Today I improved my Nim web application by running the docker container as non=root-user:

# base image
FROM nimlang/nim:1.0.4-regular

# install dependencies
RUN apt-get update && \
    apt-get install -y --no-install-recommends libpq-dev netcat-openbsd

# set working directory
WORKDIR /usr/src/app

# add user
RUN addgroup --system nim && adduser --system --group nim
RUN chown -R nim:nim /usr/src/app && chmod -R 755 /usr/src/app

# Nim environment
ENV NIM_ENV=production
ENV NIMBLE_DIR=/home/nim/.nimble
ENV PATH=$PATH:/home/nim/.nimble/bin

# copy entrypoint, make executable
COPY ./ .
RUN chmod +x

# install dependencies, bundle assets, compile
RUN nimble refresh && nimble install nimassets jester
COPY . .
RUN nimassets -d=public -o=src/views/assetsfile.nim && \
        nimble c -d:release src/urlShortener

# switch to non-root user
USER nim

CMD ["./src/urlShortener"]