From 23c8c66045f54c321943ccc87072728c6ce9a6a0 Mon Sep 17 00:00:00 2001
From: tamarafinogina <tamara@internxt.com>
Date: Wed, 11 Mar 2026 16:18:03 +0100
Subject: [PATCH 1/2] polish docker

---
 Dockerfile             | 3 +++
 development.Dockerfile | 2 ++
 docker-compose.yml     | 7 +++++--
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 4e6544c..863edb4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,9 @@
 FROM node:22.17.0
 LABEL author="internxt"
 
+RUN groupadd -r nodeuser && useradd -r -g nodeuser nodeuser
+USER nodeuser
+
 WORKDIR /usr/app
 
 COPY package.json ./
diff --git a/development.Dockerfile b/development.Dockerfile
index 076c428..9daeee5 100644
--- a/development.Dockerfile
+++ b/development.Dockerfile
@@ -1,5 +1,7 @@
 FROM node:22.13.1
 
+RUN groupadd -r nodeuser && useradd -r -g nodeuser nodeuser
+USER nodeuser
 WORKDIR /usr/app
 
 COPY package.json ./
diff --git a/docker-compose.yml b/docker-compose.yml
index ae386db..1b2ff79 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,8 +1,8 @@
-version: '3.9'
-
 services:
   meet-database:
     image: postgres:15
+    security_opt:
+      - no-new-privileges:true
     container_name: meet-database
     restart: always
     volumes:
@@ -23,6 +23,8 @@ services:
       timeout: 5s
 
   meet-server:
+    security_opt:
+      - no-new-privileges:true
     container_name: meet-server
     build:
       context: .
@@ -46,3 +48,4 @@ services:
 networks:
   internxt:
     name: internxt
+    external: true

From 3496703186dbb83750ed37315701b2810c78c082 Mon Sep 17 00:00:00 2001
From: tamarafinogina <tamara@internxt.com>
Date: Thu, 19 Mar 2026 19:26:20 +0100
Subject: [PATCH 2/2] add chown, fix node version mismatch

---
 Dockerfile             | 2 +-
 development.Dockerfile | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 863edb4..a9ee948 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,7 +10,7 @@ COPY package.json ./
 COPY yarn.lock ./
 
 RUN yarn
-COPY . ./
+COPY --chown=nodeuser:nodeuser . ./
 
 RUN yarn build
 
diff --git a/development.Dockerfile b/development.Dockerfile
index 9daeee5..7ffb535 100644
--- a/development.Dockerfile
+++ b/development.Dockerfile
@@ -1,4 +1,4 @@
-FROM node:22.13.1
+FROM node:22.17.0
 
 RUN groupadd -r nodeuser && useradd -r -g nodeuser nodeuser
 USER nodeuser
@@ -8,7 +8,7 @@ COPY package.json ./
 COPY yarn.lock ./
 
 RUN yarn
-COPY . ./
+COPY --chown=nodeuser:nodeuser . ./
 
 RUN rm -rf dist && yarn build