Update container to run as non-root

Part of convergencelabs/convergence-project#252

README.md

@@ -1,11 +1,9 @@
-<div align="center">
-  <img alt="Convergence Logo" height="80" src="https://convergence.io/assets/img/convergence-logo.png" >
-</div>
+<img alt="Convergence Logo" height="80" src="https://convergence.io/assets/img/convergence-logo.png" >
 
 # Convergence Server Container
 [![Build Status](https://travis-ci.org/convergencelabs/convergence-server-container.svg?branch=master)](https://travis-ci.org/convergencelabs/convergence-server-container)
 
-The Convergence Server provide the core services of the Convergence Realtime Collaboration Framework. Convergence enables developers to rapidly integrate realtime collaboration directly into their applications.
+The Convergence Server provides the core services of the Convergence Realtime Collaboration Framework. Convergence enables developers to rapidly integrate realtime collaboration directly into their applications.
 
 This repository contains the [OCI](https://www.opencontainers.org/) container build for the Convergence Server. It makes use of the Convergence Server Universal distribution that is published to [Maven Central](https://repo1.maven.org/maven2/com/convergencelabs/convergence-server-universal/).
 
@@ -61,7 +59,7 @@ docker run --rm --name orientdb \
   -p 2424:2424 \
   -p 2480:2480 \
   -e ORIENTDB_ROOT_PASSWORD=password \
-  orientdb:3.0.31
+  orientdb:3.0.37
 ```
 
 ## Support

src/Dockerfile

@@ -24,17 +24,27 @@ FROM openjdk:11.0.11-9-jdk
 
 LABEL maintainer="Convergence Labs, Inc."
 
-ADD convergence-server.conf /etc/convergence/convergence-server.conf
+## Create convergence group and user to run as a non root user.
+RUN groupadd -g 5000 convergence && \
+    useradd -u 5000 -g convergence convergence
+
+COPY convergence-server.conf /etc/convergence/convergence-server.conf
 
 COPY --from=builder /tmp/convergence-server /opt/convergence-server
 
 COPY log4j2.xml /opt/convergence-server/conf/log4j2.xml
 COPY convergence-server.conf /opt/convergence-server/conf/convergence-server.conf
 
+RUN chown -R convergence:convergence /opt/convergence-server && \
+    chown -R convergence:convergence /etc/convergence
+
 EXPOSE 8080
 EXPOSE 8081
 EXPOSE 25520
 
 WORKDIR /opt/convergence-server/
 
-ENTRYPOINT ["/opt/convergence-server/bin/convergence-server"]
+## Execut as the convergence user.
+USER convergence
+
+ENTRYPOINT ["/opt/convergence-server/bin/convergence-server"]