# ============================================================
# Directory: repository/
# Filename: Dockerfile
# Description: Minimal Nginx image with security hardening.
# ============================================================

FROM nginx:alpine

# Install curl for health checks if needed
RUN apk add --no-cache curl

# Create non-root user (though we bind to 80 via cap_add, this is good practice)
RUN adduser -D -u 1000 nginxuser

# Copy custom nginx config to disable directory listing and set strict headers
COPY nginx.conf /etc/nginx/nginx.conf

# Set permissions
RUN chown -R nginxuser:nginxuser /var/cache/nginx /var/log/nginx /etc/nginx/conf.d
RUN chmod -R 755 /usr/share/nginx/html

EXPOSE 80

CMD ["nginx", "-g", "daemon off;"]