From a02be1b65ff98b26a9ebcfebd384866a57a8b57c Mon Sep 17 00:00:00 2001 From: Christian Felder Date: Wed, 6 Nov 2024 16:53:37 -0500 Subject: [PATCH] Dockerfile: use unprivileged nginx This allows running this container w/ arbitrary uid support --- CI/e2e/docker-compose.e2e.yaml | 2 +- Dockerfile | 6 +-- scripts/nginx.conf | 94 ---------------------------------- 3 files changed, 3 insertions(+), 99 deletions(-) delete mode 100644 scripts/nginx.conf diff --git a/CI/e2e/docker-compose.e2e.yaml b/CI/e2e/docker-compose.e2e.yaml index 10127aea4..1340b9470 100644 --- a/CI/e2e/docker-compose.e2e.yaml +++ b/CI/e2e/docker-compose.e2e.yaml @@ -47,7 +47,7 @@ services: build: context: . ports: - - 4200:80 + - 4200:8080 volumes: - "./CI/e2e/frontend.config.e2e.json:/usr/share/nginx/html/assets/config.json" depends_on: diff --git a/Dockerfile b/Dockerfile index 5fd4c5dc7..ec8e2db2b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,8 +8,6 @@ RUN npm ci COPY . /frontend/ RUN npx ng build -FROM nginx:1.25-alpine -RUN rm -rf /usr/share/nginx/html/* +FROM nginxinc/nginx-unprivileged COPY --from=builder /frontend/dist/ /usr/share/nginx/html/ -COPY scripts/nginx.conf /etc/nginx/nginx.conf -EXPOSE 80 +EXPOSE 8080 diff --git a/scripts/nginx.conf b/scripts/nginx.conf deleted file mode 100644 index 525bde35c..000000000 --- a/scripts/nginx.conf +++ /dev/null @@ -1,94 +0,0 @@ -# For more information on configuration, see: -# * Official English Documentation: http://nginx.org/en/docs/ -# * Official Russian Documentation: http://nginx.org/ru/docs/ - -user nginx; -worker_processes auto; -error_log /var/log/nginx/error.log; -pid /run/nginx.pid; - -# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. -include /usr/share/nginx/modules/*.conf; - -events { - worker_connections 1024; -} - -http { - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - server { - listen 80 default_server; - listen [::]:80 default_server; - server_name _; - root /usr/share/nginx/html; - - - location / { - try_files $uri $uri/ /index.html; - } - - # Enable gzip to compress large files - gzip on; - gzip_vary on; - gzip_types - text/plain - text/css - text/js - text/xml - text/javascript - application/javascript - application/json - application/xml - application/rss+xml - image/svg+xml - image/png; - gzip_min_length 1024; - gzip_proxied expired no-cache no-store private auth; - } - -# Settings for a TLS enabled server. -# -# server { -# listen 443 ssl http2 default_server; -# listen [::]:443 ssl http2 default_server; -# server_name _; -# root /usr/share/nginx/html; -# -# ssl_certificate "/etc/pki/nginx/server.crt"; -# ssl_certificate_key "/etc/pki/nginx/private/server.key"; -# ssl_session_cache shared:SSL:1m; -# ssl_session_timeout 10m; -# ssl_ciphers HIGH:!aNULL:!MD5; -# ssl_prefer_server_ciphers on; -# -# # Load configuration files for the default server block. -# include /etc/nginx/default.d/*.conf; -# -# location / { -# } -# -# error_page 404 /404.html; -# location = /40x.html { -# } -# -# error_page 500 502 503 504 /50x.html; -# location = /50x.html { -# } -# } - -} -