nginx: Fix configuration

Bind-mount subdirectories of `/etc/nginx` individually so the non-configuration files (e.g. MIME type database) distributed with the container image are available. Fix permissions of `/var/cache/nginx` and put PID file there.
2024-01-06 19:50:42 -06:00 · 2024-01-06 19:50:42 -06:00 · 78f9284f33
parent 910c7c56c9
commit 78f9284f33
2 changed files with 7 additions and 5 deletions
--- a/nginx.conf
+++ b/nginx.conf
@ -1,7 +1,7 @@
 worker_processes  auto;

 error_log  /var/log/nginx/error.log notice;
-pid        /var/run/nginx.pid;
+pid        /var/cache/nginx/nginx.pid;


 events {
--- a/nginx.container
+++ b/nginx.container
@ -7,10 +7,12 @@ After=network.target
 Image=docker.io/library/nginx:1.25
 User=101
 Group=101
-Volume=%E/nginx:/etc/nginx:ro
-Volume=%E/pki/nginx:/etc/pki/nginx:ro
-Tmpfs=/var/cache/nginx
-Tmpfs=/var/run/nginx
+Volume=%E/nginx/nginx.conf:/etc/nginx/nginx.conf:ro,z
+Volume=%E/nginx/conf.d:/etc/nginx/conf.d:ro,z
+Volume=%E/nginx/default.d:/etc/nginx/default.d:ro,z
+Volume=%E/pki/nginx:/etc/pki/nginx:ro,z
+Mount=type=tmpfs,dst=/var/cache/nginx,chown=true
+VolatileTmp=yes
 ReadOnly=true
 AddCapability=CAP_NET_BIND_SERVICE
 Network=host