improve the Dockerfile, following @gclayburg recommendations from jhi…

…pster#7722

 - use a specific jhipster user instead of root
 - use an entrypoint to allow passing docker run cli args to the docker process
 - prepend the `java` command with exec to correctly respond to QUIT and TERM signals

generators/server/files.js

@@ -61,6 +61,7 @@ const serverFiles = {
             path: DOCKER_DIR,
             templates: [
                 'Dockerfile',
+                'entrypoint.sh',
                 '.dockerignore',
                 'app.yml',
                 'sonar.yml'

generators/server/templates/src/main/docker/Dockerfile.ejs

@@ -22,10 +22,17 @@ ENV SPRING_OUTPUT_ANSI_ENABLED=ALWAYS \
     JHIPSTER_SLEEP=0 \
     JAVA_OPTS="<%_ if (cacheProvider === 'infinispan') { _%>-Djgroups.tcp.address=NON_LOOPBACK -Djava.net.preferIPv4Stack=true<%_ } _%>"
 
-CMD echo "The application will start in ${JHIPSTER_SLEEP}s..." && \
-    sleep ${JHIPSTER_SLEEP} && \
-    java ${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom -jar /app.war
+# Add a jhipster user to run our application so that it doesn't need to run as root
+RUN adduser -D -s /bin/sh jhipster
+WORKDIR /home/jhipster
+
+ADD entrypoint.sh entrypoint.sh
+RUN chmod 755 entrypoint.sh && chown jhipster:jhipster entrypoint.sh
+USER jhipster
+
+ADD *.war app.war
+
+ENTRYPOINT ["./entrypoint.sh"]
 
 EXPOSE <%= serverPort %><% if (cacheProvider === 'hazelcast') { %> 5701/udp<% } %>
 
-ADD *.war /app.war

generators/server/templates/src/main/docker/entrypoint.sh.ejs

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+echo "The application will start in ${JHIPSTER_SLEEP}s..." && sleep ${JHIPSTER_SLEEP}
+exec java ${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom -jar "${HOME}/app.war" "$@"