run as non privileged user for security

Author: eatwithforks

Dockerfile

@@ -34,6 +34,12 @@ ADD entrypoint.sh /entrypoint.sh
 ADD create_ca_cert.sh /create_ca_cert.sh
 RUN chmod +x /create_ca_cert.sh /entrypoint.sh
 
+# Allow running nginx with unprivileged user
+RUN chown 1000:1000 /etc/nginx && \
+    mkdir /certs && chown 1000:1000 /certs
+
+USER 1000:1000
+
 # Clients should only use 3128, not anything else.
 EXPOSE 3128
 
@@ -53,4 +59,4 @@ ENV DEBUG="false"
 ENV DEBUG_NGINX="false"
 
 # Did you want a shell? Sorry, the entrypoint never returns, because it runs nginx itself. Use 'docker exec' if you need to mess around internally.
-ENTRYPOINT ["/entrypoint.sh"]
+ENTRYPOINT ["/entrypoint.sh"]