From 02889f65a7a97c18e2385207857f0093e187f840 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20PAILHAREY?= <rpailharey@grandlyon.com>
Date: Tue, 18 Oct 2022 12:00:59 +0000
Subject: [PATCH] fix: nginx unprivileged image

---
 Dockerfile               |  4 ++--
 docker-compose.local.yml |  2 +-
 nginx/nginx.conf         |  2 +-
 nginx/site.conf          |  3 +++
 nginx/site.prod.conf     | 12 +++---------
 5 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 2e64a321..9c786b84 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,9 +9,9 @@ COPY ./ /app/
 RUN yarn build
 
 # Stage 1, based on Nginx, to have only the compiled app, ready for production with Nginx
-FROM nginx:1.16
+FROM nginxinc/nginx-unprivileged:1.23
 COPY --from=build-stage /app/build/ /usr/share/nginx/html
 COPY ./nginx/nginx.conf /etc/nginx/nginx.conf
 COPY ./nginx/site.prod.conf /etc/nginx/conf.d/default.conf
-EXPOSE 80
+EXPOSE 8080
 CMD ["nginx", "-g", "daemon off;"]
\ No newline at end of file
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index dff40782..b8fef645 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -1,7 +1,7 @@
 version: '3.7'
 services:
   nginx:
-    image: nginx:1.16
+    image: nginxinc/nginx-unprivileged:1.23
     volumes:
       - ./nginx/nginx.conf:/etc/nginx/nginx.conf
       - ./nginx/site.conf:/etc/nginx/conf.d/default.conf
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index af0a4a69..1ca6ae71 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -1,6 +1,6 @@
 worker_processes  auto;
 error_log  /var/log/nginx/error.log warn;
-pid        /var/run/nginx.pid;
+pid        /tmp/nginx.pid;
 
 events {
     worker_connections  1024;
diff --git a/nginx/site.conf b/nginx/site.conf
index 8304b5b0..cf2467c3 100644
--- a/nginx/site.conf
+++ b/nginx/site.conf
@@ -24,6 +24,9 @@ server {
         location /swagger {
             proxy_pass https://backend:1443/swagger;
         }
+        location /imageNames {
+            proxy_pass https://backend:1443/api/admin/imageNames;
+        }
         location /assets {
             proxy_pass https://backend:1443/assets;
         }
diff --git a/nginx/site.prod.conf b/nginx/site.prod.conf
index e9fdd62d..bd895ca5 100644
--- a/nginx/site.prod.conf
+++ b/nginx/site.prod.conf
@@ -1,13 +1,12 @@
 server {
         listen 8080;
-        server_name         ecolyo-agent.self-data.alpha.grandlyon.com;
+        server_name         ecolyo-agent.apps.grandlyon.com;
 
         location / {
             root /usr/share/nginx/html;
             index index.html index.htm;
             try_files $uri $uri/ /index.html =404;
         }
-        
         location /api {  
             proxy_pass https://backend:1443/api;
         }
@@ -26,13 +25,8 @@ server {
         location /imageNames {
             proxy_pass https://backend:1443/api/admin/imageNames;
         }
-        
-        location ~ ^/assets/(.+\.(?:gif|jpe?g|svg))$  {
-          alias /usr/share/nginx/html/lib/$1;
-          gzip_static on;
-          expires max;
-          add_header Cache-Control public;
+        location /assets {
+            proxy_pass https://backend:1443/assets;
         }
-        
 }
 
-- 
GitLab