e0e5e03e58
Two-container setup: claude (UID 1000, internal-only network) and proxy (Squid, UID 13). The internal Docker network uses internal: true so the claude container has no direct internet route. All egress is tunnelled through the Squid sidecar which enforces a domain allowlist. Both containers drop all capabilities and set no-new-privileges. claude.sh provides start/stop/run/update/logs/status/shell lifecycle management.
30 lines
811 B
Text
30 lines
811 B
Text
FROM node:20-slim
|
|
|
|
# Install minimal runtime dependencies
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
git \
|
|
curl \
|
|
ca-certificates \
|
|
bash \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Create non-root user
|
|
RUN groupadd -g 1000 claude \
|
|
&& useradd -u 1000 -g claude -m -s /bin/bash claude
|
|
|
|
# Install Claude Code globally (runs as root for npm -g, then drops)
|
|
RUN npm install -g @anthropic-ai/claude-code
|
|
|
|
# Workspace directory owned by claude user
|
|
RUN mkdir -p /workspace && chown claude:claude /workspace
|
|
|
|
USER claude
|
|
WORKDIR /workspace
|
|
|
|
# Proxy traffic through sidecar — override at runtime if needed
|
|
ENV HTTP_PROXY=http://proxy:3128
|
|
ENV HTTPS_PROXY=http://proxy:3128
|
|
ENV ALL_PROXY=http://proxy:3128
|
|
ENV NO_PROXY=localhost,127.0.0.1
|
|
|
|
ENTRYPOINT ["claude"]
|