harden(frontend): switch to nginx:alpine-slim with non-root runtime and nginx dir permission fixes

2026-02-14 17:47:26 +01:00
parent 418034f639
commit 5a0478f47d
1 changed files with 4 additions and 1 deletions
--- a/frontend/Dockerfile
+++ b/frontend/Dockerfile
@@ -7,7 +7,10 @@ ARG VITE_API_URL=/api/v1
 ENV VITE_API_URL=${VITE_API_URL}
 RUN npm run build

-FROM nginxinc/nginx-unprivileged:stable-alpine
+FROM nginx:1-alpine-slim
+RUN apk upgrade --no-cache \
+    && mkdir -p /var/cache/nginx /var/run /var/log/nginx /tmp/nginx \
+    && chown -R nginx:nginx /var/cache/nginx /var/run /var/log/nginx /tmp/nginx
 COPY nginx.conf /etc/nginx/conf.d/default.conf
 COPY --from=build /app/dist /usr/share/nginx/html
 USER 101