From 5a0478f47d0b8937101cc500f49281f8592513e7 Mon Sep 17 00:00:00 2001
From: nessi <sascha@nesterovic.cc>
Date: Sat, 14 Feb 2026 17:47:26 +0100
Subject: [PATCH] harden(frontend): switch to nginx:alpine-slim with non-root
 runtime and nginx dir permission fixes

---
 frontend/Dockerfile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/frontend/Dockerfile b/frontend/Dockerfile
index c44c9f5..7f6b9f8 100644
--- a/frontend/Dockerfile
+++ b/frontend/Dockerfile
@@ -7,7 +7,10 @@ ARG VITE_API_URL=/api/v1
 ENV VITE_API_URL=${VITE_API_URL}
 RUN npm run build
 
-FROM nginxinc/nginx-unprivileged:stable-alpine
+FROM nginx:1-alpine-slim
+RUN apk upgrade --no-cache \
+    && mkdir -p /var/cache/nginx /var/run /var/log/nginx /tmp/nginx \
+    && chown -R nginx:nginx /var/cache/nginx /var/run /var/log/nginx /tmp/nginx
 COPY nginx.conf /etc/nginx/conf.d/default.conf
 COPY --from=build /app/dist /usr/share/nginx/html
 USER 101