From 935ae0d150577402203d123931cf5f16a1af0678 Mon Sep 17 00:00:00 2001
From: Asif Bacchus <asif@linuxprogramming.test.bacchus.network>
Date: Mon, 11 Nov 2019 00:04:15 -0700
Subject: [PATCH] add dedicated user for better permission control

---
 build/Dockerfile        | 21 ++++++++++++++++++---
 build/config/nginx.conf |  4 ++--
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/build/Dockerfile b/build/Dockerfile
index 9954a9f..b50a4b5 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -1,5 +1,20 @@
 FROM nginx:mainline-alpine
 
+# default username and uid for nginx user
+ARG USER=www-docker
+ARG UID=8001
+
+# create nginx user
+RUN addgroup --gid ${UID} ${USER} \
+    && adduser \
+        --disabled-password \
+        --gecos 'nginx docker system user' \
+        --home '/usr/share/nginx/html' \
+        --ingroup ${USER} \
+        --no-create-home \
+        --uid ${UID} \
+        ${USER}
+
 # add fun error pages & LetsEncrypt challenge directory outside webroot
 RUN apk --no-cache add git \
     && cd /usr/share/nginx \
@@ -19,7 +34,7 @@ LABEL org.label-schema.schema-version="1.0"
 LABEL org.label-schema.url="https://git.asifbacchus.app/ab-docker/ab-nginx"
 LABEL org.label-schema.usage="https://git.asifbacchus.app/ab-docker/ab-nginx/wiki"
 LABEL org.label-schema.vcs-url="https://git.asifbacchus.app/ab-docker/ab-nginx.git"
-LABEL org.label-schema.version="1.05"
+LABEL org.label-schema.version="1.5"
 
 # copy configuration files
 COPY entrypoint.sh /entrypoint.sh
@@ -31,10 +46,10 @@ COPY webroot /usr/share/nginx/html/
 EXPOSE 80 443
 
 # clean-up permissions
-RUN chown -R nginx:nginx /usr/share/nginx/html \
+RUN chown -R ${USER}:${USER} /usr/share/nginx/html \
     && find /usr/share/nginx/html -type d -exec chmod 775 {} \; \
     && find /usr/share/nginx/html -type f -exec chmod 664 {} \; \
-    && chown -R nginx:nginx /etc/nginx \
+    && chown -R ${USER}:${USER} /etc/nginx \
     && find /etc/nginx -type d -exec chmod 770 {} \; \
     && find /etc/nginx -type f -exec chmod 660 {} \;
 
diff --git a/build/config/nginx.conf b/build/config/nginx.conf
index 2bef7e3..3c45fc8 100644
--- a/build/config/nginx.conf
+++ b/build/config/nginx.conf
@@ -2,7 +2,7 @@
 ### NGINX main configuration
 #
 
-user nginx;
+user www-docker;
 worker_processes 1;
 pid /var/run/nginx.pid;
 
@@ -24,7 +24,7 @@ http {
     include /etc/nginx/mime.types;
 
     # set default index and webroot
-    index index.php index.html;
+    index index.html index.htm default.htm;
     root /usr/share/nginx/html;
 
     # logging options (off by default for performance)