Get unpriv nginx working

Added custom script for nginx.conf Added healthcheck endpoint at /healthz Optimised nginx.conf with caching and IP headers for security logging
2025-04-30 11:29:12 -04:00 · 2023-12-04 17:30:42 +00:00 · 2023-12-04 17:30:42 +00:00 · f1a90f0609
commit f1a90f0609
parent 80e46c9292
3 changed files with 98 additions and 15 deletions
--- a/33
+++ b/33
@ -1,17 +1,40 @@
+# syntax = docker/dockerfile:latest
+
 # build stage
 FROM node:lts-alpine AS build-stage
+
 # Set environment variables for non-interactive npm installs
 ENV NPM_CONFIG_LOGLEVEL warn
 ENV CI true
+
 WORKDIR /app
+
 COPY package.json pnpm-lock.yaml ./
-RUN npm install -g pnpm && pnpm i --frozen-lockfile
+
+RUN npm install -g pnpm
+RUN pnpm i --frozen-lockfile
+
 COPY . .
+
 RUN pnpm build

 # production stage
-FROM nginx:stable-alpine AS production-stage
-COPY --from=build-stage /app/dist /usr/share/nginx/html
-COPY nginx.conf /etc/nginx/conf.d/default.conf
-EXPOSE 80
+FROM nginxinc/nginx-unprivileged:1.25.2-alpine AS production-stage
+
+USER root
+
+ARG UID=101
+ARG GID=101
+
+COPY --from=build-stage /app/dist /usr/share/nginx/html/
+COPY --link --chmod=755 scripts/nginx/*.sh /docker-entrypoint.d/
+
+RUN chown $UID:0 /usr/share/nginx/html/index.html
+
+# COPY nginx.conf /etc/nginx/conf.d/default.conf
+USER $UID
+
+# Document what port is required
+EXPOSE 8080
+
 CMD ["nginx", "-g", "daemon off;"]