-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dockerfile: use unprivileged nginx #1657
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,8 +8,10 @@ RUN npm ci | |
COPY . /frontend/ | ||
RUN npx ng build | ||
|
||
FROM nginx:1.25-alpine | ||
FROM nginxinc/nginx-unprivileged | ||
USER root | ||
RUN rm -rf /usr/share/nginx/html/* | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. this cleanup line should probably also stay There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I am wondering if that's necessary. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. To ensure the default content ( there is an index.html) is really absent |
||
COPY --from=builder /frontend/dist/ /usr/share/nginx/html/ | ||
COPY scripts/nginx.conf /etc/nginx/nginx.conf | ||
EXPOSE 80 | ||
USER 101 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Tested in both podman and docker, both give the warning:
This is because the nginx.conf file we mount in adds There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The 'cleanup' in line 13 requires switching to Nevertheless I agree that the user directive in the nginx.conf file does not make sense in this scenario. |
||
COPY --from=builder /frontend/dist/ /usr/share/nginx/html/ | ||
EXPOSE 8080 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we pin to a version here?
nginxinc/nginx-unprivileged:1.27
?