breaking(setup): use non-root image for immich-proxy (#651)

* feat(nginx): use non-root container for immich-proxy

Signed-off-by: PixelJonas <5434875+PixelJonas@users.noreply.github.com>

* re-add test env

* feat(nginx): add correct port for staging

* add the new port to the default docker-compose.yml

Signed-off-by: PixelJonas <5434875+PixelJonas@users.noreply.github.com>

docker/docker-compose.dev.yml

@@ -102,8 +102,7 @@ services:
       context: ../nginx
       dockerfile: Dockerfile
     ports:
-      - 2283:80
-      - 2284:443
+      - 2283:8080
     logging:
       driver: none
     depends_on:

docker/docker-compose.staging.yml

@@ -72,8 +72,7 @@ services:
     container_name: immich_proxy
     image: altran1502/immich-proxy:staging
     ports:
-      - 2283:80
-      - 2284:443
+      - 2283:8080
     logging:
       driver: none
     depends_on:

docker/docker-compose.yml

@@ -74,7 +74,7 @@ services:
     container_name: immich_proxy
     image: altran1502/immich-proxy:release
     ports:
-      - 2283:80
+      - 2283:8080
     logging:
       driver: none
     depends_on:

nginx/Dockerfile

@@ -1,6 +1,5 @@
-FROM nginx:latest
+FROM registry.access.redhat.com/ubi9/nginx-120:latest
 
-COPY nginx.conf /etc/nginx/conf.d/default.conf
+COPY nginx.conf "${NGINX_CONF_PATH}"
 
-EXPOSE 80
-EXPOSE 443
+CMD nginx -g "daemon off;"

nginx/nginx.conf

@@ -1,4 +1,17 @@
 
+
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
   map $http_upgrade $connection_upgrade {
     default upgrade;
     '' close;
@@ -16,7 +29,7 @@ server {
 
     client_max_body_size 50000M;
 
-  listen 80;
+    listen 8080;
     access_log off;
 
     location /api {
@@ -71,3 +84,4 @@ server {
       proxy_pass http://immich-web:3000;
     }
   }
+}