From 9a8f257081c58b690b6d53e6e29dbc1e40de3af0 Mon Sep 17 00:00:00 2001
From: Cal Corum <calcorum@users.noreply.github.com>
Date: Thu, 9 Apr 2026 12:31:20 -0500
Subject: [PATCH] fix: move uvicorn to port 8080 so non-root user can bind

Non-root users cannot bind to privileged ports (<1024) without ambient
capabilities, which Docker does not set by default. Switch uvicorn,
healthcheck, and docker-compose port mapping from 80 to 8080. Also
combine the two RUN instructions for user/directory setup into one layer.

Addresses review feedback on #122.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 Dockerfile         | 9 +++++----
 docker-compose.yml | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0433889..3470ed1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,15 +23,16 @@ RUN pip install --no-cache-dir --upgrade pip && \
 COPY ./app /usr/src/app/app
 
 # Create non-root user and set up directories for volumes
-RUN addgroup --system appuser && adduser --system --ingroup appuser appuser
-RUN mkdir -p /usr/src/app/storage /usr/src/app/logs && \
+RUN addgroup --system appuser && \
+    adduser --system --ingroup appuser appuser && \
+    mkdir -p /usr/src/app/storage /usr/src/app/logs && \
     chown -R appuser:appuser /usr/src/app
 USER appuser
 
 # Health check
 HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 \
-    CMD curl -f http://localhost:80/api/v3/current || exit 1
+    CMD curl -f http://localhost:8080/api/v3/current || exit 1
 
 # Start uvicorn
 ENV WEB_WORKERS=2
-CMD ["sh", "-c", "exec uvicorn app.main:app --host 0.0.0.0 --port 80 --workers $WEB_WORKERS"]
\ No newline at end of file
+CMD ["sh", "-c", "exec uvicorn app.main:app --host 0.0.0.0 --port 8080 --workers $WEB_WORKERS"]
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 05a6304..fd5ca26 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -14,7 +14,7 @@ services:
       - ./storage:/usr/src/app/storage
       - ./logs:/usr/src/app/logs
     ports:
-      - 801:80
+      - 801:8080
     networks:
       - default
       # - nginx-proxy-manager_npm_network  # Commented for local testing