From 2fd91038b59946b0f79001578d816e2f473e7989 Mon Sep 17 00:00:00 2001
From: Christian Felder <c.felder@fz-juelich.de>
Date: Wed, 6 Nov 2024 16:53:37 -0500
Subject: [PATCH 1/3] Dockerfile: use unprivileged nginx

This allows running this container w/ arbitrary uid support
---
 CI/e2e/docker-compose.e2e.yaml | 2 +-
 Dockerfile                     | 6 ++----
 scripts/nginx.conf             | 4 ++--
 3 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/CI/e2e/docker-compose.e2e.yaml b/CI/e2e/docker-compose.e2e.yaml
index c80cfd218..88bc220b4 100644
--- a/CI/e2e/docker-compose.e2e.yaml
+++ b/CI/e2e/docker-compose.e2e.yaml
@@ -48,7 +48,7 @@ services:
     build:
       context: .
     ports:
-      - 4200:80
+      - 4200:8080
     volumes:
       - "./CI/e2e/frontend.config.e2e.json:/usr/share/nginx/html/assets/config.json"
     depends_on:
diff --git a/Dockerfile b/Dockerfile
index 5fd4c5dc7..ec8e2db2b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,8 +8,6 @@ RUN npm ci
 COPY . /frontend/
 RUN npx ng build
 
-FROM nginx:1.25-alpine
-RUN rm -rf /usr/share/nginx/html/*
+FROM nginxinc/nginx-unprivileged
 COPY --from=builder /frontend/dist/ /usr/share/nginx/html/
-COPY scripts/nginx.conf /etc/nginx/nginx.conf
-EXPOSE 80
+EXPOSE 8080
diff --git a/scripts/nginx.conf b/scripts/nginx.conf
index 525bde35c..a52262e1f 100644
--- a/scripts/nginx.conf
+++ b/scripts/nginx.conf
@@ -31,8 +31,8 @@ http {
     default_type        application/octet-stream;
 
     server {
-        listen       80 default_server;
-        listen       [::]:80 default_server;
+        listen       8080 default_server;
+        listen       [::]:8080 default_server;
         server_name  _;
         root         /usr/share/nginx/html;
 

From 2f3ff43dd96afef7406f01c85432b293b500c4b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Pedersen?= <bjoern.pedersen@frm2.tum.de>
Date: Fri, 27 Dec 2024 12:35:31 +0100
Subject: [PATCH 2/3] Fix  things deleted to much

Change-Id: Ia245afd6a832889bd057ae3e6755f30910f96edf
---
 Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index ec8e2db2b..aa88633fa 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,5 +9,7 @@ COPY . /frontend/
 RUN npx ng build
 
 FROM nginxinc/nginx-unprivileged
+RUN rm -rf /usr/share/nginx/html/*
 COPY --from=builder /frontend/dist/ /usr/share/nginx/html/
+COPY scripts/nginx.conf /etc/nginx/nginx.conf
 EXPOSE 8080

From c60321945002035c7ccfd786a37884c2caace30a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Pedersen?= <bjoern.pedersen@frm2.tum.de>
Date: Fri, 27 Dec 2024 12:42:40 +0100
Subject: [PATCH 3/3] Fix pid path and user for docker file actions

Change-Id: I5f4e45ab694e7aa8fdefaf66911b49e74deb1403
---
 Dockerfile         | 4 +++-
 scripts/nginx.conf | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index aa88633fa..3f0a03cd8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,7 +9,9 @@ COPY . /frontend/
 RUN npx ng build
 
 FROM nginxinc/nginx-unprivileged
+USER root
 RUN rm -rf /usr/share/nginx/html/*
-COPY --from=builder /frontend/dist/ /usr/share/nginx/html/
 COPY scripts/nginx.conf /etc/nginx/nginx.conf
+USER 101
+COPY --from=builder /frontend/dist/ /usr/share/nginx/html/
 EXPOSE 8080
diff --git a/scripts/nginx.conf b/scripts/nginx.conf
index a52262e1f..fdac68dc6 100644
--- a/scripts/nginx.conf
+++ b/scripts/nginx.conf
@@ -5,7 +5,7 @@
 user nginx;
 worker_processes auto;
 error_log /var/log/nginx/error.log;
-pid /run/nginx.pid;
+pid /tmp/nginx.pid;
 
 # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
 include /usr/share/nginx/modules/*.conf;