How to run an nginx container as non root?

Question

Every time I try to run the container as non root, I get the following error:

 the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:2

Dockerfile:

FROM nginx:1.17.6
RUN chown -R nginx:nginx /var/cache/nginx && \
        chown -R nginx:nginx /var/log/nginx && \
        chown -R nginx:nginx /etc/nginx/conf.d
RUN chmod -R 777 /etc/nginx/conf.d

USER nginx

COPY app/build /usr/share/nginx/html

RUN rm /etc/nginx/conf.d/default.conf

COPY nginx/nginx.conf /etc/nginx/conf.d


CMD ["nginx","-g","daemon off;"]

Answer 1

try to add this

RUN mkdir -p /var/cache/nginx && chown -R ${USER}:${GROUP} /var/cache/nginx && \
    mkdir -p /var/log/nginx  && chown -R ${USER}:${GROUP} /var/log/nginx && \
    mkdir -p /var/lib/nginx  && chown -R ${USER}:${GROUP} /var/lib/nginx && \
    touch /run/nginx.pid && chown -R ${USER}:${GROUP} /run/nginx.pid && \
    mkdir -p /etc/nginx/templates /etc/nginx/ssl/certs && \
    chown -R ${USER}:${GROUP} /etc/nginx && \
    chmod -R 777 /etc/nginx/conf.d

# disable nginx user cuz running as non-root
RUN sed -i 's/user nginx;/#user nginx;/g' /etc/nginx/nginx.conf

USER ${USER}

EXPOSE 80 443

CMD ["nginx", "-g", "daemon off;"]

Answer 2

You can remove (or comment) the user directive at the top of your nginx.conf file.

This directive is relevant when you run nginx as root. It defines the user possessing the pid of your nginx subprocesses.

When you don't run nginx as root this directive is irrelevant, your nginx subprocesses run with your current user.

Answer 3

Use the rootless docker-imager from nginx.

Image

nginxinc/nginx-unprivileged  

DockerHub
https://hub.docker.com/r/nginxinc/nginx-unprivileged

GitHub
https://github.com/nginxinc/docker-nginx-unprivileged