Allow frontend container to run as non-root user

Also clean it up a bit

deploy/docker-compose.yml

@@ -97,12 +97,6 @@ services:
     ports:
       # override those variables in your .env file if needed
       - "${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}:80"
-    command: >
-        sh -c "envsubst \"`env | awk -F = '{printf \" $$%s\", $$1}'`\"
-        < /etc/nginx/conf.d/funkwhale.template
-        > /etc/nginx/conf.d/default.conf
-        && cat /etc/nginx/conf.d/default.conf
-        && nginx -g 'daemon off;'"
 
 networks:
   default:

front/Dockerfile

@@ -1,4 +1,5 @@
 FROM node:16 as builder
+
 WORKDIR /app
 COPY package.json yarn.lock /app/
 COPY src /app/src/
@@ -9,7 +10,23 @@ COPY vite.config.js index.html embed.html /app/
 RUN yarn install
 RUN yarn build:deployment
 
+
 FROM nginx:1.23.0-alpine as final
+
 COPY --from=builder /app/dist /usr/share/nginx/html
 COPY docker/funkwhale.template /etc/nginx/conf.d/funkwhale.template
 COPY docker/funkwhale_proxy.conf /etc/nginx/funkwhale_proxy.conf
+
+# Allow running as non-root for custom setups
+RUN mkdir -p /var/log/nginx /var/cache/nginx /var/run/nginx && \
+    chown -R nginx:nginx /var/log/nginx /var/run/nginx /var/cache/nginx /etc/nginx && \
+    sed -e 's#/var/run/nginx.pid#/var/run/nginx/nginx.pid#' -i /etc/nginx/nginx.conf
+
+CMD ["sh", "-c", "envsubst \"`env | awk -F = '{printf \" $$%s\", $$1}'`\" \
+        < /etc/nginx/conf.d/funkwhale.template \
+        > /etc/nginx/conf.d/default.conf \
+        && cat /etc/nginx/conf.d/default.conf \
+        && nginx -g 'daemon off;'"]
+
+ENV FUNKWHALE_API_HOST=api
+ENV FUNKWHALE_API_PORT=5000

front/docker/funkwhale.template

@@ -1,6 +1,5 @@
 upstream funkwhale-api {
-    # depending on your setup, you may want to update this
+    server ${FUNKWHALE_API_HOST}:${FUNKWHALE_API_PORT};
-    server api:5000;
 }