[bitnami/nginx] Release 1.23.4-debian-11-r15 (#33423)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
2023-05-11 13:25:19 +01:00 · 2023-05-11 13:25:19 +01:00 · 5e3ca38b5f
parent 6de26faad0
commit 5e3ca38b5f
6 changed files with 42 additions and 18 deletions
--- a/bitnami/nginx/1.23/debian-11/Dockerfile
+++ b/bitnami/nginx/1.23/debian-11/Dockerfile
@ -3,10 +3,10 @@ FROM docker.io/bitnami/minideb:bullseye
 ARG TARGETARCH

 LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2023-05-08T19:40:52Z" \
+      org.opencontainers.image.created="2023-05-11T12:04:47Z" \
      org.opencontainers.image.description="Application packaged by VMware, Inc" \
      org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="1.23.4-debian-11-r14" \
+      org.opencontainers.image.ref.name="1.23.4-debian-11-r15" \
      org.opencontainers.image.title="nginx" \
      org.opencontainers.image.vendor="VMware, Inc." \
      org.opencontainers.image.version="1.23.4"
--- a/bitnami/nginx/1.23/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh
+++ b/bitnami/nginx/1.23/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh
@ -421,7 +421,7 @@ generate_random_string() {
    alphanumeric+special|special+alphanumeric)
        # Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters
        # Special characters are harder to write, and it could impact the overall UX if most passwords are too complex
-        filter='a-zA-Z0-9!@#$%^'
+        filter='a-zA-Z0-9:@.,/+!='
        ;;
    *)
        echo "Invalid type ${type}" >&2
--- a/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/libnginx.sh
+++ b/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/libnginx.sh
@ -629,3 +629,34 @@ nginx_custom_init_scripts() {
        info "No custom scripts in $NGINX_INITSCRIPTS_DIR"
    fi
 }
+
+########################
+# Generate sample TLS certificates without passphrase for sample HTTPS server_block
+# Globals:
+#   NGINX_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+nginx_generate_sample_certs() {
+    local certs_dir="${NGINX_CONF_DIR}/bitnami/certs"
+
+    if ! is_boolean_yes "$NGINX_SKIP_SAMPLE_CERTS" && [[ ! -f "${certs_dir}/server.crt" ]]; then
+        ensure_dir_exists "$certs_dir"
+        if is_file_writable "${certs_dir}/server.crt"; then
+            SSL_KEY_FILE="${certs_dir}/server.key"
+            SSL_CERT_FILE="${certs_dir}/server.crt"
+            SSL_CSR_FILE="${certs_dir}/server.csr"
+            SSL_SUBJ="/CN=example.com"
+            SSL_EXT="subjectAltName=DNS:example.com,DNS:www.example.com,IP:127.0.0.1"
+            rm -f "$SSL_KEY_FILE" "$SSL_CERT_FILE"
+            openssl genrsa -out "$SSL_KEY_FILE" 4096
+            openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" -addext "$SSL_EXT"
+            openssl x509 -req -sha256 -in "$SSL_CSR_FILE" -signkey "$SSL_KEY_FILE" -out "$SSL_CERT_FILE" -days 1825 -extfile <(echo -n "$SSL_EXT")
+            rm -f "$SSL_CSR_FILE"
+        else
+            warn "The certificates directories '${certs_dir}' is not writable, skipping sample HTTPS certificates generation"
+        fi
+    fi
+}
--- a/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx-env.sh
+++ b/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx-env.sh
@ -24,6 +24,7 @@ export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
 nginx_env_vars=(
    NGINX_HTTP_PORT_NUMBER
    NGINX_HTTPS_PORT_NUMBER
+    NGINX_SKIP_SAMPLE_CERTS
    NGINX_ENABLE_ABSOLUTE_REDIRECT
    NGINX_ENABLE_PORT_IN_REDIRECT
 )
@ -70,6 +71,7 @@ export NGINX_HTTP_PORT_NUMBER="${NGINX_HTTP_PORT_NUMBER:-}"
 export WEB_SERVER_HTTP_PORT_NUMBER="$NGINX_HTTP_PORT_NUMBER"
 export NGINX_HTTPS_PORT_NUMBER="${NGINX_HTTPS_PORT_NUMBER:-}"
 export WEB_SERVER_HTTPS_PORT_NUMBER="$NGINX_HTTPS_PORT_NUMBER"
+export NGINX_SKIP_SAMPLE_CERTS="${NGINX_SKIP_SAMPLE_CERTS:-false}"
 export NGINX_ENABLE_ABSOLUTE_REDIRECT="${NGINX_ENABLE_ABSOLUTE_REDIRECT:-no}"
 export NGINX_ENABLE_PORT_IN_REDIRECT="${NGINX_ENABLE_PORT_IN_REDIRECT:-no}"

