Update Dockerfile

Dockerfile

@@ -7,12 +7,18 @@ RUN ./gradlew --info --no-daemon build
 # -- run
 FROM alpine:3.10
 
+# Settings for creating a user
+ARG UID=1000
+ARG GID=1000
+ARG USER=nexusproxy
+
 # Install java runtime
 RUN apk add --no-cache --update openjdk8-jre && \
     rm -rf /tmp/* /var/cache/apk/*
 
+ENV HOME /home/nexusproxy
 ENV JAVA_HOME=/usr/lib/jvm/default-jvm/jre
-ENV JAVA_TOOL_OPTIONS ""
+ENV JAVA_TOOL_OPTIONS "-Dvertx.cacheDirBase=/home/nexusproxy"
 ENV ALLOWED_USER_AGENTS_ON_ROOT_REGEX "GoogleHC"
 ENV AUTH_CACHE_TTL "300"
 ENV BIND_PORT "8080"
@@ -37,9 +43,18 @@ ENV UPSTREAM_HTTP_PORT "8081"
 
 COPY --from=builder /src/build/libs/nexus-proxy-2.3.0.jar /nexus-proxy.jar
 
+# These settings enable the container to run as nonroot and also be compatible with OpenShift restricted SCC.
+RUN addgroup -S -g ${GID} ${USER} && \
+    adduser -S -D -u ${UID} -G ${USER} ${USER} && \
+    chown ${USER}:0 /nexus-proxy.jar ${HOME} && \
+    chmod g=u /nexus-proxy.jar ${HOME}
+
 EXPOSE 8080
 EXPOSE 8443
 
+# Important to specify nonroot user by uid to ensure compatibility with K8s PSPs and OpenShift SCCs
+USER ${UID}
+
 CMD ["-jar", "/nexus-proxy.jar"]
 
 ENTRYPOINT ["java"]