Test build for #3167

Author: SUSE Update Bot

nginx-image/Dockerfile

@@ -25,7 +25,7 @@ COPY --from=target / /target
 
 RUN set -euo pipefail; \
     export PERMCTL_ALLOW_INSECURE_MODE_IF_NO_PROC=1; \
-    zypper -n --installroot /target --gpg-auto-import-keys install --no-recommends gawk nginx findutils envsubst
+    zypper -n --installroot /target --gpg-auto-import-keys install --no-recommends gawk nginx findutils envsubst sed grep
 # sanity check that the version from the tag is equal to the version of nginx that we expect
 RUN set -euo pipefail; \
     [ "$(rpm --root /target -q --qf '%{version}' nginx | \
@@ -69,5 +69,5 @@ COPY [1-3]0-*.sh /docker-entrypoint.d/
 COPY docker-entrypoint.sh /usr/local/bin
 COPY index.html /srv/www/htdocs/
 RUN set -euo pipefail; chmod +x /docker-entrypoint.d/*.sh /usr/local/bin/docker-entrypoint.sh
-RUN set -euo pipefail; install -d -o nginx -g nginx -m 750 /var/log/nginx;                 ln -sf /dev/stdout /var/log/nginx/access.log;                 ln -sf /dev/stderr /var/log/nginx/error.log
+RUN set -euo pipefail; install -d -o nginx -g nginx -m 750 /var/log/nginx;                 install -d /var/cache/nginx /var/run;                 ln -sf /dev/stdout /var/log/nginx/access.log;                 ln -sf /dev/stderr /var/log/nginx/error.log                 chown -R nginx:nginx /var/cache/nginx;                 chown -R nginx:nginx /etc/nginx;                 chown -R nginx:nginx /var/run;                 install -d -o nginx -g nginx /tmp/client_temp /tmp/proxy_temp /tmp/fastcgi_temp /tmp/uwsgi_temp /tmp/scgi_temp;                 chown -R nginx:nginx /tmp;                 chmod -R g+w /var/cache/nginx /var/log/nginx /etc/nginx /var/run /tmp
 STOPSIGNAL SIGQUIT

nginx-image/docker-entrypoint.sh

@@ -44,4 +44,21 @@ if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then
     fi
 fi
 
+CURRENT_UID=$(id -u)
+if [ "$CURRENT_UID" -gt "0" ]; then
+    # Running as Unprivileged User
+    entrypoint_log "$0: Running as unprivileged user (UID: $CURRENT_UID). Configuring for unprivileged mode (Port 8080)."
+
+    # Remove the 'user' directive
+    sed -i '/^user/d' /etc/nginx/nginx.conf
+    entrypoint_log "$0: Removed 'user' directive for unprivileged worker."
+
+    # Ensure PID path is set to /tmp/nginx.pid
+    sed -i 's,^#\?\s*pid\s\+.*;$,pid /tmp/nginx.pid;,' /etc/nginx/nginx.conf
+    sed -i "/^http {/a \        proxy_temp_path /tmp/proxy_temp;\n        client_body_temp_path /tmp/client_temp;\n        fastcgi_temp_path /tmp/fastcgi_temp;\n        uwsgi_temp_path /tmp/uwsgi_temp;\n        scgi_temp_path /tmp/scgi_temp;\n" /etc/nginx/nginx.conf
+    sed -i 's/listen \(.*\)80;/listen \18080;/' /etc/nginx/conf.d/default.conf 2>/dev/null || \
+    sed -i 's/listen \(.*\)80;/listen \18080;/' /etc/nginx/nginx.conf 2>/dev/null || true
+    entrypoint_log "$0: Listening on port 8080."
+fi
+
 exec "$@"