Configure nginx to run as an unprivileged user (#75)

* Update npm

* Add default nginx.conf

* Log starting

Dockerfile

@@ -35,7 +35,8 @@ RUN apt-get update && apt-get install -y \
     && curl -Ls "https://github.com/hassio-addons/bashio/archive/v${BASHIO_VERSION}.tar.gz" | tar xz --strip 1 -C /tmp/bashio \
     && mv /tmp/bashio/lib /usr/lib/bashio \
     && ln -s /usr/lib/bashio/bashio /usr/bin/bashio \
-    && rm -rf /tmp/bashio
+    && rm -rf /tmp/bashio \
+    && npm install -g npm@latest
 
 COPY rootfs /
 RUN chmod a+x /etc/services.d/*/run /etc/services.d/*/finish

rootfs/etc/nginx/nginx.conf

@@ -0,0 +1,27 @@
+worker_processes auto;
+pid /tmp/nginx.pid;
+error_log /tmp/error.log;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+  worker_connections 768;
+}
+
+http {
+  client_body_temp_path /tmp/client_temp;
+  proxy_temp_path /tmp/proxy_temp_path;
+  fastcgi_temp_path /tmp/fastcgi_temp;
+  uwsgi_temp_path /tmp/uwsgi_temp;
+  scgi_temp_path /tmp/scgi_temp;
+  sendfile on;
+  tcp_nopush on;
+  types_hash_max_size 2048;
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
+  ssl_prefer_server_ciphers on;
+  access_log /tmp/access.log;
+  gzip on;
+  include /etc/nginx/conf.d/*.conf;
+  include /etc/nginx/sites-enabled/*;
+}

rootfs/etc/services.d/nginx/run

@@ -1,5 +1,6 @@
 #!/command/with-contenv bashio
 # -*- bash -*-
 # shellcheck shell=bash
-mkdir /run/nginx
+
+bashio::log.info "Starting NGINX..."
 exec nginx -g 'daemon off;error_log /proc/1/fd/1 error;'