From ef31d8e02585495e75a01cc9a46aad70507dfcc5 Mon Sep 17 00:00:00 2001
From: Revant Nandgaonkar <revant.one@gmail.com>
Date: Thu, 18 Nov 2021 22:23:54 +0530
Subject: [PATCH 1/3] feat(frappe-nginx): use nginxinc/nginx-unprivileged image

---
 build/frappe-nginx/Dockerfile | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/build/frappe-nginx/Dockerfile b/build/frappe-nginx/Dockerfile
index 46c9a07a..e0520af6 100644
--- a/build/frappe-nginx/Dockerfile
+++ b/build/frappe-nginx/Dockerfile
@@ -44,13 +44,17 @@ RUN git clone --depth 1 https://github.com/frappe/bench /tmp/bench \
 RUN cp -R apps/frappe/frappe/public/* sites/assets/frappe \
     && cp -R apps/frappe/node_modules sites/assets/frappe/
 
-FROM nginx:latest
+FROM nginxinc/nginx-unprivileged:latest
 
 COPY --from=builder /home/frappe/frappe-bench/sites /var/www/html/
 COPY --from=builder /var/www/error_pages /var/www/
 COPY build/frappe-nginx/nginx-default.conf.template /etc/nginx/conf.d/default.conf.template
 COPY build/frappe-nginx/docker-entrypoint.sh /
 
+USER root
+
+RUN usermod -u 1000 nginx && groupmod -g 1000 nginx
+
 RUN apt-get update \
     && apt-get install --no-install-recommends -y \
     rsync \
@@ -61,5 +65,9 @@ RUN echo "#!/bin/bash" > /rsync \
 
 VOLUME [ "/assets" ]
 
+RUN chown -R nginx:nginx /assets /etc/nginx/conf.d/
+
+USER nginx
+
 ENTRYPOINT ["/docker-entrypoint.sh"]
 CMD ["nginx", "-g", "daemon off;"]

From 863446031573ba18ec96dd20bdcf3e47844bae3d Mon Sep 17 00:00:00 2001
From: Revant Nandgaonkar <revant.one@gmail.com>
Date: Thu, 18 Nov 2021 22:48:22 +0530
Subject: [PATCH 2/3] fix(frappe-nginx): create /assets dir

---
 build/frappe-nginx/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/frappe-nginx/Dockerfile b/build/frappe-nginx/Dockerfile
index e0520af6..21e85fc7 100644
--- a/build/frappe-nginx/Dockerfile
+++ b/build/frappe-nginx/Dockerfile
@@ -17,7 +17,6 @@ RUN apt-get update \
     git \
     build-essential \
     wget \
-    python2 \
     && rm -rf /var/lib/apt/lists/*
 
 # Install nvm with node and yarn
@@ -63,6 +62,7 @@ RUN apt-get update \
 RUN echo "#!/bin/bash" > /rsync \
     && chmod +x /rsync
 
+RUN mkdir /assets
 VOLUME [ "/assets" ]
 
 RUN chown -R nginx:nginx /assets /etc/nginx/conf.d/

From c04edf8b6bf7227b3785ba20b969311560106d87 Mon Sep 17 00:00:00 2001
From: Revant Nandgaonkar <revant.one@gmail.com>
Date: Thu, 18 Nov 2021 23:54:22 +0530
Subject: [PATCH 3/3] fix(frappe-nginx): install python2 for v12 builds

---
 build/frappe-nginx/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/build/frappe-nginx/Dockerfile b/build/frappe-nginx/Dockerfile
index 21e85fc7..69783c9f 100644
--- a/build/frappe-nginx/Dockerfile
+++ b/build/frappe-nginx/Dockerfile
@@ -17,6 +17,8 @@ RUN apt-get update \
     git \
     build-essential \
     wget \
+    # python2 for version-12 builds
+    python2 \
     && rm -rf /var/lib/apt/lists/*
 
 # Install nvm with node and yarn