From d434d57b31f8b7d92a3f35fd7e9e8e525b0c5eec Mon Sep 17 00:00:00 2001
From: Cyril L'Orphelin <cyril.lorphelin@cc.in2p3.fr>
Date: Fri, 7 Feb 2020 12:19:21 +0000
Subject: [PATCH] Update Dockerfile

---
 Dockerfile | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 3f18688e..c4252560 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -49,8 +49,19 @@ RUN $HOME/.yarn/bin/yarn install --ignore-engines
 RUN $HOME/.yarn/bin/yarn encore dev
 
 
-RUN chown root:root /var/log/nginx/*
-#RUN adduser -D -g '' -G www-data www-data
+# support running as arbitrary user which belongs to the root group
+RUN chmod g+rwx /var/cache/nginx /var/run /var/log/nginx
+
+# users are not allowed to listen on priviliged ports
+RUN sed -i.bak 's/listen\(.*\)80;/listen 8081;/' /etc/nginx/conf.d/default.conf
+EXPOSE 8081
+
+# comment user directive as master process is run as user in OpenShift anyhow
+RUN sed -i.bak 's/^user/#user/' /etc/nginx/nginx.conf
+
+RUN addgroup nginx root
+USER nginx
+
 
 CMD ["nginx"]
 
-- 
GitLab