From b22a6616f2dfcd8c9cb94fae6818169234c10c0e Mon Sep 17 00:00:00 2001
From: asitis <asitisdev@gmail.com>
Date: Wed, 7 May 2025 17:51:03 +0900
Subject: [PATCH] =?UTF-8?q?fix:=20Nginx=20=EA=B6=8C=ED=95=9C=20=EB=AC=B8?=
 =?UTF-8?q?=EC=A0=9C=EB=A1=9C=20=EC=9D=B8=ED=95=9C=20=EC=BA=90=EC=8B=B1=20?=
 =?UTF-8?q?=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Dockerfile                  |  2 +-
 rootfs/docker-entrypoint.sh | 34 ++++++++++++++++++++++++++--------
 rootfs/etc/nginx/nginx.conf |  2 +-
 3 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 524d963..75b24c8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,7 +14,7 @@ RUN pnpm run build
 
 FROM nginx:stable-alpine
 
-RUN apk add --no-cache fcgiwrap spawn-fcgi
+RUN apk add --no-cache fcgiwrap spawn-fcgi shadow
 
 COPY rootfs/ /
 COPY --from=build /app/dist /app/frontend
diff --git a/rootfs/docker-entrypoint.sh b/rootfs/docker-entrypoint.sh
index ab4680d..e913fbe 100644
--- a/rootfs/docker-entrypoint.sh
+++ b/rootfs/docker-entrypoint.sh
@@ -1,20 +1,38 @@
 #!/bin/sh
 set -e
 
+PUID=${PUID:-1000}
+PGID=${PGID:-1000}
+
+if getent group nginx >/dev/null; then
+    if [ "$(id -g nginx)" -ne "$PGID" ]; then
+        groupmod -o -g "$PGID" nginx
+    fi
+else
+    addgroup -S -g "$PGID" nginx
+fi
+
+if getent passwd nginx >/dev/null; then
+    if [ "$(id -u nginx)" -ne "$PUID" ] || [ "$(id -g nginx)" -ne "$PGID" ]; then
+        usermod -o -u "$PUID" -g "$PGID" nginx
+    fi
+else
+    adduser -S -u "$PUID" -G nginx -H -D nginx
+fi
+
 # Create necessary directories
 mkdir -p /data/custom_ssl /data/logs /data/access /data/nginx /data/letsencrypt-acme-challenge /data/nginx/default_host /data/nginx/default_www /data/nginx/proxy_host /data/nginx/redirection_host /data/nginx/stream /data/nginx/dead_host /data/nginx/temp
 mkdir -p /etc/letsencrypt /run/nginx /tmp/nginx/body /var/log/nginx /var/lib/nginx/cache/public /var/lib/nginx/cache/private /var/cache/nginx/proxy_temp
 mkdir -p /var/run
 
 # Set proper permissions
-chown -R ${PUID:-1000}:${PGID:-1000} /data
-chown -R ${PUID:-1000}:${PGID:-1000} /etc/letsencrypt
-chown -R ${PUID:-1000}:${PGID:-1000} /run/nginx
-chown -R ${PUID:-1000}:${PGID:-1000} /tmp/nginx
-chown -R ${PUID:-1000}:${PGID:-1000} /var/cache/nginx
-chown -R ${PUID:-1000}:${PGID:-1000} /var/lib/nginx
-chown -R ${PUID:-1000}:${PGID:-1000} /var/log/nginx
-chown -R ${PUID:-1000}:${PGID:-1000} /var/run
+chown -R "$PUID:$PGID" /data
+chown -R "$PUID:$PGID" /etc/letsencrypt
+chown -R "$PUID:$PGID" /run/nginx
+chown -R "$PUID:$PGID" /tmp/nginx
+chown -R "$PUID:$PGID" /var/cache/nginx
+chown -R "$PUID:$PGID" /var/lib/nginx
+chown -R "$PUID:$PGID" /var/log/nginx
 
 spawn-fcgi -s /var/run/fcgiwrap.socket -M 766 /usr/bin/fcgiwrap &
 exec "$@"
diff --git a/rootfs/etc/nginx/nginx.conf b/rootfs/etc/nginx/nginx.conf
index 9704ec6..898aa30 100644
--- a/rootfs/etc/nginx/nginx.conf
+++ b/rootfs/etc/nginx/nginx.conf
@@ -1,7 +1,7 @@
 # Run nginx in foreground
 # daemon off;
 pid /run/nginx/nginx.pid;
-# user nginx;
+user nginx nginx;
 
 # Set number of worker processes automatically based on number of CPU cores.
 worker_processes auto;
-- 
GitLab