Changes included in this PR nginx-wsgi-flask/nginx/Dockerfile We recommend upgrading to nginx:1.20.1-alpine, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected. Some of the most important vulnerabilities in your base image include: Severity Priority Score / 1000 Issue Exploit Maturity critical severity 500 Out-of-bounds Read SNYK-ALPINE313-APKTOOLS-1533754 No Known Exploit critical severity 500 Double Free SNYK-ALPINE313-CURL-1585246 No Known Exploit critical severity 500 Double Free SNYK-ALPINE313-CURL-1585246 No Known Exploit critical severity 500 Buffer Overflow SNYK-ALPINE313-OPENSSL-1569448 No Known Exploit critical severity 500 Buffer Overflow SNYK-ALPINE313-OPENSSL-1569448 No Known Exploit
33 lines
1.0 KiB
Docker
33 lines
1.0 KiB
Docker
FROM nginx:1.20.1-alpine
|
|
|
|
# Add bash for boot cmd
|
|
RUN apk add bash
|
|
|
|
# Add nginx.conf to container
|
|
COPY --chown=nginx:nginx nginx.conf /etc/nginx/nginx.conf
|
|
COPY --chown=nginx:nginx start.sh /app/start.sh
|
|
|
|
# set workdir
|
|
WORKDIR /app
|
|
|
|
# permissions and nginx user for tightened security
|
|
RUN chown -R nginx:nginx /app && chmod -R 755 /app && \
|
|
chown -R nginx:nginx /var/cache/nginx && \
|
|
chown -R nginx:nginx /var/log/nginx && \
|
|
chmod -R 755 /var/log/nginx; \
|
|
chown -R nginx:nginx /etc/nginx/conf.d
|
|
RUN touch /var/run/nginx.pid && chown -R nginx:nginx /var/run/nginx.pid
|
|
|
|
# # Uncomment to keep the nginx logs inside the container - Leave commented for logging to stdout and stderr
|
|
# RUN mkdir -p /var/log/nginx
|
|
# RUN unlink /var/log/nginx/access.log \
|
|
# && unlink /var/log/nginx/error.log \
|
|
# && touch /var/log/nginx/access.log \
|
|
# && touch /var/log/nginx/error.log \
|
|
# && chown nginx /var/log/nginx/*log \
|
|
# && chmod 644 /var/log/nginx/*log
|
|
|
|
USER nginx
|
|
|
|
CMD ["nginx", "-g", "'daemon off;'"]
|