mirror of
https://github.com/linuxserver/cstate.git
synced 2026-02-20 07:55:25 +08:00
Notification: Significant changes to nginx based images
This commit is contained in:
Eric Nemchik
parent
b84553e219
commit
c9977dba37
106
content/issues/2022-08-20-nginx-base.md
Normal file
106
content/issues/2022-08-20-nginx-base.md
Normal file
@ -0,0 +1,106 @@
|
||||
---
|
||||
title: 'Notification: Significant changes to nginx based images'
|
||||
date: '2022-20-05 18:00:00Z'
|
||||
informational: true
|
||||
affected:
|
||||
- 'Notifications'
|
||||
- 'bookstack'
|
||||
- 'cops'
|
||||
- 'diskover'
|
||||
- 'dokuwiki'
|
||||
- 'freshrss'
|
||||
- 'grav'
|
||||
- 'grocy'
|
||||
- 'heimdall'
|
||||
- 'librespeed'
|
||||
- 'lychee'
|
||||
- 'muximux'
|
||||
- 'nextcloud'
|
||||
- 'nginx'
|
||||
- 'photoshow'
|
||||
- 'phpmyadmin'
|
||||
- 'piwigo'
|
||||
- 'pixapop'
|
||||
- 'projectsend'
|
||||
- 'snapdrop'
|
||||
- 'snipe-it'
|
||||
- 'swag'
|
||||
- 'xbackbone'
|
||||
section: 'issue'
|
||||
---
|
||||
Most images using our alpine-nginx base image have been updated to alpine 3.15 with php8 and some significant changes to the nginx configs.
|
||||
|
||||
Changes you will likely notice:
|
||||
|
||||
- Bring our default shipped configs as close as possible to alpine upstream defaults
|
||||
- <https://git.alpinelinux.org/aports/tree/main/nginx/nginx.conf?h=3.15-stable>
|
||||
- Include `worker_processes.conf` and init script to generate it in the base
|
||||
- Include `resolver.conf` and init script to generate it in the base
|
||||
- Include `ssl.conf` in the base (the same as what is currently shipped in SWAG, but adjusted to use the self-signed certs generated by the base)
|
||||
- `include /config/nginx/site-confs/*.conf;` with `*.conf` extension (rename existing user files automatically)
|
||||
- Rework `default.conf`
|
||||
- Expect applications inside containers to exist at `/app/www/public/`, and if that does not exist, use `/config/www`
|
||||
- Include ipv6 support
|
||||
- deny access to `.htaccess`/`.htpasswd` files
|
||||
- adjust php location and `fastcgi_params` to use `PATH_INFO` and mitigate `HTTP_PROXY` vulnerability
|
||||
- Restructure nginx configs
|
||||
- Configs in `/defaults/nginx/` are recursively copied to the user's `/config/nginx/` (maintaining the structure)
|
||||
- All configs are now named `*.sample` and all include `## Version YYYY/MM/DD - Changelog: <url to repo history>` used by `/etc/cont-init.d/85-version-checks`
|
||||
- Required configs (`/config/nginx/nginx.conf`, `/config/nginx/server-confs/ssl.conf` and `/config/nginx/site-confs/default.conf`) are enabled by default. Downstream images can include and/or enable others as needed (ex: SWAG will enable `/config/nginx/location-confs/proxy.conf` and `/config/nginx/server-confs/502.conf`)
|
||||
- Folder structure is as follows (in the `/config/nginx/` context):
|
||||
- All nginx based images:
|
||||
- Includes `nginx.conf` (enabled by default)
|
||||
- Includes `resolver.conf` (enabled by default)
|
||||
- Includes `ssl.conf` (enabled by default)
|
||||
- Includes `worker_processes.conf` (enabled by default)
|
||||
- `/config/nginx/site-confs/*` included inside the `http` context in `/config/nginx/nginx.conf`
|
||||
- Includes `default.conf` (enabled by default)
|
||||
- SWAG:
|
||||
- Includes `502.conf` (enabled by default)
|
||||
- Includes `authelia-location.conf`
|
||||
- Includes `authelia-server.conf`
|
||||
- Includes `ldap-location.conf`
|
||||
- Includes `ldap-server.conf`
|
||||
- Includes `proxy.conf` (enabled by default)
|
||||
|
||||
Under the hood:
|
||||
|
||||
- Split out init scripts
|
||||
