feat: implement non-root user security for Docker container

2025-10-22 19:10:33 -07:00
parent be6c15fef2
commit 8ac62b48a6
5 changed files with 148 additions and 0 deletions
--- a/13
+++ b/13
@@ -17,9 +17,22 @@ RUN npm run build -- --mode production
 # Production stage
 FROM nginx:alpine

+ARG APP_USER_ID=1001
+ARG APP_GROUP_ID=1001
+
+RUN addgroup -g $APP_GROUP_ID bentopdf && \
+    adduser -u $APP_USER_ID -G bentopdf -D -s /bin/sh bentopdf
+
 COPY --from=builder /app/dist /usr/share/nginx/html
 COPY nginx.conf /etc/nginx/nginx.conf

+RUN mkdir -p /var/cache/nginx /var/log/nginx /var/run/nginx && \
+    chown -R bentopdf:bentopdf /usr/share/nginx/html /var/cache/nginx /var/log/nginx /var/run/nginx
+
+RUN sed -i 's/user nginx;/user bentopdf;/' /etc/nginx/nginx.conf
+
 EXPOSE 80

+USER bentopdf
+
 CMD ["nginx", "-g", "daemon off;"]