From 7f08d3b38060c71e6500613b61a61430b6907435 Mon Sep 17 00:00:00 2001
From: Freyja Odinthrir <freyja@raer.me>
Date: Fri, 6 Sep 2024 02:11:20 -0700
Subject: [PATCH] Update to rootless nginx.

---
 .conf/nginx/nginx.conf            | 2 +-
 .conf/supervisor/supervisord.conf | 2 +-
 Dockerfile                        | 7 ++++++-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/.conf/nginx/nginx.conf b/.conf/nginx/nginx.conf
index eac684b..b156fa5 100644
--- a/.conf/nginx/nginx.conf
+++ b/.conf/nginx/nginx.conf
@@ -1,5 +1,5 @@
 worker_processes 4;
-pid /run/nginx.pid;
+pid /tmp/nginx.pid;
 
 
 error_log /dev/stderr info;
diff --git a/.conf/supervisor/supervisord.conf b/.conf/supervisor/supervisord.conf
index 11c40b8..6b75833 100644
--- a/.conf/supervisor/supervisord.conf
+++ b/.conf/supervisor/supervisord.conf
@@ -2,7 +2,7 @@
 nodaemon=true
 logfile=/dev/null
 logfile_maxbytes=0
-pidfile=/run/supervisord.pid
+pidfile=/tmp/supervisord.pid
 
 
 [program:nginx]
diff --git a/Dockerfile b/Dockerfile
index a1940b5..792aa55 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,12 +4,17 @@
 ##      Used by automation. Can be built manually for testing.
 ##
 ####
-FROM alpine:3.17
+FROM alpine:3.20
 RUN apk add nginx supervisor
 RUN mkdir -p /var/www
 RUN rm -rf /etc/nginx
 COPY build /var/www/build
 COPY .conf/nginx /etc/nginx
 COPY .conf/supervisor/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+RUN chown -R nobody /var/www
+RUN chown -R nobody /etc/nginx
+RUN chown -R nobody /var/www/build
+RUN chown -R nobody /etc/supervisor/conf.d/
+USER nobody
 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
 EXPOSE 80
\ No newline at end of file