playground/docker-claude
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(claude): use built-in node user instead of custom claude user

Browse source 
Drop the addgroup/adduser layer entirely. node:20-alpine already ships
a node user at uid/gid 1000. Update chown and USER directives, and
update the claude-config volume mount path to /home/node/.claude.
This commit is contained in:
docker-claude 2026-04-14 22:50:59 +02:00
parent 0800e4a084
commit 1c489f8636
4 changed files with 12 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CLAUDE.md
View file

@ -10,8 +10,8 @@ This file provides context and guidance for working with this project.
Three containers managed by Docker Compose:
- **`claude`** — Claude Code CLI (`node:20-alpine`), non-root (UID 1000), isolated to an internal-only Docker network
- **`webui`** — Claude Code as a browser terminal via ttyd (`node:20-alpine`), non-root (UID 1000), same network isolation, basic auth required
- **`claude`** — Claude Code CLI (`node:20-alpine`), runs as the built-in `node` user (UID 1000), isolated to an internal-only Docker network
- **`webui`** — Claude Code as a browser terminal via ttyd (`node:20-alpine`), `node` user (UID 1000), same network isolation, basic auth required
- **`proxy`** — Squid forward proxy (`alpine:3.21`), `squid` user, bridges the internal network to the internet with an egress allowlist
Key Docker network property: `claude-internal` has `internal: true`, meaning Docker adds no default gateway. The `claude` and `webui` containers physically cannot reach the internet without going through the `proxy` container.