From bf45655f4b12dfc8e2bf56280dd258346d63058f Mon Sep 17 00:00:00 2001
From: Kumaran Rajendhiran <kumaran@airt.ai>
Date: Tue, 12 Nov 2024 00:01:38 +0530
Subject: [PATCH] Fix nginx config issue (#31)

* Use root user in docker and fix nginx config

* Use non root user
---
 {{cookiecutter.project_slug}}/docker/Dockerfile       | 11 +++++++++--
 .../docker/content/nginx.conf.template                |  1 -
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/{{cookiecutter.project_slug}}/docker/Dockerfile b/{{cookiecutter.project_slug}}/docker/Dockerfile
index 07f3b7a..206e255 100644
--- a/{{cookiecutter.project_slug}}/docker/Dockerfile
+++ b/{{cookiecutter.project_slug}}/docker/Dockerfile
@@ -20,11 +20,18 @@ RUN pip install --upgrade pip && pip install --no-cache-dir -e "."
 RUN adduser --disabled-password --gecos '' appuser \
     && chown -R appuser /app \
     && chown -R appuser:appuser /etc/nginx/conf.d /var/log/nginx /var/lib/nginx \
-    && touch /run/nginx.pid && chown -R appuser:appuser /run/nginx.pid
+    && touch /run/nginx.pid && chown -R appuser:appuser /run/nginx.pid \
+    # Allow binding to ports > 1024 without root
+    && sed -i 's/listen 80/listen 9999/g' /etc/nginx/sites-available/default \
+    && sed -i 's/listen \[::\]:80/listen \[::\]:9999/g' /etc/nginx/sites-available/default \
+    # Create required directories with correct permissions
+    && mkdir -p /var/cache/nginx /var/run \
+    && chown -R appuser:appuser /var/cache/nginx /var/run
 
 USER appuser
 
-EXPOSE 8000 8008 8888
+# ToDo: Fix exposing ports
+# EXPOSE 8000 8008 8888
 
 CMD ["/app/run_fastagency.sh"]
 
diff --git a/{{cookiecutter.project_slug}}/docker/content/nginx.conf.template b/{{cookiecutter.project_slug}}/docker/content/nginx.conf.template
index 7279f13..c55a5bc 100644
--- a/{{cookiecutter.project_slug}}/docker/content/nginx.conf.template
+++ b/{{cookiecutter.project_slug}}/docker/content/nginx.conf.template
@@ -19,7 +19,6 @@ server {
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
         proxy_redirect off;
         proxy_buffering off;