[bitnami/nginx] Release 1.23.1-debian-11-r15 (#4676)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
2022-08-31 09:01:49 +02:00 · 2022-08-31 09:01:49 +02:00 · 877fb4f87c
parent 0fef81eae0
commit 877fb4f87c
7 changed files with 63 additions and 126 deletions
--- a/bitnami/nginx/1.23/debian-11/Dockerfile
+++ b/bitnami/nginx/1.23/debian-11/Dockerfile
@ -6,7 +6,7 @@ ENV HOME="/" \

 LABEL org.opencontainers.image.authors="https://bitnami.com/contact" \
      org.opencontainers.image.description="Application packaged by Bitnami" \
-      org.opencontainers.image.ref.name="1.23.1-debian-11-r14" \
+      org.opencontainers.image.ref.name="1.23.1-debian-11-r15" \
      org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/nginx" \
      org.opencontainers.image.title="nginx" \
      org.opencontainers.image.vendor="VMware, Inc." \
@ -16,9 +16,27 @@ COPY prebuildfs /
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 # Install required system packages and dependencies
 RUN install_packages acl ca-certificates curl gzip libc6 libcrypt1 libgeoip1 libpcre3 libssl1.1 procps tar zlib1g
-RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "render-template" "1.0.3-153" --checksum c1f2cdabdcc920512e8936ab2c8a033e1aeb97801fa026f0b12432581bf849ae
-RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "nginx" "1.23.1-2" --checksum 86af129d30d3ed8234c73815da136ac9a8d000dc6b9cd7522e8689e5c852bf0a
-RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "gosu" "1.14.0-154" --checksum e36c3d90f4fbfbe989f40947fa7c8ab817f12fcf97d3aef893c753a20ce976ab
+RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
+    if [ ! -f render-template-1.0.3-153-linux-amd64-debian-11.tar.gz ]; then \
+      curl -SsLf https://downloads.bitnami.com/files/stacksmith/render-template-1.0.3-153-linux-amd64-debian-11.tar.gz -O ; \
+    fi && \
+    echo "c1f2cdabdcc920512e8936ab2c8a033e1aeb97801fa026f0b12432581bf849ae  render-template-1.0.3-153-linux-amd64-debian-11.tar.gz" | sha256sum -c - && \
+    tar -zxf render-template-1.0.3-153-linux-amd64-debian-11.tar.gz -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \
+    rm -rf render-template-1.0.3-153-linux-amd64-debian-11.tar.gz
+RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
+    if [ ! -f nginx-1.23.1-2-linux-amd64-debian-11.tar.gz ]; then \
+      curl -SsLf https://downloads.bitnami.com/files/stacksmith/nginx-1.23.1-2-linux-amd64-debian-11.tar.gz -O ; \
+    fi && \
+    echo "86af129d30d3ed8234c73815da136ac9a8d000dc6b9cd7522e8689e5c852bf0a  nginx-1.23.1-2-linux-amd64-debian-11.tar.gz" | sha256sum -c - && \
+    tar -zxf nginx-1.23.1-2-linux-amd64-debian-11.tar.gz -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \
+    rm -rf nginx-1.23.1-2-linux-amd64-debian-11.tar.gz
+RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
+    if [ ! -f gosu-1.14.0-154-linux-amd64-debian-11.tar.gz ]; then \
+      curl -SsLf https://downloads.bitnami.com/files/stacksmith/gosu-1.14.0-154-linux-amd64-debian-11.tar.gz -O ; \
+    fi && \
+    echo "e36c3d90f4fbfbe989f40947fa7c8ab817f12fcf97d3aef893c753a20ce976ab  gosu-1.14.0-154-linux-amd64-debian-11.tar.gz" | sha256sum -c - && \
+    tar -zxf gosu-1.14.0-154-linux-amd64-debian-11.tar.gz -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \
+    rm -rf gosu-1.14.0-154-linux-amd64-debian-11.tar.gz
 RUN apt-get update && apt-get upgrade -y && \
    rm -r /var/lib/apt/lists /var/cache/apt/archives
 RUN chmod g+rwX /opt/bitnami
--- a/bitnami/nginx/1.23/debian-11/prebuildfs/opt/bitnami/scripts/libcomponent.sh
+++ b/bitnami/nginx/1.23/debian-11/prebuildfs/opt/bitnami/scripts/libcomponent.sh
@ -1,65 +0,0 @@
-#!/bin/bash
-#
-# Library for managing Bitnami components
-
-# Constants
-CACHE_ROOT="/tmp/bitnami/pkg/cache"
-DOWNLOAD_URL="https://downloads.bitnami.com/files/stacksmith"
-
-# Functions
-
-########################
-# Download and unpack a Bitnami package
-# Globals:
-#   OS_NAME
-#   OS_ARCH
-#   OS_FLAVOUR
-# Arguments:
-#   $1 - component's name
-#   $2 - component's version
-# Returns:
-#   None
-#########################
-component_unpack() {
-    local name="${1:?name is required}"
-    local version="${2:?version is required}"
-    local base_name="${name}-${version}-${OS_NAME}-${OS_ARCH}-${OS_FLAVOUR}"
-    local package_sha256=""
-    local directory="/opt/bitnami"
-
-    # Validate arguments
-    shift 2
-    while [ "$#" -gt 0 ]; do
-        case "$1" in
-            -c|--checksum)
-                shift
-                package_sha256="${1:?missing package checksum}"
-                ;;
-            *)
-                echo "Invalid command line flag $1" >&2
-                return 1
-                ;;
-        esac
-        shift
-    done
-
-    echo "Downloading $base_name package"
-    if [ -f "${CACHE_ROOT}/${base_name}.tar.gz" ]; then
-        echo "${CACHE_ROOT}/${base_name}.tar.gz already exists, skipping download."
-        cp "${CACHE_ROOT}/${base_name}.tar.gz" .
-        rm "${CACHE_ROOT}/${base_name}.tar.gz"
-        if [ -f "${CACHE_ROOT}/${base_name}.tar.gz.sha256" ]; then
-            echo "Using the local sha256 from ${CACHE_ROOT}/${base_name}.tar.gz.sha256"
-            package_sha256="$(< "${CACHE_ROOT}/${base_name}.tar.gz.sha256")"
-            rm "${CACHE_ROOT}/${base_name}.tar.gz.sha256"
-        fi
-    else
-	curl --remote-name --silent --show-error --fail "${DOWNLOAD_URL}/${base_name}.tar.gz"
-    fi
-    if [ -n "$package_sha256" ]; then
-        echo "Verifying package integrity"
-        echo "$package_sha256  ${base_name}.tar.gz" | sha256sum --check - || return "$?"
-    fi
-    tar --directory "${directory}" --extract --gunzip --file "${base_name}.tar.gz" --no-same-owner --strip-components=2 || return "$?"
-    rm "${base_name}.tar.gz"
-}
--- a/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/libnginx.sh
+++ b/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/libnginx.sh
@ -128,18 +128,21 @@ nginx_validate() {
            print_validation_error "The allowed values for ${1} are: yes no"
        fi
    }
+    check_valid_port() {
+        local port_var="${1:?missing port variable}"
+        local validate_port_args=()
+        local err
+        ! am_i_root && validate_port_args+=("-unprivileged")
+        if ! err="$(validate_port "${validate_port_args[@]}" "${!port_var}")"; then
+            print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}."
+        fi
+    }

