diff --git a/bitnami/nginx/1.22/debian-11/Dockerfile b/bitnami/nginx/1.22/debian-11/Dockerfile index c3b640342956..4392bcbf3cf5 100644 --- a/bitnami/nginx/1.22/debian-11/Dockerfile +++ b/bitnami/nginx/1.22/debian-11/Dockerfile @@ -3,10 +3,10 @@ FROM docker.io/bitnami/minideb:bullseye ARG TARGETARCH LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \ - org.opencontainers.image.created="2023-04-16T21:36:18Z" \ + org.opencontainers.image.created="2023-04-17T15:37:44Z" \ org.opencontainers.image.description="Application packaged by VMware, Inc" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.22.1-debian-11-r60" \ + org.opencontainers.image.ref.name="1.22.1-debian-11-r61" \ org.opencontainers.image.title="nginx" \ org.opencontainers.image.vendor="VMware, Inc." \ org.opencontainers.image.version="1.22.1" @@ -23,7 +23,7 @@ RUN install_packages ca-certificates curl libcrypt1 libgeoip1 libpcre3 libssl1.1 RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \ COMPONENTS=( \ "render-template-1.0.5-4-linux-${OS_ARCH}-debian-11" \ - "nginx-1.22.1-8-linux-${OS_ARCH}-debian-11" \ + "nginx-1.22.1-9-linux-${OS_ARCH}-debian-11" \ "gosu-1.16.0-5-linux-${OS_ARCH}-debian-11" \ ) && \ for COMPONENT in "${COMPONENTS[@]}"; do \ diff --git a/bitnami/nginx/1.22/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/nginx/1.22/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json index 919d7860d1b4..ad4017e01c71 100644 --- a/bitnami/nginx/1.22/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/nginx/1.22/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json @@ -9,7 +9,7 @@ "arch": "amd64", "distro": "debian-11", "type": "NAMI", - "version": "1.22.1-8" + "version": "1.22.1-9" }, "render-template": { "arch": "amd64", diff --git a/bitnami/nginx/1.22/debian-11/rootfs/opt/bitnami/nginx/conf/bitnami/certs/server.crt b/bitnami/nginx/1.22/debian-11/rootfs/opt/bitnami/nginx/conf/bitnami/certs/server.crt deleted file mode 100644 index 466bbeab9ff4..000000000000 --- a/bitnami/nginx/1.22/debian-11/rootfs/opt/bitnami/nginx/conf/bitnami/certs/server.crt +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICqDCCAZACCQCz8T3726LYsjANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQDDAtl -eGFtcGxlLmNvbTAeFw0xMjExMTQxMTE4MjdaFw0yMjExMTIxMTE4MjdaMBYxFDAS -BgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEA5NHl5TfZtO6zugau2tp5mWIcQYJhuwKTmYeXDLYAGJpoD2SixwPL5c8glneI -Rz1N2EQIZVeaWGbS0FLFlPdOkCkplpW9isYVC4XqKrk5b4HW4+YC+Cup0k+Kd4NM -eZOTUvWr5N6dIpdibkVumBc/pao8VtdwywlCL/PwGRsQtkXrRICzdtRa3MXqTmEF -foyVCGgBRtronlB9x4Plfb8Psk4GrPkjrWYgO8peKrl0O5+F+sYg7Gj95zCH73BQ -ANzCVNrgD9fs9cyx3ru9CUdEoIxAAJwQFkjm7xr6xqhIlSgnQ7B0uOSTNRcXY6rw -s+PxGneec/kRPRgzjC/QHY6n8QIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQBbyMqF -RDsX8zX1EW5qA8AQ8Jb2XqWrVeSO8blMV3WagJ2airMm3+c/82FCwsd/cZ08UXhA -/Kou0gi/F16tV26PiiUdp590Qao3d8H2qxc1rzzULimZPgxH4iA4vRyMHtyZN6h4 -7Fdn7O9xNMPu8siOz8rrzsEdEX5URbOMkDLCZsbTIUWVv2XmqrR0K10d5VuLWeLi -r+4G6c6jpa244WmqT9ClqceJ12G1Wnmezy7ybiW0l5M2iuIKFEiRP5Hj0J15o1I2 -pXAbKysAdWRHsJSQOtcgO8Vh9k0wo3tKg4HDp1hbrEzoGzOv92Vjg3lG8X+hzbMJ -MQURotHkD4Gk57wL ------END CERTIFICATE----- diff --git a/bitnami/nginx/1.22/debian-11/rootfs/opt/bitnami/nginx/conf/bitnami/certs/server.key b/bitnami/nginx/1.22/debian-11/rootfs/opt/bitnami/nginx/conf/bitnami/certs/server.key deleted file mode 100644 index 1904ca7090ae..000000000000 --- a/bitnami/nginx/1.22/debian-11/rootfs/opt/bitnami/nginx/conf/bitnami/certs/server.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA5NHl5TfZtO6zugau2tp5mWIcQYJhuwKTmYeXDLYAGJpoD2Si -xwPL5c8glneIRz1N2EQIZVeaWGbS0FLFlPdOkCkplpW9isYVC4XqKrk5b4HW4+YC -+Cup0k+Kd4NMeZOTUvWr5N6dIpdibkVumBc/pao8VtdwywlCL/PwGRsQtkXrRICz -dtRa3MXqTmEFfoyVCGgBRtronlB9x4Plfb8Psk4GrPkjrWYgO8peKrl0O5+F+sYg -7Gj95zCH73BQANzCVNrgD9fs9cyx3ru9CUdEoIxAAJwQFkjm7xr6xqhIlSgnQ7B0 -uOSTNRcXY6rws+PxGneec/kRPRgzjC/QHY6n8QIDAQABAoIBACo3G131tuGtpFTu -xLW11vdYZXQklNlGuWp63IBI162yVv54B5wF9Ek6tH1uIiNaiREcRBxGVEB4/+3V -R4SbN9Ba98RDbgu7TcipdTFaqOEMqFO1bNjSXWtip14zSBmqA2Ur1AHOnFj0awGD -J8tBhsmOpcEz0Ch1VdO5ApPvLV8jH9wQiMI/Q6yYQMtmzTMCUMYdMqe+LOziIOzL -oqN/WXnKL5E5TiO1bIxSpWPbT+IVn1c3/PShmvmRrLWsFUQlkwXJKMYZPO+rCCfe -b+Q9lMLMnj+vOnM3z16WC3aiiJGCZjVTvQ+x22YrBTRPxZmHO2eZ4H/cUQM7Y/tw -I7RjEM0CgYEA9Kxt1t8bWonzBii3P0rwyx0IECvg63k+pp4BpxpeWQKL7NVdSzk3 -AyJVcNjUoZgi2kVPdxzZGLrnZfuZ691xQB3oZF0LwBzQ4GFHkTRCB0s8ZA5lcJaI -9pBu91bhz2VOZSTeQWpdMMURjXVyTXZInU1mwzmjVOIAYmO33shH9gcCgYEA72mX -UoIrFPLkOTSZOb7UbjYH01vf6ThQiYCEWg7mD3CbY7n9oobIcQMzNnt7xN4wOl/V -eKfZ7G56q8enfqm45Dyo9aCBCENVzmwO8wLe5UnvJBNL20KjvtwG8w5A6UZQzC7p -3QS+U2zxVQNEeaE6a8Wrq2d1PlhVAHYw8odgNEcCgYBN38+58xrmrz99d1oTuAt5 -6kyVsRGOgPGS4HmQMRFUbT4R7DscZSKASd4945WRtTVqmWLYe4MRnvNlfzYXX0zb -ZmmAAClsRP+qWuwHaEWXwrd+9SIOOqtvJrta1/lZJFpWUOy4j10H18Flb7sosnwc -LPWHL4Iv0xriNfDg5Iga4wKBgQDLJBU59SkJBW+Q+oho7vrg6QeK15IOGbJ8eYfT -woCC6VFwNQh5N1QsUELMH8rNKJpTba18SzAl5ThBOY9tciVnw/C5Og9CK6BLHnUw -zWbDtxAq1BSxXsIB2EAtTBLX3MoB9myJFNVJhE7hi3w2mA8yEu+u6IIa/Ghjk+XE -ZAnFUQKBgQDjMinRZrK5wA09jcetI+dNiLnKHoQG6OaXDDsNCatex0O2F36BvVXE -P78qDz/i5aBMWsLx6VDvWJAkBIpZoNS5UsOn17tFaocGUSkcm48bs8Dn6VvsE8Bd -XMPAHyKuILlKYifBvNq5T22KhqKX7yGmk/AeOOiKr2KeMnh27JYrCA== ------END RSA PRIVATE KEY----- diff --git a/bitnami/nginx/1.22/debian-11/rootfs/opt/bitnami/scripts/nginx/postunpack.sh b/bitnami/nginx/1.22/debian-11/rootfs/opt/bitnami/scripts/nginx/postunpack.sh index c1862dbbea1b..58259b072314 100755 --- a/bitnami/nginx/1.22/debian-11/rootfs/opt/bitnami/scripts/nginx/postunpack.sh +++ b/bitnami/nginx/1.22/debian-11/rootfs/opt/bitnami/scripts/nginx/postunpack.sh @@ -36,7 +36,7 @@ nginx_patch_httpoxy_vulnerability() { rm -rf "${BITNAMI_ROOT_DIR}/certs" "${BITNAMI_ROOT_DIR}/server_blocks" # Ensure non-root user has write permissions on a set of directories -for dir in "$NGINX_VOLUME_DIR" "$NGINX_CONF_DIR" "$NGINX_INITSCRIPTS_DIR" "$NGINX_SERVER_BLOCKS_DIR" "${NGINX_CONF_DIR}/bitnami" "$NGINX_LOGS_DIR" "$NGINX_TMP_DIR"; do +for dir in "$NGINX_VOLUME_DIR" "$NGINX_CONF_DIR" "$NGINX_INITSCRIPTS_DIR" "$NGINX_SERVER_BLOCKS_DIR" "${NGINX_CONF_DIR}/bitnami" "${NGINX_CONF_DIR}/bitnami/certs" "$NGINX_LOGS_DIR" "$NGINX_TMP_DIR"; do ensure_dir_exists "$dir" chmod -R g+rwX "$dir" done diff --git a/bitnami/nginx/1.22/debian-11/rootfs/opt/bitnami/scripts/nginx/setup.sh b/bitnami/nginx/1.22/debian-11/rootfs/opt/bitnami/scripts/nginx/setup.sh index 8acc6a5cd422..6618c4ceb867 100755 --- a/bitnami/nginx/1.22/debian-11/rootfs/opt/bitnami/scripts/nginx/setup.sh +++ b/bitnami/nginx/1.22/debian-11/rootfs/opt/bitnami/scripts/nginx/setup.sh @@ -24,6 +24,20 @@ trap "nginx_stop" EXIT # Ensure NGINX daemon user exists when running as 'root' am_i_root && ensure_user_exists "$NGINX_DAEMON_USER" --group "$NGINX_DAEMON_GROUP" +# Regenerate SSL certs (without a passphrase) +ensure_dir_exists "${NGINX_CONF_DIR}/bitnami/certs" +if [[ ! -f "${NGINX_CONF_DIR}/bitnami/certs/server.crt" ]]; then + SSL_KEY_FILE="${NGINX_CONF_DIR}/bitnami/certs/server.key" + SSL_CERT_FILE="${NGINX_CONF_DIR}/bitnami/certs/server.crt" + SSL_CSR_FILE="${NGINX_CONF_DIR}/bitnami/certs/server.csr" + SSL_SUBJ="/CN=example.com" + SSL_EXT="subjectAltName=DNS:example.com,DNS:www.example.com,IP:127.0.0.1" + rm -f "$SSL_KEY_FILE" "$SSL_CERT_FILE" + openssl genrsa -out "$SSL_KEY_FILE" 4096 + openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" -addext "$SSL_EXT" + openssl x509 -req -sha256 -in "$SSL_CSR_FILE" -signkey "$SSL_KEY_FILE" -out "$SSL_CERT_FILE" -days 1825 -extfile <(echo -n "$SSL_EXT") + rm -f "$SSL_CSR_FILE" +fi # Run init scripts nginx_custom_init_scripts