--- a/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx/setup.sh
+++ b/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx/setup.sh
@ -24,20 +24,9 @@ trap "nginx_stop" EXIT
 # Ensure NGINX daemon user exists when running as 'root'
 am_i_root && ensure_user_exists "$NGINX_DAEMON_USER" --group "$NGINX_DAEMON_GROUP"

-# Regenerate SSL certs (without a passphrase)
-ensure_dir_exists "${NGINX_CONF_DIR}/bitnami/certs"
-if [[ ! -f "${NGINX_CONF_DIR}/bitnami/certs/server.crt" ]]; then
-    SSL_KEY_FILE="${NGINX_CONF_DIR}/bitnami/certs/server.key"
-    SSL_CERT_FILE="${NGINX_CONF_DIR}/bitnami/certs/server.crt"
-    SSL_CSR_FILE="${NGINX_CONF_DIR}/bitnami/certs/server.csr"
-    SSL_SUBJ="/CN=example.com"
-    SSL_EXT="subjectAltName=DNS:example.com,DNS:www.example.com,IP:127.0.0.1"
-    rm -f "$SSL_KEY_FILE" "$SSL_CERT_FILE"
-    openssl genrsa -out "$SSL_KEY_FILE" 4096
-    openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" -addext "$SSL_EXT"
-    openssl x509 -req -sha256 -in "$SSL_CSR_FILE" -signkey "$SSL_KEY_FILE" -out "$SSL_CERT_FILE" -days 1825 -extfile <(echo -n "$SSL_EXT")
-    rm -f "$SSL_CSR_FILE"
-fi
+# Configure HTTPS sample block using generated SSL certs
+nginx_generate_sample_certs
+
 # Run init scripts
 nginx_custom_init_scripts

@ -45,7 +34,7 @@ nginx_custom_init_scripts
 ! am_i_root || chmod o+w "$(readlink /dev/stdout)" "$(readlink /dev/stderr)"

 # Configure HTTPS port number
-if [[ -n "${NGINX_HTTPS_PORT_NUMBER:-}" ]] && [[ ! -f "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf" ]] && is_file_writable "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf"; then
+if [[ -f "${NGINX_CONF_DIR}/bitnami/certs/server.crt" ]] && [[ -n "${NGINX_HTTPS_PORT_NUMBER:-}" ]] && [[ ! -f "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf" ]] && is_file_writable "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf"; then
    cp "${BITNAMI_ROOT_DIR}/scripts/nginx/bitnami-templates/default-https-server-block.conf" "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf"
 fi

--- a/bitnami/nginx/README.md
+++ b/bitnami/nginx/README.md
@ -29,6 +29,8 @@ docker-compose up -d
 * All Bitnami images available in Docker Hub are signed with [Docker Content Trust (DCT)](https://docs.docker.com/engine/security/trust/content_trust/). You can use `DOCKER_CONTENT_TRUST=1` to verify the integrity of the images.
 * Bitnami container images are released on a regular basis with the latest distribution packages available.

+Looking to use NGINX Open Source in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
+
 ## How to deploy NGINX Open Source in Kubernetes?

 Deploying Bitnami applications as Helm Charts is the easiest way to get started with our applications on Kubernetes. Read more about the installation in the [Bitnami NGINX Open Source Chart GitHub repository](https://github.com/bitnami/charts/tree/master/bitnami/nginx).