    ! is_empty_value "$NGINX_ENABLE_ABSOLUTE_REDIRECT" && check_yes_no_value "NGINX_ENABLE_ABSOLUTE_REDIRECT"
    ! is_empty_value "$NGINX_ENABLE_PORT_IN_REDIRECT" && check_yes_no_value "NGINX_ENABLE_PORT_IN_REDIRECT"

-    if [[ -n "${NGINX_HTTP_PORT_NUMBER:-}" ]]; then
-        local -a validate_port_args=()
-        ! am_i_root && validate_port_args+=("-unprivileged")
-        validate_port_args+=("${NGINX_HTTP_PORT_NUMBER}")
-        if ! err=$(validate_port "${validate_port_args[@]}"); then
-            print_validation_error "An invalid port was specified in the environment variable NGINX_HTTP_PORT_NUMBER: $err"
-        fi
-    fi
+    ! is_empty_value "$NGINX_HTTP_PORT_NUMBER" && check_valid_port "NGINX_HTTP_PORT_NUMBER"
+    ! is_empty_value "$NGINX_HTTPS_PORT_NUMBER" && check_valid_port "NGINX_HTTPS_PORT_NUMBER"

    if ! is_file_writable "$NGINX_CONF_FILE"; then
        warn "The NGINX configuration file '${NGINX_CONF_FILE}' is not writable by current user. Configurations based on environment variables will not be applied."
@ -188,9 +191,14 @@ nginx_initialize() {
        nginx_user_configuration="$(sed -E "s/(^user)/# \1/g" "$NGINX_CONF_FILE")"
        is_file_writable "$NGINX_CONF_FILE" && echo "$nginx_user_configuration" >"$NGINX_CONF_FILE"
    fi
+    # Configure HTTP port number
    if [[ -n "${NGINX_HTTP_PORT_NUMBER:-}" ]]; then
        nginx_configure_port "$NGINX_HTTP_PORT_NUMBER"
    fi
+    # Configure HTTPS port number
+    if [[ -n "${NGINX_HTTPS_PORT_NUMBER:-}" ]]; then
+        nginx_configure_port "$NGINX_HTTPS_PORT_NUMBER" "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf"
+    fi
    nginx_configure "absolute_redirect" "$(is_boolean_yes "$NGINX_ENABLE_ABSOLUTE_REDIRECT" && echo "on" || echo "off" )"
    nginx_configure "port_in_redirect" "$(is_boolean_yes "$NGINX_ENABLE_PORT_IN_REDIRECT" && echo "on" || echo "off" )"
 }
--- a/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx/postunpack.sh
+++ b/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx/postunpack.sh
@ -46,6 +46,8 @@ nginx_patch_httpoxy_vulnerability

 # Configure default HTTP port
 nginx_configure_port "$NGINX_DEFAULT_HTTP_PORT_NUMBER"
+# Configure default HTTPS port
+nginx_configure_port "$NGINX_DEFAULT_HTTPS_PORT_NUMBER" "${BITNAMI_ROOT_DIR}/scripts/nginx/server_blocks/default-https-server-block.conf"

 # shellcheck disable=SC1091

--- a/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx/server_blocks/default-https-server-block.conf
+++ b/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx/server_blocks/default-https-server-block.conf
@ -0,0 +1,17 @@
+# HTTPS Server
+server {
+    # Port to listen on, can also be set in IP:PORT format
+    listen  443 ssl;
+
+    ssl_certificate      bitnami/certs/server.crt;
+    ssl_certificate_key  bitnami/certs/server.key;
+
+    include  "/opt/bitnami/nginx/conf/bitnami/*.conf";
+
+    location /status {
+        stub_status on;
+        access_log   off;
+        allow 127.0.0.1;
+        deny all;
+    }
+}
--- a/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx/setup.sh
+++ b/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx/setup.sh
@ -27,20 +27,14 @@ am_i_root && ensure_user_exists "$NGINX_DAEMON_USER" --group "$NGINX_DAEMON_GROU
 # Run init scripts
 nginx_custom_init_scripts

-# Validate HTTPS port number
-if [[ -n "${NGINX_HTTPS_PORT_NUMBER:-}" ]]; then
-    validate_port_args=()
-    ! am_i_root && validate_port_args+=("-unprivileged")
-    validate_port_args+=("$NGINX_HTTPS_PORT_NUMBER")
-    if ! err=$(validate_port "${validate_port_args[@]}"); then
-        error "An invalid port was specified in the environment variable NGINX_HTTPS_PORT_NUMBER: $err"
-        exit 1
-    fi
-fi
-
 # Fix logging issue when running as root
 ! am_i_root || chmod o+w "$(readlink /dev/stdout)" "$(readlink /dev/stderr)"

+# Configure HTTPS port number
+if [[ -n "${NGINX_HTTPS_PORT_NUMBER:-}" ]] && [[ ! -f "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf" ]]; then
+    cp "${BITNAMI_ROOT_DIR}/scripts/nginx/server_blocks/default-https-server-block.conf" "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf"
+fi
+
 # Initialize NGINX
 nginx_initialize

--- a/bitnami/nginx/README.md
+++ b/bitnami/nginx/README.md
@ -45,7 +45,7 @@ Non-root container images add an extra layer of security and are generally recom
 Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers/).


-* [`1.23`, `1.23-debian-11`, `1.23.1`, `1.23.1-debian-11-r14`, `latest` (1.23/debian-11/Dockerfile)](https://github.com/bitnami/containers/blob/main/bitnami/nginx/1.23/debian-11/Dockerfile)
+* [`1.23`, `1.23-debian-11`, `1.23.1`, `1.23.1-debian-11-r15`, `latest` (1.23/debian-11/Dockerfile)](https://github.com/bitnami/containers/blob/main/bitnami/nginx/1.23/debian-11/Dockerfile)
 * [`1.22`, `1.22-debian-11`, `1.22.0`, `1.22.0-debian-11-r32` (1.22/debian-11/Dockerfile)](https://github.com/bitnami/containers/blob/main/bitnami/nginx/1.22/debian-11/Dockerfile)

 ## Get this image
@ -367,47 +367,10 @@ $ docker-compose logs nginx

 You can configure the containers [logging driver](https://docs.docker.com/engine/admin/logging/overview/) using the `--log-driver` option if you wish to consume the container logs differently. In the default configuration docker uses the `json-file` driver.

-## Understand the structure of this image
-
-The Bitnami NGINX Open Source Docker image is built using a Dockerfile with the structure below:
-
-```Dockerfile
-FROM bitnami/minideb
-...
-## Install required system packages and dependencies
-RUN install_packages xxx yyy zzz
-RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "nginx" "a.b.c-0"
-...
-COPY rootfs /
-RUN /opt/bitnami/scripts/nginx/postunpack.sh
-...
-ENV BITNAMI_APP_NAME="nginx" ...
-EXPOSE 8080 8443
-WORKDIR /app
-USER 1001
-...
-ENTRYPOINT [ "/opt/bitnami/scripts/nginx/entrypoint.sh" ]
-CMD [ "/opt/bitnami/scripts/nginx/run.sh" ]
-```
-
-The Dockerfile has several sections related to:
-
- Components installation
- Components static configuration
- Environment variables
- Volumes
- Ports to be exposed
- Working directory and user
-  - Note that once the user is set to 1001, unprivileged commands cannot be executed any longer.
- Entrypoint and command
-  - Take into account that these actions are not executed until the container is started.
-
 ## Customize this image

 The Bitnami NGINX Open Source Docker image is designed to be extended so it can be used as the base image for your custom web applications.

-> Note: Read the [previous section](#understand-the-structure-of-this-image) to understand the Dockerfile structure before extending this image.
-
 ### Extend this image

 Before extending this image, please note there are certain configuration settings you can modify using the original image: