diff --git a/server/Dockerfile b/server/Dockerfile
index 0c33afe..01bb91b 100644
--- a/server/Dockerfile
+++ b/server/Dockerfile
@@ -1,8 +1,11 @@
 # syntax=docker/dockerfile:1
-# Image officielle « non-root » (nginxinc) : pid, user, port 8080 — on n’imite pas nginx:alpine à coups de sed.
-# https://github.com/nginxinc/docker-nginx-unprivileged
+# Même logique que l’image upstream : UID/GID numériques, pas le nom « nginx ».
+# https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/stable/alpine/Dockerfile
 FROM nginxinc/nginx-unprivileged:stable-alpine
 
+ARG UID=101
+ARG GID=101
+
 USER root
 RUN --mount=type=cache,target=/var/cache/apk \
     apk add --no-cache git
@@ -21,16 +24,15 @@ RUN find . -mindepth 1 -delete \
 COPY nginx/default.conf /etc/nginx/conf.d/default.conf
 COPY refresh.sh /refresh.sh
 
-# Même UID que l’image (nginx, 101) ; pas de retouche manuelle de nginx.conf.
 RUN chmod +x /refresh.sh \
-  && chown -R nginx:nginx /usr/share/nginx/html /refresh.sh \
+  && chown -R "${UID}:${GID}" /usr/share/nginx/html /refresh.sh \
   && mkdir -p /home/nginx \
-  && chown nginx:nginx /home/nginx \
-  && su nginx -s /bin/sh -c 'HOME=/home/nginx git config --global --add safe.directory /usr/share/nginx/html'
+  && chown "${UID}:${GID}" /home/nginx \
+  && su "${UID}" -s /bin/sh -c 'HOME=/home/nginx git config --global --add safe.directory /usr/share/nginx/html'
 
 ENV HOME=/home/nginx
 
-USER nginx
+USER ${UID}
 
 EXPOSE 8080