[ACA-2229] docker security fixes (Alfresco#980)

* docker permission fixes

* remove index.html edit permissions

Dockerfile

@@ -19,7 +19,7 @@ ARG GROUPID=1000
 ARG USERNAME=aca
 ARG USERID=33009
 
-COPY nginx.conf /etc/nginx/nginx.conf
+COPY ./docker/nginx.conf /etc/nginx/nginx.conf
 COPY ./docker/entrypoint.sh /
 
 WORKDIR /usr/share/nginx/html
@@ -28,6 +28,7 @@ COPY --from=builder /usr/src/alfresco/licenses ./licenses
 
 RUN addgroup -g ${GROUPID} ${GROUPNAME} && \
   adduser -S -u ${USERID} -G ${GROUPNAME} -s "/bin/bash" ${USERNAME} && \
+  chown -R ${USERNAME}:${GROUPNAME} ./app.config.json && \
   chown -R ${USERNAME}:${GROUPNAME} /var/cache/nginx && \
   touch /var/run/nginx.pid && \
   chown -R ${USERNAME}:${GROUPNAME} /var/run/nginx.pid && \

docker/entrypoint.sh

@@ -52,10 +52,6 @@ if [[ $ACSURL ]]; then
   sed -i s%{protocol}//{hostname}{:port}%"$ACSURL"%g /usr/share/nginx/html/app.config.json
 fi
 
-if [[ $BASEPATH ]]; then
-  sed -i s%href=\"/\"%href=\""$BASEPATH"\"%g /usr/share/nginx/html/index.html
-fi
-
 if [ -n "${APP_BASE_SHARE_URL}" ];then
   sed -e "s/\"baseShareUrl\": \".*\"/\"baseShareUrl\": \"${APP_BASE_SHARE_URL}\"/g" \
     -i ./app.config.json

nginx.conf → docker/nginx.conf

@@ -18,8 +18,6 @@ http {
     gzip_proxied expired no-cache no-store private auth;
     gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
 
-    access_log off;
-
     location / {
       try_files $uri $uri/ /index.html;
     }