diff --git a/Dockerfile b/Dockerfile
index 3f18688ef7e2393a0c0d111141e0fec4547f0a09..c4252560b42d01b4fe532636ee085dd5570691bf 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -49,8 +49,19 @@ RUN $HOME/.yarn/bin/yarn install --ignore-engines
 RUN $HOME/.yarn/bin/yarn encore dev
 
 
-RUN chown root:root /var/log/nginx/*
-#RUN adduser -D -g '' -G www-data www-data
+# support running as arbitrary user which belongs to the root group
+RUN chmod g+rwx /var/cache/nginx /var/run /var/log/nginx
+
+# users are not allowed to listen on priviliged ports
+RUN sed -i.bak 's/listen\(.*\)80;/listen 8081;/' /etc/nginx/conf.d/default.conf
+EXPOSE 8081
+
+# comment user directive as master process is run as user in OpenShift anyhow
+RUN sed -i.bak 's/^user/#user/' /etc/nginx/nginx.conf
+
+RUN addgroup nginx root
+USER nginx
+
 
 CMD ["nginx"]