From 452baddd16cc6ba61a073837d6f0f5c1246f7c8c Mon Sep 17 00:00:00 2001
From: Peter Levart <peter.levart@gmail.com>
Date: Thu, 3 Jul 2025 22:43:37 +0200
Subject: [PATCH 1/2] fix permissions of files to allow running as non-root

---
 Dockerfile | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index d5098ae8f8a..3e563a007d1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -24,14 +24,16 @@ ENV API_KEY="**None**" \
     CORS="true" \
     EMBEDDING="false"
 
-COPY --chown=nginx:nginx --chmod=0666 ./docker/default.conf.template ./docker/cors.conf ./docker/embedding.conf /etc/nginx/templates/
+COPY --chmod=0644 ./docker/default.conf.template ./docker/cors.conf ./docker/embedding.conf /etc/nginx/templates/
 
 COPY --chmod=0666 ./dist/* /usr/share/nginx/html/
-COPY --chmod=0555 ./docker/docker-entrypoint.d/ /docker-entrypoint.d/
-COPY --chmod=0666 ./docker/configurator /usr/share/nginx/configurator
+COPY --chmod=0755 ./docker/docker-entrypoint.d/ /docker-entrypoint.d/
+COPY --chmod=0644 ./docker/configurator /usr/share/nginx/configurator
 
 # Simulates running NGINX as a non root; in future we want to use nginxinc/nginx-unprivileged.
 # In future we will have separate unpriviledged images tagged as v5.1.2-unprivileged.
-RUN chmod 777 /usr/share/nginx/html/ /etc/nginx/conf.d/ /etc/nginx/conf.d/default.conf /var/cache/nginx/ /var/run/
+RUN chmod 777 /etc/nginx/conf.d/ /usr/share/nginx/html/ /var/cache/nginx/ /var/run/ && \
+    chmod 666 /etc/nginx/conf.d/default.conf /usr/share/nginx/html/swagger-initializer.js && \
+    chmod 755 /etc/nginx/templates /usr/share/nginx/configurator
 
 EXPOSE 8080

From 972ff8b7f8caf9742a9d8d9bfafd91ee73e89627 Mon Sep 17 00:00:00 2001
From: Peter Levart <peter.levart@gmail.com>
Date: Thu, 3 Jul 2025 23:06:14 +0200
Subject: [PATCH 2/2] files in /usr/share/nginx/html/ don't need to be
 overwritten except one: swagger-initializer.js

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 3e563a007d1..27e167a9fdd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -26,7 +26,7 @@ ENV API_KEY="**None**" \
 
 COPY --chmod=0644 ./docker/default.conf.template ./docker/cors.conf ./docker/embedding.conf /etc/nginx/templates/
 
-COPY --chmod=0666 ./dist/* /usr/share/nginx/html/
+COPY --chmod=0644 ./dist/* /usr/share/nginx/html/
 COPY --chmod=0755 ./docker/docker-entrypoint.d/ /docker-entrypoint.d/
 COPY --chmod=0644 ./docker/configurator /usr/share/nginx/configurator