From 526bd3b32b41d243426ca9566979fe238a7b3f1b Mon Sep 17 00:00:00 2001
From: Remi  PLANEL <rplanel@pasteur.fr>
Date: Wed, 13 Dec 2023 17:41:33 +0100
Subject: [PATCH] Try to use classical nginx as non root

---
 Dockerfile | 10 +++++-----
 nginx.conf | 54 ++++++++++++++++++++++++++++++++++++++----------------
 2 files changed, 43 insertions(+), 21 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 98694483..aaef0d32 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -74,10 +74,10 @@ COPY . /usr/src/app
 RUN npm run generate
 
 ### STAGE: NGINX ###
-FROM nginxinc/nginx-unprivileged:1.25-bookworm
-
-RUN apt update -y && apt install rsync -y
+FROM nginx:1.25-bookworm
 # RUN rm -rf /usr/share/nginx/html/*
-# COPY nginx.conf /etc/nginx/conf.d/default.conf
-COPY --from=generate /usr/src/app/.output/public /etc/nginx/html
+RUN apt update -y && apt install -y
+COPY nginx.conf /etc/nginx/nginx.conf
+COPY --from=generate /usr/src/app/.output/public /usr/share/nginx/html
+USER nginx
 CMD ["nginx", "-g", "daemon off;"]
\ No newline at end of file
diff --git a/nginx.conf b/nginx.conf
index daf15e65..f4949d53 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,16 +1,38 @@
-server_tokens off;
-server {
-    listen 8080;
-    server_name localhost;
-    location /wiki {
-        alias /etc/nginx/html/;
-        index index.html index.htm;
-        try_files $uri $uri/ $uri/index.html /index.html;
-
-    }
-    error_page 500 502 503 504 /50x.html;
-    location = /50x.html {
-        alias /etc/nginx/html/;
-    }
-
-}
\ No newline at end of file
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log notice;
+pid        /tmp/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
+
+}
+
-- 
GitLab