From 1a28d7882d9178a7ffd500f7783f6d874d243dd6 Mon Sep 17 00:00:00 2001 From: Oliver Davies Date: Mon, 16 Aug 2021 13:00:00 +0100 Subject: [PATCH] Run nginx as a non-root user --- tools/docker/images/Dockerfile | 16 +++++++++++++--- .../nginx/root/etc/nginx/conf.d/default.conf | 6 +++--- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/tools/docker/images/Dockerfile b/tools/docker/images/Dockerfile index dd31b414..5fc38d13 100644 --- a/tools/docker/images/Dockerfile +++ b/tools/docker/images/Dockerfile @@ -18,6 +18,16 @@ RUN npm run production FROM nginx:1 AS production COPY tools/docker/images/nginx/root/ / -WORKDIR /usr/share/nginx/html -COPY --from=build /app/output_prod ./ -COPY --from=assets /app/source/build build +RUN mkdir -p /code && \ + chown -R nginx:nginx /code && \ + chmod -R 755 /code && \ + chown -R nginx:nginx /var/cache/nginx && \ + chown -R nginx:nginx /var/log/nginx && \ + chown -R nginx:nginx /etc/nginx/conf.d +RUN touch /var/run/nginx.pid && \ + chown -R nginx:nginx /var/run/nginx.pid +USER nginx +WORKDIR /code +COPY --chown=nginx --from=build /app/output_prod ./ +COPY --chown=nginx --from=assets /app/source/build build +EXPOSE 8080 diff --git a/tools/docker/images/nginx/root/etc/nginx/conf.d/default.conf b/tools/docker/images/nginx/root/etc/nginx/conf.d/default.conf index d7f115ee..d9172bf7 100644 --- a/tools/docker/images/nginx/root/etc/nginx/conf.d/default.conf +++ b/tools/docker/images/nginx/root/etc/nginx/conf.d/default.conf @@ -383,8 +383,8 @@ map $uri $new_uri { } server { - listen 80; - listen [::]:80; + listen 8080; + listen [::]:8080; server_name www.oliverdavies.uk oliverdavies.uk _; if ($host != $server_name) { @@ -392,7 +392,7 @@ server { } location / { - root /usr/share/nginx/html; + root /code; index index.html index.htm; error_page 404 /404.html; }