diff --git a/Dockerfile b/Dockerfile index 524d9635f9642d31955461fc29b8b78d4d637caa..75b24c85bb5f27761bf38eae7f34ea86267bf94f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,7 @@ RUN pnpm run build FROM nginx:stable-alpine -RUN apk add --no-cache fcgiwrap spawn-fcgi +RUN apk add --no-cache fcgiwrap spawn-fcgi shadow COPY rootfs/ / COPY --from=build /app/dist /app/frontend diff --git a/rootfs/docker-entrypoint.sh b/rootfs/docker-entrypoint.sh index ab4680d8b543093fb272a1dab2d32d51622bcda7..e913fbe0379c3d8b40d1ba199edd12965200d7b9 100644 --- a/rootfs/docker-entrypoint.sh +++ b/rootfs/docker-entrypoint.sh @@ -1,20 +1,38 @@ #!/bin/sh set -e +PUID=${PUID:-1000} +PGID=${PGID:-1000} + +if getent group nginx >/dev/null; then + if [ "$(id -g nginx)" -ne "$PGID" ]; then + groupmod -o -g "$PGID" nginx + fi +else + addgroup -S -g "$PGID" nginx +fi + +if getent passwd nginx >/dev/null; then + if [ "$(id -u nginx)" -ne "$PUID" ] || [ "$(id -g nginx)" -ne "$PGID" ]; then + usermod -o -u "$PUID" -g "$PGID" nginx + fi +else + adduser -S -u "$PUID" -G nginx -H -D nginx +fi + # Create necessary directories mkdir -p /data/custom_ssl /data/logs /data/access /data/nginx /data/letsencrypt-acme-challenge /data/nginx/default_host /data/nginx/default_www /data/nginx/proxy_host /data/nginx/redirection_host /data/nginx/stream /data/nginx/dead_host /data/nginx/temp mkdir -p /etc/letsencrypt /run/nginx /tmp/nginx/body /var/log/nginx /var/lib/nginx/cache/public /var/lib/nginx/cache/private /var/cache/nginx/proxy_temp mkdir -p /var/run # Set proper permissions -chown -R ${PUID:-1000}:${PGID:-1000} /data -chown -R ${PUID:-1000}:${PGID:-1000} /etc/letsencrypt -chown -R ${PUID:-1000}:${PGID:-1000} /run/nginx -chown -R ${PUID:-1000}:${PGID:-1000} /tmp/nginx -chown -R ${PUID:-1000}:${PGID:-1000} /var/cache/nginx -chown -R ${PUID:-1000}:${PGID:-1000} /var/lib/nginx -chown -R ${PUID:-1000}:${PGID:-1000} /var/log/nginx -chown -R ${PUID:-1000}:${PGID:-1000} /var/run +chown -R "$PUID:$PGID" /data +chown -R "$PUID:$PGID" /etc/letsencrypt +chown -R "$PUID:$PGID" /run/nginx +chown -R "$PUID:$PGID" /tmp/nginx +chown -R "$PUID:$PGID" /var/cache/nginx +chown -R "$PUID:$PGID" /var/lib/nginx +chown -R "$PUID:$PGID" /var/log/nginx spawn-fcgi -s /var/run/fcgiwrap.socket -M 766 /usr/bin/fcgiwrap & exec "$@" diff --git a/rootfs/etc/nginx/nginx.conf b/rootfs/etc/nginx/nginx.conf index 9704ec68aef7f4345b0c4d40ac04d8d9ae7d8f75..898aa305c2bc6ab5bc30f2c6ca3a879211512900 100644 --- a/rootfs/etc/nginx/nginx.conf +++ b/rootfs/etc/nginx/nginx.conf @@ -1,7 +1,7 @@ # Run nginx in foreground # daemon off; pid /run/nginx/nginx.pid; -# user nginx; +user nginx nginx; # Set number of worker processes automatically based on number of CPU cores. worker_processes auto;