From 8c51edabcf3a2fdb17458ef9d837bf1aac596aeb Mon Sep 17 00:00:00 2001
From: Doan Minh Tu <minhtu.workmail@gmail.com>
Date: Wed, 11 Mar 2026 08:33:04 +0700
Subject: [PATCH] fix(docker): use entrypoint to fix /app/data permissions on
 mounted volumes

---
 Dockerfile | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 511b979..b5bcae1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,11 +23,13 @@ COPY --from=builder /app/.next/static ./.next/static
 COPY --from=builder /app/.next/standalone ./
 COPY --from=builder /app/open-sse ./open-sse
 
-# Runtime writable location for localDb — must be AFTER COPY to avoid permission overwrite
-RUN mkdir -p /app/data && chown node:node /app/data
+RUN mkdir -p /app/data
 
-USER node
+# Fix permissions at runtime (handles mounted volumes)
+RUN printf '#!/bin/sh\nchown -R node:node /app/data 2>/dev/null; exec su-exec node "$@"\n' > /entrypoint.sh && chmod +x /entrypoint.sh
+RUN apk add --no-cache su-exec
 
 EXPOSE 20128
 
+ENTRYPOINT ["/entrypoint.sh"]
 CMD ["node", "server.js"]