Docker: Build Optimization and Enhanced Non-Root/Volumeless Support (#5024)

* docker: optimize build layers and enhance permission handling

- Pre-created hardcoded dirs in Dockerfile to support volumeless non-root runs.
- Enhanced slightly docker-entrypoint.sh with robust volume detection and safer chown logic.
- Included legacy 'backups' directory... again.
- Added dos2unix to install list.
- Updated .dockerignore
- Updated comments
- Smaller fixes

* fix(docker): removed unnecessary comment, and the... *sighs* backups dir, again

* Exclude DS_Store everywhere

* Exclude tests and all jsconfigs from docker images

* Exclude local plugins from docker builds

* fix(docker): backups are back... yay xD

* feat(docker): add robust healthcheck script

- Added `docker/healthcheck.cjs`: A standalone, dependency-free Node.js script for verifying server status.
- Updated `Dockerfile`: Added HEALTHCHECK instruction and script copy step.
- Features: Auto-detects port from env/config, handles IPv4/IPv6 fallback, auto-retries HTTPS on socket hangup, and sets custom User-Agent.

* Fix .dockerignore permission

* Revert "feat(docker): add robust healthcheck script"

This reverts commit fa634fb08884cdef9245a12271cb9a13b487365f.

---------

Co-authored-by: Cohee <18619528+Cohee1207@users.noreply.github.com>

Dockerfile

@@ -4,8 +4,8 @@ FROM node:lts-alpine3.23
 ARG APP_HOME=/home/node/app
 
 # Install system dependencies
-# Added su-exec and shadow to support optional PUID/PGID user mapping
-RUN apk add --no-cache gcompat tini git git-lfs su-exec shadow
+# "Don't rely on the base image for tools; if you call it, you install it." ;)
+RUN apk add --no-cache gcompat tini git git-lfs su-exec shadow dos2unix
 
 # Create app directory and set ownership
 WORKDIR ${APP_HOME}
@@ -21,28 +21,28 @@ RUN \
   echo "*** Install npm packages ***" && \
   npm ci --no-audit --no-fund --loglevel=error --no-progress --omit=dev && npm cache clean --force
 
-# Create config directory and link config.yaml
+# Create config directory and link config.yaml. Added hardcoded dirs(constants.js?)
+# that must be present for Non-Root Mode and volumeless docker runs.
 RUN \
   rm -f "config.yaml" || true && \
-  ln -s "./config/config.yaml" "config.yaml" || true && \
-  mkdir "config" || true
-# Set ownership
-RUN chown -R node:node config
+  mkdir -p config data plugins public/scripts/extensions/third-party backups && \
+  chown -R node:node config data plugins public/scripts/extensions/third-party backups && \
+  ln -s "./config/config.yaml" "config.yaml"
 
 # Pre-compile public libraries
 RUN \
   echo "*** Run Webpack ***" && \
   node "./docker/build-lib.js"
 
-# Set the entrypoint script
+# Set the entrypoint script and cleanup
 RUN \
   echo "*** Cleanup ***" && \
   mv "./docker/docker-entrypoint.sh" "./" && \
-  rm -rf "./docker" && \
   echo "*** Make docker-entrypoint.sh executable ***" && \
   chmod +x "./docker-entrypoint.sh" && \
   echo "*** Convert line endings to Unix format ***" && \
-  dos2unix "./docker-entrypoint.sh"
+  dos2unix "./docker-entrypoint.sh" && \
+  rm -rf "./docker"
 
 # Fix extension repos permissions
 RUN git config --global --add safe.directory "*"