diff --git a/Dockerfile b/Dockerfile
index 524d9635f9642d31955461fc29b8b78d4d637caa..75b24c85bb5f27761bf38eae7f34ea86267bf94f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,7 +14,7 @@ RUN pnpm run build
 
 FROM nginx:stable-alpine
 
-RUN apk add --no-cache fcgiwrap spawn-fcgi
+RUN apk add --no-cache fcgiwrap spawn-fcgi shadow
 
 COPY rootfs/ /
 COPY --from=build /app/dist /app/frontend
diff --git a/rootfs/docker-entrypoint.sh b/rootfs/docker-entrypoint.sh
index ab4680d8b543093fb272a1dab2d32d51622bcda7..e913fbe0379c3d8b40d1ba199edd12965200d7b9 100644
--- a/rootfs/docker-entrypoint.sh
+++ b/rootfs/docker-entrypoint.sh
@@ -1,20 +1,38 @@
 #!/bin/sh
 set -e
 
+PUID=${PUID:-1000}
+PGID=${PGID:-1000}
+
+if getent group nginx >/dev/null; then
+    if [ "$(id -g nginx)" -ne "$PGID" ]; then
+        groupmod -o -g "$PGID" nginx
+    fi
+else
+    addgroup -S -g "$PGID" nginx
+fi
+
+if getent passwd nginx >/dev/null; then
+    if [ "$(id -u nginx)" -ne "$PUID" ] || [ "$(id -g nginx)" -ne "$PGID" ]; then
+        usermod -o -u "$PUID" -g "$PGID" nginx
+    fi
+else
+    adduser -S -u "$PUID" -G nginx -H -D nginx
+fi
+
 # Create necessary directories
 mkdir -p /data/custom_ssl /data/logs /data/access /data/nginx /data/letsencrypt-acme-challenge /data/nginx/default_host /data/nginx/default_www /data/nginx/proxy_host /data/nginx/redirection_host /data/nginx/stream /data/nginx/dead_host /data/nginx/temp
 mkdir -p /etc/letsencrypt /run/nginx /tmp/nginx/body /var/log/nginx /var/lib/nginx/cache/public /var/lib/nginx/cache/private /var/cache/nginx/proxy_temp
 mkdir -p /var/run
 
 # Set proper permissions
-chown -R ${PUID:-1000}:${PGID:-1000} /data
-chown -R ${PUID:-1000}:${PGID:-1000} /etc/letsencrypt
-chown -R ${PUID:-1000}:${PGID:-1000} /run/nginx
-chown -R ${PUID:-1000}:${PGID:-1000} /tmp/nginx
-chown -R ${PUID:-1000}:${PGID:-1000} /var/cache/nginx
-chown -R ${PUID:-1000}:${PGID:-1000} /var/lib/nginx
-chown -R ${PUID:-1000}:${PGID:-1000} /var/log/nginx
-chown -R ${PUID:-1000}:${PGID:-1000} /var/run
+chown -R "$PUID:$PGID" /data
+chown -R "$PUID:$PGID" /etc/letsencrypt
+chown -R "$PUID:$PGID" /run/nginx
+chown -R "$PUID:$PGID" /tmp/nginx
+chown -R "$PUID:$PGID" /var/cache/nginx
+chown -R "$PUID:$PGID" /var/lib/nginx
+chown -R "$PUID:$PGID" /var/log/nginx
 
 spawn-fcgi -s /var/run/fcgiwrap.socket -M 766 /usr/bin/fcgiwrap &
 exec "$@"
diff --git a/rootfs/etc/nginx/nginx.conf b/rootfs/etc/nginx/nginx.conf
index 9704ec68aef7f4345b0c4d40ac04d8d9ae7d8f75..898aa305c2bc6ab5bc30f2c6ca3a879211512900 100644
--- a/rootfs/etc/nginx/nginx.conf
+++ b/rootfs/etc/nginx/nginx.conf
@@ -1,7 +1,7 @@
 # Run nginx in foreground
 # daemon off;
 pid /run/nginx/nginx.pid;
-# user nginx;
+user nginx nginx;
 
 # Set number of worker processes automatically based on number of CPU cores.
 worker_processes auto;