Update Dockerfile

Dockerfile

@@ -5,6 +5,9 @@ ENV DEBIAN_FRONTEND=noninteractive \
     PYTHONUNBUFFERED=1 \
     PATH="/opt/venv/bin:$PATH"
 
+# Create and use a non-root user
+RUN useradd -ms /bin/bash admin
+
 # Install required OS packages (minimal set, pinned where possible)
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
@@ -24,27 +27,30 @@ RUN apt-get update && \
     && rm -rf /var/lib/apt/lists/*
 
 # Clone repository
-RUN git clone --depth=1 https://github.com/browser-use/web-ui.git /web-ui
+RUN git clone https://github.com/browser-use/web-ui.git /web-ui
 WORKDIR /web-ui
 
 # Install uv globally (avoids pip bootstrap issues)
 RUN pip3 install --no-cache-dir uv==0.4.17
 
 # Create virtual environment in /opt (exec-mounted path)
-RUN uv venv /opt/venv --python 3.11 && \
-    chmod -R a+rx /opt/venv && chmod -R a+r /opt/venv
+RUN uv venv --python 3.11 && \
+    chmod -R a+rx /web-ui/.venv && chmod -R a+r /web-ui/.venv
 
 # Install dependencies inside venv
-RUN /opt/venv/bin/python -m ensurepip --upgrade && \
-    /opt/venv/bin/pip install --no-cache-dir --upgrade pip uv==0.4.17 playwright && \
-    /opt/venv/bin/pip install --no-cache-dir -r requirements.txt && \
-    /opt/venv/bin/playwright install --with-deps chromium
+RUN .venv/bin/pip install --no-cache-dir --upgrade pip uv==0.4.17 playwright && \
+    .venv/bin/pip install --no-cache-dir -r requirements.txt && \
+    .venv/bin/playwright install --with-deps chromium
 
 # Expose application port
 EXPOSE 7860
 
-# Keep root for NVIDIA entrypoint compatibility
-USER root
+# Set ownership and permissions for the app directory
+RUN chown -R admin:admin /web-ui && chmod -R 777 /web-ui
+
+
+# Switch to the non-root user for better security
+USER admin
 
 # Explicitly use venv Python
-CMD ["/opt/venv/bin/python", "webui.py", "--ip", "0.0.0.0", "--port", "7860"]
+CMD [".venv/bin/python3", "webui.py", "--ip", "0.0.0.0", "--port", "7860"]