playground/docker-claude
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs: update node:20-alpine references to node:24-alpine
Some checks failed
Build images / build-and-push (push) Blocked by required conditions
Details
Build images / check-docker (push) Successful in 1s
Details
Build images / scan (push) Has been cancelled
Details

Browse source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
docker-claude 2026-04-20 15:17:15 +02:00
parent ec329ca616
commit a566b463a9
2 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
CLAUDE.md
View file

@ -10,7 +10,7 @@ This file provides context and guidance for working with this project.
Two containers managed by Docker Compose: Two containers managed by Docker Compose:
- **`claude`** — Claude Code CLI (`node:20-alpine`), runs as the built-in `node` user (UID 1000), isolated to an internal-only Docker network - **`claude`** — Claude Code CLI (`node:24-alpine`), runs as the built-in `node` user (UID 1000), isolated to an internal-only Docker network
- **`proxy`** — Squid forward proxy (`alpine:3.21`), `squid` user, bridges the internal network to the internet with an egress allowlist - **`proxy`** — Squid forward proxy (`alpine:3.21`), `squid` user, bridges the internal network to the internet with an egress allowlist
Key Docker network property: `claude-internal` has `internal: true`, meaning Docker adds no default gateway. The `claude` container physically cannot reach the internet without going through the `proxy` container. Key Docker network property: `claude-internal` has `internal: true`, meaning Docker adds no default gateway. The `claude` container physically cannot reach the internet without going through the `proxy` container.
@ -31,7 +31,7 @@ docker-claude/
├── build.sh # Build images locally (development) ├── build.sh # Build images locally (development)
├── docker-compose.yml # Service definitions and network topology ├── docker-compose.yml # Service definitions and network topology
├── claude/ ├── claude/
│ └── Dockerfile # Claude Code stable release (node:20-alpine, UID 1000) │ └── Dockerfile # Claude Code stable release (node:24-alpine, UID 1000)
├── proxy/ ├── proxy/
│ ├── Dockerfile # Squid proxy sidecar (alpine:3.21, squid user) │ ├── Dockerfile # Squid proxy sidecar (alpine:3.21, squid user)
│ └── squid.conf # Squid ACL config — egress allowlist lives here │ └── squid.conf # Squid ACL config — egress allowlist lives here
@ -63,7 +63,7 @@ git config core.hooksPath hooks
## Coding Standards ## Coding Standards
- Shell scripts use `set -euo pipefail` - Shell scripts use `set -euo pipefail`
- Dockerfiles use Alpine (`node:20-alpine`, `alpine:3.21`) for minimal attack surface - Dockerfiles use Alpine (`node:24-alpine`, `alpine:3.21`) for minimal attack surface
- Alpine packages use `apk add --no-cache`; no apt cache cleanup layer needed - Alpine packages use `apk add --no-cache`; no apt cache cleanup layer needed
- No capabilities granted; `no-new-privileges` on all containers - No capabilities granted; `no-new-privileges` on all containers
- `.env` is never committed (enforced by `.gitignore` and `.dockerignore`) - `.env` is never committed (enforced by `.gitignore` and `.dockerignore`)

2
README.md
View file

@ -68,7 +68,7 @@ Setup will ask how you want to authenticate (API key, subscription token, or bro
└──────────────────────────────────────────────────────────┘ └──────────────────────────────────────────────────────────┘
``` ```
- **`claude`** — Claude Code CLI (`node:20-alpine`), runs as the built-in `node` user (UID 1000), on `claude-internal` only - **`claude`** — Claude Code CLI (`node:24-alpine`), runs as the built-in `node` user (UID 1000), on `claude-internal` only
- **`proxy`** — Squid forward proxy (`alpine:3.21`), bridges `claude-internal` ↔ internet with egress allowlist - **`proxy`** — Squid forward proxy (`alpine:3.21`), bridges `claude-internal` ↔ internet with egress allowlist
- **`claude-internal`** — `internal: true`; no default gateway, containers cannot reach the internet directly - **`claude-internal`** — `internal: true`; no default gateway, containers cannot reach the internet directly
- **`proxy-external`** — Standard bridge; proxy sidecar only - **`proxy-external`** — Standard bridge; proxy sidecar only