From 489dde812f42a16fa235e119a8401c7aa1b983ec Mon Sep 17 00:00:00 2001 From: nessi Date: Sat, 14 Feb 2026 17:13:18 +0100 Subject: [PATCH] Update frontend to use unprivileged Nginx on port 8080 Switch from `nginx:1.29-alpine-slim` to `nginxinc/nginx-unprivileged:stable-alpine` for improved security by running as a non-root user. Changed the exposed port from 80 to 8080 in the configurations to reflect the unprivileged setup. Adjusted the `docker-compose.yml` and `nginx.conf` accordingly. --- docker-compose.yml | 2 +- frontend/Dockerfile | 6 +++--- frontend/nginx.conf | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 09a1079..7984513 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -54,7 +54,7 @@ services: depends_on: - backend ports: - - "${FRONTEND_PORT}:80" + - "${FRONTEND_PORT}:8080" volumes: pg_data: diff --git a/frontend/Dockerfile b/frontend/Dockerfile index 3e539d3..c44c9f5 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -7,9 +7,9 @@ ARG VITE_API_URL=/api/v1 ENV VITE_API_URL=${VITE_API_URL} RUN npm run build -FROM nginx:1.29-alpine-slim -RUN apk upgrade --no-cache +FROM nginxinc/nginx-unprivileged:stable-alpine COPY nginx.conf /etc/nginx/conf.d/default.conf COPY --from=build /app/dist /usr/share/nginx/html -EXPOSE 80 +USER 101 +EXPOSE 8080 HEALTHCHECK --interval=30s --timeout=3s --retries=5 CMD nginx -t || exit 1 diff --git a/frontend/nginx.conf b/frontend/nginx.conf index 5a4f2d9..c669852 100644 --- a/frontend/nginx.conf +++ b/frontend/nginx.conf @@ -1,5 +1,5 @@ server { - listen 80; + listen 8080; server_name _; root /usr/share/nginx/html;