From d0de011e17d6ac035353cef608869ab852fd9381 Mon Sep 17 00:00:00 2001 From: Anastasia Saraeva Date: Mon, 13 Oct 2025 10:23:07 +0500 Subject: [PATCH] feat: update dockerfile for security --- Dockerfile | 8 ++++++-- ci/nginx.conf | 3 ++- ci/values-local-env.yaml | 4 ++-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5102b4b5..85a56d47 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,16 +9,20 @@ RUN npm ci COPY . . RUN npm run build -FROM nginx:1.26.0-alpine3.19-slim +FROM nginxinc/nginx-unprivileged:stable-alpine COPY /ci/nginx.conf /data/conf/nginx.conf COPY --from=build /dist /usr/share/nginx/html -EXPOSE 80 +EXPOSE 8080 WORKDIR /usr/share/nginx/html COPY ./ci/env.sh . COPY .env-vars . + +USER root RUN apk add --no-cache bash RUN chmod +x /usr/share/nginx/html/env.sh +RUN chown -R nginx:nginx /usr/share/nginx/html +USER nginx CMD ["/bin/bash", "-c", "/usr/share/nginx/html/env.sh && nginx -g 'daemon off;' -c /data/conf/nginx.conf"] \ No newline at end of file diff --git a/ci/nginx.conf b/ci/nginx.conf index 94bb3bea..9dace9c4 100644 --- a/ci/nginx.conf +++ b/ci/nginx.conf @@ -1,3 +1,4 @@ +pid /tmp/nginx.pid; worker_processes auto; events { @@ -7,7 +8,7 @@ events { http { server { - listen 80; + listen 8080; server_name localhost; root /usr/share/nginx/html; diff --git a/ci/values-local-env.yaml b/ci/values-local-env.yaml index 41c2cbdf..6dd9d7a1 100644 --- a/ci/values-local-env.yaml +++ b/ci/values-local-env.yaml @@ -8,7 +8,7 @@ image: debug: true containerPorts: - http: 80 + http: 8080 https: "" replicaCount: 1 @@ -33,7 +33,7 @@ readinessProbe: service: type: ClusterIP ports: - http: 80 + http: 8080 https: "" ingress: