Switch tactical-frontend to nginx-unprivileged container

2022-01-15 19:12:04 -08:00 · 2022-01-15 19:12:04 -08:00 · 707e67918b
parent faac572c30
commit 707e67918b
2 changed files with 9 additions and 6 deletions
--- a/docker/containers/tactical-frontend/dockerfile
+++ b/docker/containers/tactical-frontend/dockerfile
@ -15,10 +15,12 @@ RUN echo "DOCKER_BUILD=1" > .env
 RUN sed -i '/<\/head>/i <script src="\/env-config.js"><\/script>' src/index.template.html
 RUN npm run build
-FROM nginx:stable-alpine
+FROM nginxinc/nginx-unprivileged:stable-alpine
 ENV PUBLIC_DIR /usr/share/nginx/html
 USER root
 RUN apk add --no-cache bash
 SHELL ["/bin/bash", "-e", "-o", "pipefail", "-c"]
@ -27,4 +29,8 @@ COPY --from=builder /home/node/app/dist/ ${PUBLIC_DIR}
 COPY docker/containers/tactical-frontend/entrypoint.sh /docker-entrypoint.d/
 RUN chmod +x /docker-entrypoint.d/entrypoint.sh
-EXPOSE 80
+RUN chown -R nginx:nginx /usr/share/nginx/html
 USER nginx
 EXPOSE 8080
--- a/docker/containers/tactical-frontend/entrypoint.sh
+++ b/docker/containers/tactical-frontend/entrypoint.sh
@ -12,7 +12,7 @@ echo "window._env_ = {PROD_URL: \"https://${API_HOST}\"}" >> ${PUBLIC_DIR}/env-c
 nginx_config="$(cat << EOF
 server {
-  listen 80;
+  listen 8080;
  charset utf-8;
  location / {
@ -21,9 +21,6 @@ server {
    add_header Cache-Control "no-store, no-cache, must-revalidate";
    add_header Pragma "no-cache";
  }
  error_log /var/log/nginx/app-error.log;
  access_log /var/log/nginx/app-access.log;
 }
 EOF
 )"