From 0dbd4c12488bd365a86e4726b2ae689b2da86a7c Mon Sep 17 00:00:00 2001
From: Egor Tensin <Egor.Tensin@gmail.com>
Date: Sat, 3 Dec 2022 09:50:12 +0100
Subject: frontend: fix /mnt/cgitize being inaccessible to nginx

I've had problems with doing "FROM nginx" instead of "FROM alpine" in
the past, but hopefully fixing a version is enough to prevent them.
---
 docker/entrypoint.sh                          |  5 +++++
 docker/frontend/Dockerfile                    |  4 ++--
 docker/frontend/etc/nginx/conf.d/default.conf | 20 ++++++++++++++++++++
 docker/frontend/etc/nginx/http.d/default.conf | 20 --------------------
 4 files changed, 27 insertions(+), 22 deletions(-)
 create mode 100644 docker/frontend/etc/nginx/conf.d/default.conf
 delete mode 100644 docker/frontend/etc/nginx/http.d/default.conf

diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index 61ecd1e..4ca1304 100755
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -14,6 +14,11 @@ secure_repo_dir() {
     local dir
     dir="$( /get_output_dir.py -- "$cfg_path" )"
     chmod -- o-rwx "$dir"
+
+    # This is required so that nginx can access the directory.
+    # nginx uses a fixed UID:
+    # https://github.com/nginxinc/docker-nginx/blob/4785a604aa40e0b0a69047a61e28781a2b0c2069/mainline/alpine-slim/Dockerfile#L16
+    chown -- :101 "$dir"
 }
 
 schedule_to_cron() {
diff --git a/docker/frontend/Dockerfile b/docker/frontend/Dockerfile
index 38e5382..7254115 100644
--- a/docker/frontend/Dockerfile
+++ b/docker/frontend/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.17 AS base
+FROM nginx:1.23-alpine AS base
 
 FROM base AS builder
 
@@ -22,7 +22,7 @@ RUN apk add --no-cache py3-pip && \
 
 FROM base
 
-RUN apk add --no-cache cgit dash fcgiwrap nginx python3 spawn-fcgi tini && \
+RUN apk add --no-cache cgit dash fcgiwrap python3 spawn-fcgi tini && \
     # Replace the theme with the one I like better:
     grep -q -F -- "style='pastie'" /usr/lib/cgit/filters/syntax-highlighting.py && \
     sed -i -e "s/style='pastie'/style='vs'/" -- /usr/lib/cgit/filters/syntax-highlighting.py
diff --git a/docker/frontend/etc/nginx/conf.d/default.conf b/docker/frontend/etc/nginx/conf.d/default.conf
new file mode 100644
index 0000000..dc27e85
--- /dev/null
+++ b/docker/frontend/etc/nginx/conf.d/default.conf
@@ -0,0 +1,20 @@
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    server_name _;
+
+    location / {
+        include fastcgi_params;
+        fastcgi_pass unix:/run/fcgiwrap.sock;
+
+        fastcgi_param SCRIPT_FILENAME /usr/share/webapps/cgit/cgit.cgi;
+
+        # This looks stupid. Can I substitute any variable for $fastcgi_path_info?
+        fastcgi_split_path_info ^(/?)(.+)$;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+    }
+
+    location /cgit/ {
+        alias /usr/share/webapps/cgit/;
+    }
+}
diff --git a/docker/frontend/etc/nginx/http.d/default.conf b/docker/frontend/etc/nginx/http.d/default.conf
deleted file mode 100644
index dc27e85..0000000
--- a/docker/frontend/etc/nginx/http.d/default.conf
+++ /dev/null
@@ -1,20 +0,0 @@
-server {
-    listen 80 default_server;
-    listen [::]:80 default_server;
-    server_name _;
-
-    location / {
-        include fastcgi_params;
-        fastcgi_pass unix:/run/fcgiwrap.sock;
-
-        fastcgi_param SCRIPT_FILENAME /usr/share/webapps/cgit/cgit.cgi;
-
-        # This looks stupid. Can I substitute any variable for $fastcgi_path_info?
-        fastcgi_split_path_info ^(/?)(.+)$;
-        fastcgi_param PATH_INFO $fastcgi_path_info;
-    }
-
-    location /cgit/ {
-        alias /usr/share/webapps/cgit/;
-    }
-}
-- 
cgit v1.2.3