osrm

---
 docker/Dockerfile | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 40308809..0714d729 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -12,7 +12,7 @@ RUN mkdir -p /src
 COPY package.json /src
 
 # Install app dependencies
-RUN apk add --no-cache sed nodejs && \
+RUN apk add --no-cache sed nodejs su-exec && \
     cd /src && \
     npm install
 
@@ -20,6 +20,10 @@ RUN apk add --no-cache sed nodejs && \
 COPY . /src
 WORKDIR /src
 
+# for dropping privileges
+RUN adduser -D osrm && \
+    chown -R osrm /src
+
 # Run App
 EXPOSE 9966
-CMD ["npm", "start"]
+CMD ["su-exec", "osrm", "npm", "start"]

From 905e4e51eed0167adc248ea9a84b89305629c32e Mon Sep 17 00:00:00 2001
From: michael <michael.c@kkts.com.au>
Date: Mon, 16 Jul 2018 22:46:53 +1000
Subject: [PATCH 2/2] bump version of alpine to 3.8 npm is packaged separately
 in alpine 3.8

---
 docker/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 0714d729..42a2dd38 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.5
+FROM alpine:3.8
 
 # Enables customized options using environment variables
 ENV OSRM_BACKEND='http://localhost:5000'
@@ -12,7 +12,7 @@ RUN mkdir -p /src
 COPY package.json /src
 
 # Install app dependencies
-RUN apk add --no-cache sed nodejs su-exec && \
+RUN apk add --no-cache sed nodejs su-exec npm && \
     cd /src && \
     npm install