FROM ghcr.io/nginxinc/nginx-unprivileged:mainline-alpine

LABEL maintainer="Lukas Raub titanz@pm.me"

USER root

RUN apk -U upgrade \
    && apk add ca-certificates libstdc++ \
    && update-ca-certificates \
    && rm -rf /var/cache/apk/*

COPY --from=git.conorz.at/titanz-containers/hardened_malloc:latest /install /usr/local/lib/
ENV LD_PRELOAD="/usr/local/lib/libhardened_malloc.so"

USER $UID