opdavies/oliverdavies.uk
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Run nginx as a non-root user

Browse source
This commit is contained in:
Oliver Davies 2021-08-16 13:00:00 +01:00
parent f7283b6177
commit 1a28d7882d
2 changed files with 16 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
tools/docker/images/Dockerfile
View file

@ -18,6 +18,16 @@ RUN npm run production
FROM nginx:1 AS production
COPY tools/docker/images/nginx/root/ /
WORKDIR /usr/share/nginx/html
COPY --from=build /app/output_prod ./
COPY --from=assets /app/source/build build
RUN mkdir -p /code && \
chown -R nginx:nginx /code && \
chmod -R 755 /code && \
chown -R nginx:nginx /var/cache/nginx && \
chown -R nginx:nginx /var/log/nginx && \
chown -R nginx:nginx /etc/nginx/conf.d
RUN touch /var/run/nginx.pid && \
chown -R nginx:nginx /var/run/nginx.pid
USER nginx
WORKDIR /code
COPY --chown=nginx --from=build /app/output_prod ./
COPY --chown=nginx --from=assets /app/source/build build
EXPOSE 8080

6
tools/docker/images/nginx/root/etc/nginx/conf.d/default.conf
View file

@ -383,8 +383,8 @@ map $uri $new_uri {
}
server {
listen 80;
listen [::]:80;
listen 8080;
listen [::]:8080;
server_name www.oliverdavies.uk oliverdavies.uk _;
if ($host != $server_name) {
@ -392,7 +392,7 @@ server {
}
location / {
root /usr/share/nginx/html;
root /code;
index index.html index.htm;
error_page 404 /404.html;
}