Update permissions

Dockerfile

@@ -19,12 +19,32 @@ RUN npm run build
 # Production stage
 FROM nginx:alpine
 
+# Create nginx cache directories and set permissions
+RUN mkdir -p /var/cache/nginx \
+    && chown -R nginx:nginx /var/cache/nginx \
+    && mkdir -p /var/log/nginx \
+    && chown -R nginx:nginx /var/log/nginx \
+    && mkdir -p /var/lib/nginx \
+    && chown -R nginx:nginx /var/lib/nginx \
+    && touch /var/run/nginx.pid \
+    && chown -R nginx:nginx /var/run/nginx.pid \
+    && chown -R nginx:nginx /etc/nginx
+
 # Copy built assets from builder stage
 COPY --from=builder /app/dist /usr/share/nginx/html
 
 # Copy nginx configuration
 COPY nginx.conf /etc/nginx/conf.d/default.conf
 
+# Update nginx configuration to run as non-root
+RUN sed -i '/user  nginx;/d' /etc/nginx/nginx.conf \
+    && sed -i 's,listen       80;,listen       7860;,' /etc/nginx/conf.d/default.conf \
+    && sed -i '/user/d' /etc/nginx/nginx.conf \
+    && chown -R nginx:nginx /usr/share/nginx/html
+
+# Switch to non-root user
+USER nginx
+
 # Expose port 7860 (default for Hugging Face Spaces)
 EXPOSE 7860
 

nginx.conf

@@ -4,6 +4,13 @@ server {
     root /usr/share/nginx/html;
     index index.html;
     
+    # Specify client body temp path
+    client_body_temp_path /tmp/nginx/client_temp;
+    proxy_temp_path       /tmp/nginx/proxy_temp;
+    fastcgi_temp_path    /tmp/nginx/fastcgi_temp;
+    uwsgi_temp_path      /tmp/nginx/uwsgi_temp;
+    scgi_temp_path       /tmp/nginx/scgi_temp;
+    
     # Enable gzip compression
     gzip on;
     gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;