- `root/migrations/01-nginx-site-confs-default` migrate existing `default` to `default.conf`
|
||||
- `root/etc/cont-init.d/11-folders` creates all the folders needed in `/config`
|
||||
- `root/etc/cont-init.d/12-samples` removes existing `*.sample` files from `/config/nginx` and copies any included `*.sample` files from the image
|
||||
- `root/etc/cont-init.d/13-nginx` enable required configs (`nginx.conf`, `ssl.conf` and `default.conf`) if they don't exist, setup `dhparams.pem`, setup `resolver.conf`, setup `worker_processes.conf`
|
||||
- `root/etc/cont-init.d/14-php` configure php
|
||||
- `root/etc/cont-init.d/15-keygen` create self signed certificates for `ssl.conf`
|
||||
- `root/etc/cont-init.d/20-permissions` set `/config` permissions
|
||||
- `root/etc/cont-init.d/85-version-checks` check all enabled `*.conf` files against all `*.sample` files shipped with the image and alert the user about updates
|
||||
|
||||
Status of affected images:
|
||||
|
||||
| Image | Branch | PR | Notes |
|
||||
|---|---|---|---|
|
||||
| baseimage-alpine-nginx | master | <https://github.com/linuxserver/docker-baseimage-alpine-nginx/pull/84> | |
|
||||
| bookstack | master | <https://github.com/linuxserver/docker-bookstack/pull/113> | |
|
||||
| cops | master | <https://github.com/linuxserver/docker-cops/pull/34> | composer dependencies not compatible with php8 |
|
||||
| diskover | master | <https://github.com/linuxserver/docker-diskover/pull/43> | |
|
||||
| dokuwiki | master | <https://github.com/linuxserver/docker-dokuwiki/pull/43> | |
|
||||
| freshrss | master | <https://github.com/linuxserver/docker-freshrss/pull/40> | |
|
||||
| grav | main | <https://github.com/linuxserver/docker-grav/pull/9> | |
|
||||
| grocy | master | <https://github.com/linuxserver/docker-grocy/pull/52> | |
|
||||
| heimdall | main | <https://github.com/linuxserver/docker-heimdall/pull/79> | |
|
||||
| librespeed | master | <https://github.com/linuxserver/docker-librespeed/pull/15> | |
|
||||
| lychee | master | <https://github.com/linuxserver/docker-lychee/pull/51> | composer dependencies not compatible with php8 |
|
||||
| muximux | master | <https://github.com/linuxserver/docker-muximux/pull/26> | |
|
||||
| nextcloud | master | <https://github.com/linuxserver/docker-nextcloud/pull/219> | |
|
||||
| nginx | master | <https://github.com/linuxserver/docker-nginx/pull/79> | |
|
||||
| photoshow | master | <https://github.com/linuxserver/docker-photoshow/pull/28> | uses deprecated function [get_magic_quotes_gpc](https://www.php.net/manual/en/function.get-magic-quotes-gpc.php), not compatible with php8 |
|
||||
| phpmyadmin | main | <https://github.com/linuxserver/docker-phpmyadmin/pull/3> | |
|
||||
| piwigo | master | <https://github.com/linuxserver/docker-piwigo/pull/49> | |
|
||||
| pixapop | master | <https://github.com/linuxserver/docker-pixapop/pull/11> | composer dependencies not compatible with php8 |
|
||||
| projectsend | master | <https://github.com/linuxserver/docker-projectsend/pull/22> | |
|
||||
| snapdrop | master | <https://github.com/linuxserver/docker-snapdrop/pull/6> | |
|
||||
| snipe-it | master | <https://github.com/linuxserver/docker-snipe-it/pull/28> | |
|
||||
| swag | master | <https://github.com/linuxserver/docker-swag/pull/169> | |
|
||||
| xbackbone | main | <https://github.com/linuxserver/docker-xbackbone/pull/5> | |
|
||||
|
||||
Any images with notes above may not be merged. We will make efforts to update this page if any of the images with notes above are merged at a later date. We may also make individual announcements about status updates regarding these images.
|
||||
Loading…
x
Reference in New Issue
Block a user