From 5e3ca38b5ff62eeeecd8ba35a273c7431ecd2bef Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Thu, 11 May 2023 13:25:19 +0100 Subject: [PATCH] [bitnami/nginx] Release 1.23.4-debian-11-r15 (#33423) Signed-off-by: Bitnami Containers --- bitnami/nginx/1.23/debian-11/Dockerfile | 4 +-- .../prebuildfs/opt/bitnami/scripts/libos.sh | 2 +- .../rootfs/opt/bitnami/scripts/libnginx.sh | 31 +++++++++++++++++++ .../rootfs/opt/bitnami/scripts/nginx-env.sh | 2 ++ .../rootfs/opt/bitnami/scripts/nginx/setup.sh | 19 +++--------- bitnami/nginx/README.md | 2 ++ 6 files changed, 42 insertions(+), 18 deletions(-) diff --git a/bitnami/nginx/1.23/debian-11/Dockerfile b/bitnami/nginx/1.23/debian-11/Dockerfile index 66ce39f94924..c440463fb213 100644 --- a/bitnami/nginx/1.23/debian-11/Dockerfile +++ b/bitnami/nginx/1.23/debian-11/Dockerfile @@ -3,10 +3,10 @@ FROM docker.io/bitnami/minideb:bullseye ARG TARGETARCH LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \ - org.opencontainers.image.created="2023-05-08T19:40:52Z" \ + org.opencontainers.image.created="2023-05-11T12:04:47Z" \ org.opencontainers.image.description="Application packaged by VMware, Inc" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="1.23.4-debian-11-r14" \ + org.opencontainers.image.ref.name="1.23.4-debian-11-r15" \ org.opencontainers.image.title="nginx" \ org.opencontainers.image.vendor="VMware, Inc." \ org.opencontainers.image.version="1.23.4" diff --git a/bitnami/nginx/1.23/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/nginx/1.23/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh index 02c989d693ae..6d9ca8546eef 100644 --- a/bitnami/nginx/1.23/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh +++ b/bitnami/nginx/1.23/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh @@ -421,7 +421,7 @@ generate_random_string() { alphanumeric+special|special+alphanumeric) # Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters # Special characters are harder to write, and it could impact the overall UX if most passwords are too complex - filter='a-zA-Z0-9!@#$%^' + filter='a-zA-Z0-9:@.,/+!=' ;; *) echo "Invalid type ${type}" >&2 diff --git a/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/libnginx.sh b/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/libnginx.sh index b622b2444474..d6c0c60f2cfb 100644 --- a/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/libnginx.sh +++ b/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/libnginx.sh @@ -629,3 +629,34 @@ nginx_custom_init_scripts() { info "No custom scripts in $NGINX_INITSCRIPTS_DIR" fi } + +######################## +# Generate sample TLS certificates without passphrase for sample HTTPS server_block +# Globals: +# NGINX_* +# Arguments: +# None +# Returns: +# None +######################### +nginx_generate_sample_certs() { + local certs_dir="${NGINX_CONF_DIR}/bitnami/certs" + + if ! is_boolean_yes "$NGINX_SKIP_SAMPLE_CERTS" && [[ ! -f "${certs_dir}/server.crt" ]]; then + ensure_dir_exists "$certs_dir" + if is_file_writable "${certs_dir}/server.crt"; then + SSL_KEY_FILE="${certs_dir}/server.key" + SSL_CERT_FILE="${certs_dir}/server.crt" + SSL_CSR_FILE="${certs_dir}/server.csr" + SSL_SUBJ="/CN=example.com" + SSL_EXT="subjectAltName=DNS:example.com,DNS:www.example.com,IP:127.0.0.1" + rm -f "$SSL_KEY_FILE" "$SSL_CERT_FILE" + openssl genrsa -out "$SSL_KEY_FILE" 4096 + openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" -addext "$SSL_EXT" + openssl x509 -req -sha256 -in "$SSL_CSR_FILE" -signkey "$SSL_KEY_FILE" -out "$SSL_CERT_FILE" -days 1825 -extfile <(echo -n "$SSL_EXT") + rm -f "$SSL_CSR_FILE" + else + warn "The certificates directories '${certs_dir}' is not writable, skipping sample HTTPS certificates generation" + fi + fi +} diff --git a/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx-env.sh b/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx-env.sh index 2abd9daf2453..dd1e5f738f51 100644 --- a/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx-env.sh +++ b/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx-env.sh @@ -24,6 +24,7 @@ export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" nginx_env_vars=( NGINX_HTTP_PORT_NUMBER NGINX_HTTPS_PORT_NUMBER + NGINX_SKIP_SAMPLE_CERTS NGINX_ENABLE_ABSOLUTE_REDIRECT NGINX_ENABLE_PORT_IN_REDIRECT ) @@ -70,6 +71,7 @@ export NGINX_HTTP_PORT_NUMBER="${NGINX_HTTP_PORT_NUMBER:-}" export WEB_SERVER_HTTP_PORT_NUMBER="$NGINX_HTTP_PORT_NUMBER" export NGINX_HTTPS_PORT_NUMBER="${NGINX_HTTPS_PORT_NUMBER:-}" export WEB_SERVER_HTTPS_PORT_NUMBER="$NGINX_HTTPS_PORT_NUMBER" +export NGINX_SKIP_SAMPLE_CERTS="${NGINX_SKIP_SAMPLE_CERTS:-false}" export NGINX_ENABLE_ABSOLUTE_REDIRECT="${NGINX_ENABLE_ABSOLUTE_REDIRECT:-no}" export NGINX_ENABLE_PORT_IN_REDIRECT="${NGINX_ENABLE_PORT_IN_REDIRECT:-no}" diff --git a/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx/setup.sh b/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx/setup.sh index 6618c4ceb867..506421c0bf36 100755 --- a/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx/setup.sh +++ b/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx/setup.sh @@ -24,20 +24,9 @@ trap "nginx_stop" EXIT # Ensure NGINX daemon user exists when running as 'root' am_i_root && ensure_user_exists "$NGINX_DAEMON_USER" --group "$NGINX_DAEMON_GROUP" -# Regenerate SSL certs (without a passphrase) -ensure_dir_exists "${NGINX_CONF_DIR}/bitnami/certs" -if [[ ! -f "${NGINX_CONF_DIR}/bitnami/certs/server.crt" ]]; then - SSL_KEY_FILE="${NGINX_CONF_DIR}/bitnami/certs/server.key" - SSL_CERT_FILE="${NGINX_CONF_DIR}/bitnami/certs/server.crt" - SSL_CSR_FILE="${NGINX_CONF_DIR}/bitnami/certs/server.csr" - SSL_SUBJ="/CN=example.com" - SSL_EXT="subjectAltName=DNS:example.com,DNS:www.example.com,IP:127.0.0.1" - rm -f "$SSL_KEY_FILE" "$SSL_CERT_FILE" - openssl genrsa -out "$SSL_KEY_FILE" 4096 - openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" -addext "$SSL_EXT" - openssl x509 -req -sha256 -in "$SSL_CSR_FILE" -signkey "$SSL_KEY_FILE" -out "$SSL_CERT_FILE" -days 1825 -extfile <(echo -n "$SSL_EXT") - rm -f "$SSL_CSR_FILE" -fi +# Configure HTTPS sample block using generated SSL certs +nginx_generate_sample_certs + # Run init scripts nginx_custom_init_scripts @@ -45,7 +34,7 @@ nginx_custom_init_scripts ! am_i_root || chmod o+w "$(readlink /dev/stdout)" "$(readlink /dev/stderr)" # Configure HTTPS port number -if [[ -n "${NGINX_HTTPS_PORT_NUMBER:-}" ]] && [[ ! -f "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf" ]] && is_file_writable "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf"; then +if [[ -f "${NGINX_CONF_DIR}/bitnami/certs/server.crt" ]] && [[ -n "${NGINX_HTTPS_PORT_NUMBER:-}" ]] && [[ ! -f "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf" ]] && is_file_writable "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf"; then cp "${BITNAMI_ROOT_DIR}/scripts/nginx/bitnami-templates/default-https-server-block.conf" "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf" fi diff --git a/bitnami/nginx/README.md b/bitnami/nginx/README.md index 62be250f1dcf..7f7f3954b2e6 100644 --- a/bitnami/nginx/README.md +++ b/bitnami/nginx/README.md @@ -29,6 +29,8 @@ docker-compose up -d * All Bitnami images available in Docker Hub are signed with [Docker Content Trust (DCT)](https://docs.docker.com/engine/security/trust/content_trust/). You can use `DOCKER_CONTENT_TRUST=1` to verify the integrity of the images. * Bitnami container images are released on a regular basis with the latest distribution packages available. +Looking to use NGINX Open Source in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## How to deploy NGINX Open Source in Kubernetes? Deploying Bitnami applications as Helm Charts is the easiest way to get started with our applications on Kubernetes. Read more about the installation in the [Bitnami NGINX Open Source Chart GitHub repository](https://github.com/bitnami/charts/tree/master/bitnami/nginx).