diff --git a/nginx/Dockerfile b/nginx/Dockerfile
index ac3c73c..57bd2cf 100644
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@@ -1,15 +1,19 @@
 #基于哪个镜像制作,3.14会有问题
 FROM alpine:3.13
+RUN addgroup -S nginx && adduser -S nginx -G nginx
+USER nginx
 #工作目录
-WORKDIR /root
-#复制脚本到root目录
-COPY sh/* /root/
-#复制配置文件
-COPY conf/* /root/
+WORKDIR /opt
+# 确保 nginx 用户有权限访问复制的文件
+COPY --chown=nginx:nginx sh/* /opt/
 #执行安装脚本
+# 切换到 root 用户进行安装
+USER root
 RUN sh install_nginx.sh
-#暴露站点文件夹
-VOLUME /data/xcdn
+
+# 切换回 nginx 用户
+USER nginx
+
 #健康检查
 HEALTHCHECK --interval=10s --timeout=5s \
   CMD curl -fs http://localhost/ || exit 1
diff --git a/nginx/sh/install_nginx.sh b/nginx/sh/install_nginx.sh
index f1b2410..dd3f75a 100644
--- a/nginx/sh/install_nginx.sh
+++ b/nginx/sh/install_nginx.sh
@@ -37,9 +37,9 @@ set_time(){
 
 install_before(){
 	#脚本添加执行权限
-	chmod +x /root/*.sh
-	cp /root/run.sh /usr/sbin/
-	cp /root/xc.sh /usr/sbin/
+	chmod +x /opt/*.sh
+	cp /opt/run.sh /usr/sbin/
+	cp /opt/xc.sh /usr/sbin/
 	#创建软连接
 	ln -s /usr/local/nginx/sbin/nginx /usr/sbin/nginx
 	#创建缓存文件夹
@@ -61,6 +61,8 @@ install_nginx(){
 	#环境变量与服务
 	echo "export PATH=$PATH:/usr/local/nginx/sbin" >> /etc/profile
 	export PATH=$PATH:'/usr/local/nginx/sbin'
+	# 设置权限
+	chown -R nginx:nginx /usr/local/nginx
 
 	#日志分割
 	#wget --no-check-certificate https://raw.githubusercontent.com/helloxz/nginx-cdn/master/etc/logrotate.d/nginx -P /etc/logrotate.d/
@@ -74,15 +76,15 @@ install_nginx(){
 add_crontab() {
 	echo "添加定时任务"
 	# 检测配置文件和SSL证书变化
-	echo "*/3    *       *       *       *       /root/xc.sh check_change" >> /etc/crontabs/root
+	echo "*/3    *       *       *       *       /opt/xc.sh check_change" >> /etc/crontabs/opt
 	# 日志分割
-	echo "50     23       *       *       *       /usr/sbin/logrotate -f /etc/logrotate.d/nginx" >> /etc/crontabs/root
+	echo "50     23       *       *       *       /usr/sbin/logrotate -f /etc/logrotate.d/nginx" >> /etc/crontabs/opt
 }
 
 #清理工作
 clean_work(){
 	rm -rf /var/cache/apk/*
-	rm -rf /root/.cache
+	rm -rf /opt/.cache
 	rm -rf /tmp/*
 }