Based on the Dockerfile:
FROM ubuntu:latest
USER root
RUN apt-get update -y
RUN apt install nginx -y
ENV ENVIRONMENT=testing
USER root
CMD [“nginx -d”]
we need to fix two instructions in order to follow security best practices. For sure, it would be ubuntu:latest, but the second one, I’m doubting should we leave first occurance of ‘USER root’ to install packages and update the second occurance of ‘USER root’ update it to other username?
For I know you should change the second iteration of USER, so the container doesn’t run with the root account. You should also create an user for that if the image by default doesn’t have one in the file.
maybe also you could try with alpine:latest, but I’m not sure in which context you are.
Best Regards
CMD ["nginx -d"]
. is invalid (it would be CMD [ "nginx", "-d" ]
, assuming that -d
were a valid argument, which it is not. Where is this example from? Only thing I can think of off hand is that an Ubunutu image has a lot of extra software installed on it for running an nginx process, which is not a best practice.