From 8d13f074555c21390d2f5264fa73c0e5143f6ce0 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Thu, 18 Jul 2024 22:55:57 +0200
Subject: [PATCH] refactor: restructure config to simplify volume mounts

---
 Containerfile.multiarch                       | 20 ++++++++---------
 .../nginx/{vhost.conf => conf.d/vhosts.conf}  |  0
 overlay/etc/nginx/nginx.conf                  | 22 +++++++++----------
 3 files changed, 20 insertions(+), 22 deletions(-)
 rename overlay/etc/nginx/{vhost.conf => conf.d/vhosts.conf} (100%)

diff --git a/Containerfile.multiarch b/Containerfile.multiarch
index 2b410c4..1484ad0 100644
--- a/Containerfile.multiarch
+++ b/Containerfile.multiarch
@@ -16,26 +16,24 @@ RUN addgroup -g 101 -S nginx && \
     apk --update add --virtual .build-deps curl && \
     apk --update --no-cache add nginx ca-certificates && \
     apk --no-cache upgrade libcrypto3 libssl3 && \
+    apk del .build-deps && \
     rm -rf /var/www && \
     rm -rf /etc/nginx/conf.d && \
-    touch /run/nginx.pid && \
-    chown nginx /run/nginx.pid && \
-    chown -R nginx /var/log/nginx && \
-    mkdir -p /var/cache/nginx && \
-    chown -R nginx /var/cache/nginx && \
-    chmod -R 750 /var/cache/nginx && \
-    chown -R nginx:nginx /var/lib/nginx/html && \
-    chmod -R 750 /var/lib/nginx/html && \
-    apk del .build-deps && \
     rm -rf /var/cache/apk/* && \
     rm -rf /tmp/*
 
 ADD overlay/ /
 
+RUN mkdir -p /var/tmp/nginx /var/cache/nginx && \
+chown -R nginx /var/tmp/nginx /var/cache/nginx && \
+chown -R nginx:nginx /var/lib/nginx/html && \
+chown -R root:nginx /etc/nginx /etc/nginx/conf.d && \
+chmod -R 640 /etc/nginx /etc/nginx/conf.d && \
+chmod 750 /var/lib/nginx/html /var/cache/nginx /etc/nginx /etc/nginx/conf.d
+
 EXPOSE 8080
+
 STOPSIGNAL SIGTERM
 
 WORKDIR /var/lib/nginx/html
-USER 101
-
 CMD ["nginx", "-g", "daemon off;"]
diff --git a/overlay/etc/nginx/vhost.conf b/overlay/etc/nginx/conf.d/vhosts.conf
similarity index 100%
rename from overlay/etc/nginx/vhost.conf
rename to overlay/etc/nginx/conf.d/vhosts.conf
diff --git a/overlay/etc/nginx/nginx.conf b/overlay/etc/nginx/nginx.conf
index 2fe3efb..535235e 100644
--- a/overlay/etc/nginx/nginx.conf
+++ b/overlay/etc/nginx/nginx.conf
@@ -1,24 +1,24 @@
 worker_processes 1;
-pid /var/run/nginx.pid;
+pid /var/tmp/nginx/nginx.pid;
+error_log stderr error;
 
 events {
     worker_connections 1024;
 }
 
 http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
 
-    sendfile           on;
-    tcp_nopush         on;
-    tcp_nodelay        on;
-    keepalive_timeout  65;
-    server_tokens      off;
-    access_log         off;
-    error_log          /dev/stderr;
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    server_tokens off;
+    access_log off;
 
     fastcgi_buffers 16 16k;
     fastcgi_buffer_size 32k;
 
-    include /etc/nginx/vhost.conf;
+    include /etc/nginx/conf.d/vhosts.conf;
 }