From 6e08960e34d269e5e1466689b4d423a4b608369b Mon Sep 17 00:00:00 2001
From: Konstantin Pavlov <thresh@videolan.org>
Date: Tue, 4 Jun 2019 17:26:33 +0300
Subject: [PATCH 1/2] nginx: Documented UID changes and how to run as an
 arbitrary user

---
 nginx/content.md | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/nginx/content.md b/nginx/content.md
index 88afe300a..b4abfa25e 100644
--- a/nginx/content.md
+++ b/nginx/content.md
@@ -118,6 +118,41 @@ web:
   command: [nginx-debug, '-g', 'daemon off;']
 ```
 
+## User and group id
+
+Since 1.17.0, both alpine- and debian-based images variants use the same user and group ids to drop the privileges for worker processes:
+
+```
+uid=101(nginx) gid=101(nginx) groups=101(nginx)
+```
+
+## Running %%IMAGE%% as a non-root user
+
+It is possible to run the image as a less privileged arbitrary UID/GID.  This, however, requires modification of %%IMAGE%% configuration to use directories writeable by that specific UID/GID pair:
+
+```console
+$ docker run -d -v $PWD/nginx.conf:/etc/nginx/nginx.conf %%IMAGE%%
+```
+
+where nginx.conf in the current directory should have the following directives re-defined:
+
+```
+pid        /tmp/nginx.pid;
+```
+
+And in the http context:
+
+```
+http {
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
+...
+}
+```
+
 ## Monitoring nginx with Amplify
 
 [Amplify](https://amplify.nginx.com/signup/) is a free monitoring tool that can be used to monitor microservice architectures based on nginx. Amplify is developed and maintained by the company behind the nginx software.

From 027ddb7deb7c0f4f2634cf3f4c9d444c09ef49d0 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Tue, 4 Jun 2019 14:26:24 -0700
Subject: [PATCH 2/2] Adjust formatting

---
 nginx/content.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/nginx/content.md b/nginx/content.md
index b4abfa25e..8d8a26003 100644
--- a/nginx/content.md
+++ b/nginx/content.md
@@ -122,13 +122,14 @@ web:
 
 Since 1.17.0, both alpine- and debian-based images variants use the same user and group ids to drop the privileges for worker processes:
 
-```
+```console
+$ id
 uid=101(nginx) gid=101(nginx) groups=101(nginx)
 ```
 
 ## Running %%IMAGE%% as a non-root user
 
-It is possible to run the image as a less privileged arbitrary UID/GID.  This, however, requires modification of %%IMAGE%% configuration to use directories writeable by that specific UID/GID pair:
+It is possible to run the image as a less privileged arbitrary UID/GID. This, however, requires modification of %%IMAGE%% configuration to use directories writeable by that specific UID/GID pair:
 
 ```console
 $ docker run -d -v $PWD/nginx.conf:/etc/nginx/nginx.conf %%IMAGE%%
@@ -136,13 +137,13 @@ $ docker run -d -v $PWD/nginx.conf:/etc/nginx/nginx.conf %%IMAGE%%
 
 where nginx.conf in the current directory should have the following directives re-defined:
 
-```
+```nginx
 pid        /tmp/nginx.pid;
 ```
 
 And in the http context:
 
-```
+```nginx
 http {
     client_body_temp_path /tmp/client_temp;
     proxy_temp_path       /tmp/proxy_temp_path;