Skip to content

Commit 214c5bf

Browse files
apdavisonapdavison
committed
update the staging Dockerfile to run as a non-privileged user
1 parent 006a5d2 commit 214c5bf

2 files changed

Lines changed: 11 additions & 2 deletions

File tree

apps/deployment/Dockerfile.staging

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,8 +27,17 @@ RUN npm run build
2727

2828
# production environment
2929
FROM docker-registry.ebrains.eu/model-catalog/nginx:stable-alpine
30+
31+
# Make nginx dirs writable for non-root user (UID 1001)
32+
RUN chown -R 1001:0 /var/cache/nginx /var/log/nginx /etc/nginx/conf.d && \
33+
chmod -R g+w /var/cache/nginx /var/log/nginx /etc/nginx/conf.d && \
34+
sed -i 's/^user nginx;/#user nginx;/' /etc/nginx/nginx.conf && \
35+
sed -i 's|/var/run/nginx.pid|/tmp/nginx.pid|' /etc/nginx/nginx.conf
36+
3037
COPY deployment/nginx-app-staging.conf /etc/nginx/conf.d/default.conf
3138
COPY --from=build /model-catalog/dist /usr/share/nginx/html/model-catalog
3239
COPY --from=build /curation-dashboard/dist /usr/share/nginx/html/curation-dashboard
33-
EXPOSE 80
40+
41+
EXPOSE 8080
42+
USER 1001
3443
CMD ["nginx", "-g", "daemon off;"]

apps/deployment/nginx-app-staging.conf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33

44
server {
5-
listen 80;
5+
listen 8080;
66

77
location / {
88
root /usr/share/nginx/html/model-catalog;

0 commit comments

Comments
 (0)