diff --git a/layer/router-base/nginx.conf b/layer/router-base/nginx.conf
index 3efd0de..dde6fbe 100644
--- a/layer/router-base/nginx.conf
+++ b/layer/router-base/nginx.conf
@@ -6,11 +6,18 @@ events {
 
 error_log syslog:server=unix:/dev/log,nohostname,facility=daemon,severity=error,tag=nginx;
 
+working_directory /var/nginx;
+
 http {
     include mime.types;
     default_type application/octet-stream;
     sendfile on;
     keepalive_timeout 65;
+    client_body_temp_path /var/nginx/client_body_temp;
+    fastcgi_temp_path /var/nginx/fastcgi_temp;
+    proxy_temp_path /var/nginx/proxy_temp;
+    scgi_temp_path /var/nginx/scgi_temp;
+    uwsgi_temp_path /var/nginx/uwsgi_temp;
 
     server {
         listen 80;
diff --git a/pkg/init/share/init/tmpfsvar b/pkg/init/share/init/tmpfsvar
index e172379..3ddd98d 100644
--- a/pkg/init/share/init/tmpfsvar
+++ b/pkg/init/share/init/tmpfsvar
@@ -8,6 +8,7 @@ exec {
 	mkdir /var/spool -m 0755
 	mkdir /var/lib -m 0755
 	mkdir /var/tmp -m 0755
+	mkdir /var/nginx -m 0755
 	touch /var/log/lastlog
 	touch /var/log/faillog
 	touch /var/log/sulog
diff --git a/pkg/nginx/build b/pkg/nginx/build
index 0d95927..62e43f1 100755
--- a/pkg/nginx/build
+++ b/pkg/nginx/build
@@ -19,7 +19,7 @@ build() {
 		    --http-log-path=/dev/null \
 		    --pid-path=/run/nginx.pid \
 		    --lock-path=/run/nginx.lock \
-		    --user=nobody --group=nogroup \
+		    --user=nginx --group=nginx \
 		    --crossbuild=${TARGET} \
 		    --with-cc=${TCDIR}/bin/${TARGET}-gcc \
 		    --with-cpp=${TCDIR}/bin/${TARGET}-cpp \
diff --git a/pkg/rootfs/etc/group b/pkg/rootfs/etc/group
index d3d564d..2e6a6c9 100644
--- a/pkg/rootfs/etc/group
+++ b/pkg/rootfs/etc/group
@@ -4,4 +4,5 @@ sshd:x:50:
 dnsmasq:x:51:
 unbound:x:52:
 syslogd:x:53:
+nginx:x:54:
 nogroup:x:99:
diff --git a/pkg/rootfs/etc/passwd b/pkg/rootfs/etc/passwd
index dded2c7..768f701 100644
--- a/pkg/rootfs/etc/passwd
+++ b/pkg/rootfs/etc/passwd
@@ -3,4 +3,5 @@ sshd:x:50:50:sshd PrivSep:/var/lib/sshd:/bin/false
 dnsmasq:x:51:51:dnsmasq user:/dev/null:/bin/false
 unbound:x:52:52:unbound user:/dev/null:/bin/false
 syslogd:x:53:53:syslog user:/dev/null:/bin/false
+nginx:x:54:54:syslog user:/dev/null:/bin/false
 nobody:x:99:99:Unprivileged User:/dev/null:/bin/false