Updates for permission handling in the container

debian/Dockerfile

@@ -127,6 +127,9 @@ RUN set -eux; \
     rm -f /tmp/ninja.tar && \
     chown -R www-data:www-data /var/www/html
 
+# After setting permissions, switch to www-data for remaining operations
+USER www-data
+
 # Install dependencies
 RUN composer install --no-dev --no-scripts --no-autoloader
 
@@ -137,6 +140,8 @@ RUN composer dump-autoload --optimize \
     && php artisan config:cache \
     && php artisan route:cache
 
+USER root
+
 # Setup supervisor
 COPY supervisor/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 
@@ -157,7 +162,7 @@ RUN mkdir -p \
     /var/www/html/storage/framework/sessions \
     /var/www/html/storage/framework/views \
     /var/www/html/storage/logs \
-    /var/www/html/public/uploads \
+    /var/www/html/public/storage \
     /var/run \
     /var/log/supervisor 
 
@@ -165,16 +170,19 @@ RUN mkdir -p \
 RUN chown -R www-data:www-data \
     /var/www/html/storage \
     /var/www/html/bootstrap/cache \
-    /var/www/html/public/uploads \
+    /var/www/html/public/storage \
     /var/run \
     /var/log/supervisor \
     && chmod -R 775 \
-        /var/www/html/public/uploads \
+        /var/www/html/public/storage \
         /var/www/html/storage \
         /var/www/html/bootstrap/cache \
         /var/run \
         /var/log/supervisor 
 
+# Switch to www-data for runtime
+USER www-data
+
 # Health check
 HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \
     CMD php -v || exit 1

debian/docker-compose.yml

@@ -16,7 +16,8 @@ services:
       - ./.env:/var/www/html/.env  
       - app_storage:/var/www/html/storage
       - app_cache:/var/www/html/bootstrap/cache
-      - public_files:/var/www/html/public  
+      - public_storage:/var/www/html/public/storage
+    user: www-data:www-data 
 
     networks:
       - app-network
@@ -39,10 +40,9 @@ services:
     volumes:
       - ./nginx/conf.d:/etc/nginx/conf.d:ro
       - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
-      - type: volume
+    volumes_from:
-        source: public_files
+      - app
-        target: /var/www/html/public
+
-        read_only: true
     networks:
       - app-network
     depends_on:
@@ -103,13 +103,11 @@ networks:
 volumes:
   app_storage:
     driver: local
-  app_public:
-    driver: local
   app_cache:
     driver: local
+  public_storage:
+    driver: local  # Persistent storage for user files
   mysql_data:
     driver: local
   redis_data:
-    driver: local
-  public_files:  
     driver: local