diff --git a/services/git-bridge/.dockerignore b/services/git-bridge/.dockerignore
index acfeee7413..06a66daedf 100644
--- a/services/git-bridge/.dockerignore
+++ b/services/git-bridge/.dockerignore
@@ -1,5 +1,6 @@
 *
 !start.sh
+!server-pro-start.sh
 !/conf
 !/lib
 !/src/main
diff --git a/services/git-bridge/Dockerfile b/services/git-bridge/Dockerfile
index cf96b5ddf8..738deb2d45 100644
--- a/services/git-bridge/Dockerfile
+++ b/services/git-bridge/Dockerfile
@@ -49,6 +49,7 @@ RUN chmod +x /opt/envsubst
 
 COPY conf/envsubst_template.json envsubst_template.json
 COPY start.sh start.sh
+COPY server-pro-start.sh server-pro-start.sh
 
 RUN mkdir conf
 RUN chown node:node conf
diff --git a/services/git-bridge/server-pro-start.sh b/services/git-bridge/server-pro-start.sh
new file mode 100755
index 0000000000..7a01d2f263
--- /dev/null
+++ b/services/git-bridge/server-pro-start.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# This script is meant to be run as root when the git bridge starts up in
+# Server Pro. It ensures that the data directory is created and owned by the
+# "node" user, which is the regular user git bridge runs as.
+
+ROOT_DIR="${GIT_BRIDGE_ROOT_DIR:-/tmp/wlgb}"
+mkdir -p "$ROOT_DIR"
+chown node:node "$ROOT_DIR"
+
+# Drop privileges using setpriv to avoid spawning a new process
+exec setpriv --reuid=node --regid=node --init-groups /start.sh