opdavies/oliverdavies.uk
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Run nginx as a non-root user

Browse source
This commit is contained in:
Oliver Davies 2021-08-16 13:00:00 +01:00
parent f7283b6177
commit 1a28d7882d
2 changed files with 16 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
tools/docker/images/Dockerfile
View file

@ -18,6 +18,16 @@ RUN npm run production
FROM nginx:1 AS production FROM nginx:1 AS production
COPY tools/docker/images/nginx/root/ / COPY tools/docker/images/nginx/root/ /
WORKDIR /usr/share/nginx/html RUN mkdir -p /code && \
COPY --from=build /app/output_prod ./ chown -R nginx:nginx /code && \
COPY --from=assets /app/source/build build chmod -R 755 /code && \
chown -R nginx:nginx /var/cache/nginx && \
chown -R nginx:nginx /var/log/nginx && \
chown -R nginx:nginx /etc/nginx/conf.d
RUN touch /var/run/nginx.pid && \
chown -R nginx:nginx /var/run/nginx.pid
USER nginx
WORKDIR /code
COPY --chown=nginx --from=build /app/output_prod ./
COPY --chown=nginx --from=assets /app/source/build build
EXPOSE 8080

6
tools/docker/images/nginx/root/etc/nginx/conf.d/default.conf
View file

@ -383,8 +383,8 @@ map $uri $new_uri {
} }
server { server {
listen 80; listen 8080;
listen [::]:80; listen [::]:8080;
server_name www.oliverdavies.uk oliverdavies.uk _; server_name www.oliverdavies.uk oliverdavies.uk _;
if ($host != $server_name) { if ($host != $server_name) {
@ -392,7 +392,7 @@ server {
} }
location / { location / {
root /usr/share/nginx/html; root /code;
index index.html index.htm; index index.html index.htm;
error_page 404 /404.html; error_page 404 /404.html;
} }