curo1305
a5baef73d9
- backend: appuser UID/GID 1001 via useradd, USER directive, --chown on COPY - frontend builder: appuser UID/GID 1001 via adduser, USER directive - frontend prod: switch to nginxinc/nginx-unprivileged:alpine (nginx UID 101), listen on 8080 - docker-compose: explicit user: for all services (70:70 db, 1001:1001 backend/frontend-dev, 101:101 frontend-prod) - nginx.conf: listen 8080 to match unprivileged image Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
18 lines
410 B
Nginx Configuration File
18 lines
410 B
Nginx Configuration File
server {
|
|
listen 8080;
|
|
root /usr/share/nginx/html;
|
|
index index.html;
|
|
|
|
# Proxy API calls to the backend container
|
|
location /api/ {
|
|
proxy_pass http://backend:8000;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
}
|
|
|
|
# SPA fallback — all non-asset routes serve index.html
|
|
location / {
|
|
try_files $uri $uri/ /index.html;
|
|
}
|
|
}
|