From 6d9763335cfcb0faf6ee55b20d28a06bfdc68416 Mon Sep 17 00:00:00 2001
From: dykim <gomdobi@gmail.com>
Date: Fri, 5 Dec 2025 10:57:51 +0900
Subject: [PATCH] =?UTF-8?q?=EC=BB=A8=ED=85=8C=EC=9D=B4=EB=84=88=20?=
 =?UTF-8?q?=EC=84=9C=EB=B9=84=EC=8A=A4=20=EA=B5=AC=EB=8F=99=20=EA=B3=84?=
 =?UTF-8?q?=EC=A0=95=20=EC=A1=B0=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Dockerfile | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index fe657fe..2ae2fe2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,34 +1,42 @@
-# 1단계: OTEL Java 에이전트 다운로드
+# 1단계: 에이전트 다운로드
 FROM alpine:3.20 AS otel
 ARG OTEL_VERSION=2.21.0
-
 RUN apk add --no-cache curl && \
     curl -fL \
       https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v${OTEL_VERSION}/opentelemetry-javaagent.jar \
       -o /opentelemetry-javaagent.jar
 
-# 2단계: Tomcat 이미지 (Java 8 기준, Java 17 쓸 거면 jdk17-temurin 그대로 사용)
-FROM tomcat:9.0-jdk8-temurin
+# 2단계: Tomcat 이미지
+FROM tomcat:9.0-jdk17-temurin
+
+# non-root 계정 생성 (UID/GID 1000:1000)
+RUN groupadd -g 1000 job && \
+    useradd -u 1000 -g 1000 -m job
+
+# Tomcat 디렉토리 권한을 1000:1000 으로 변경
+RUN chown -R 1000:1000 /usr/local/tomcat
 
 ENV TZ=Asia/Seoul \
-    OTEL_SERVICE_NAME=helpdesk_service \
+    OTEL_SERVICE_NAME=sayis_service \
     OTEL_EXPORTER_OTLP_ENDPOINT=http://192.168.100.203:4317 \
     OTEL_EXPORTER_OTLP_PROTOCOL=grpc \
     OTEL_RESOURCE_ATTRIBUTES="deployment.environment=prod" \
     JAVA_TOOL_OPTIONS="-javaagent:/opt/opentelemetry-javaagent.jar"
 
-# 타임존 설정
+# 타임존 적용
 RUN ln -sf /usr/share/zoneinfo/Asia/Seoul /etc/localtime
 
-# OTEL 에이전트 복사
+# 에이전트 복사
 COPY --from=otel /opentelemetry-javaagent.jar /opt/opentelemetry-javaagent.jar
 
-# 기본 ROOT 앱 제거
+# 기존 앱 제거
 RUN rm -rf /usr/local/tomcat/webapps/*
 
-# Maven 빌드된 WAR 복사
-# Maven 빌드 결과 파일명에 맞게 수정
-COPY target/sayit-helpdesk.war /usr/local/tomcat/webapps/ROOT.war
+# Maven 빌드된 WAR 복사 (target/sayis.war 기준)
+COPY target/sayis.war /usr/local/tomcat/webapps/ROOT.war
+
+# 이후부터는 1000:1000 계정으로 동작
+USER 1000:1000
 
 EXPOSE 8080
 CMD ["catalina.sh","run"]
\ No newline at end of file