From 4a5cbb950b61ee9f0f43b2a3fe96117100c42626 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Le=20Pr=C3=A9vost-Corvellec=20Arnault?=
 <arnault.le.prevost.corvellec@carbon-it.com>
Date: Wed, 8 Apr 2026 22:06:28 +0200
Subject: [PATCH] Refactor Dockerfile to parameterize user and group IDs for
 enhanced flexibility

- Introduced ARG variables for UID and GID to allow dynamic user and group configuration.
- Updated ownership commands to utilize the new UID and GID parameters, improving compatibility with different environments.
- Maintained non-root user practices while ensuring proper permissions for Nginx and associated files.
---
 server/Dockerfile | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/server/Dockerfile b/server/Dockerfile
index 0c33afe..01bb91b 100644
--- a/server/Dockerfile
+++ b/server/Dockerfile
@@ -1,8 +1,11 @@
 # syntax=docker/dockerfile:1
-# Image officielle « non-root » (nginxinc) : pid, user, port 8080 — on n’imite pas nginx:alpine à coups de sed.
-# https://github.com/nginxinc/docker-nginx-unprivileged
+# Même logique que l’image upstream : UID/GID numériques, pas le nom « nginx ».
+# https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/stable/alpine/Dockerfile
 FROM nginxinc/nginx-unprivileged:stable-alpine
 
+ARG UID=101
+ARG GID=101
+
 USER root
 RUN --mount=type=cache,target=/var/cache/apk \
     apk add --no-cache git
@@ -21,16 +24,15 @@ RUN find . -mindepth 1 -delete \
 COPY nginx/default.conf /etc/nginx/conf.d/default.conf
 COPY refresh.sh /refresh.sh
 
-# Même UID que l’image (nginx, 101) ; pas de retouche manuelle de nginx.conf.
 RUN chmod +x /refresh.sh \
-  && chown -R nginx:nginx /usr/share/nginx/html /refresh.sh \
+  && chown -R "${UID}:${GID}" /usr/share/nginx/html /refresh.sh \
   && mkdir -p /home/nginx \
-  && chown nginx:nginx /home/nginx \
-  && su nginx -s /bin/sh -c 'HOME=/home/nginx git config --global --add safe.directory /usr/share/nginx/html'
+  && chown "${UID}:${GID}" /home/nginx \
+  && su "${UID}" -s /bin/sh -c 'HOME=/home/nginx git config --global --add safe.directory /usr/share/nginx/html'
 
 ENV HOME=/home/nginx
 
-USER nginx
+USER ${UID}
 
 EXPOSE 8080