From a comment of yours;

Eh…just trying to learn some new things regarding common “dockerization”-related things, and improving its security.

If the end-goal is not learning but having an as secure container as possible, then consider Wolfi; this is a good read. If you’re interested to know its current vulnerabilities, so that you can work on resolving those; then consider Trivy as it is -to my knowledge- the industry-standard for this specific use-case.

Am I understanding correctly that you are building the image by copying in key elements from the host machine’s functioning nginx installation?

This is creative but not common approach to docker.

Normally software is installed following the officially documented procedure (imagine installing using apt or a shell script via RUN). Sometimes software documentation has specific recommendations to follow for containerized installs.

It’s common to have the version defined as a variable where a change in value invalidates the docker layer cache. To me it’s unclear how caching would work with your dockerfile, for example, in the event of a upgrade. You could also see how a breaking change (such as one in the paths you are copying) could run into issues with your hardcoded approach.

In the case of software like nginx, I would use the official image, mount config/cert files instead of copying, and extend in my own dockerfile if needed.

deleted by creator