From f7f6c339ad33c8230194c8bc85d2fce36bcaccb5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arne=20J=C3=B8rgensen?= Date: Thu, 30 Jan 2025 10:33:42 +0100 Subject: [PATCH 1/2] Use newer nginx Specifying the version this way should hopefully make Dependabot pick up new versions in the future. --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 40092fd..9f05af9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,12 @@ ## # Base ## -FROM nginx:1.27.0-alpine3.19-slim@sha256:a529900d9252ce5d04531a4a594f93736dbbe3ec155a692d10484be82aaa159a AS base +FROM nginx:1.27.3-alpine-slim@sha256:5a56ae385906c5b43ccc99379bce883aa93dc0556d7f705ba501d819925e8fa1 AS base COPY /base / RUN apk add --no-cache \ - ca-certificates=~20240226 \ + ca-certificates=~20241121 \ gnutls-utils=~3 ARG workdir=/var/www From f2fb3618d247cf25e8a751fc485cb30be42680c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arne=20J=C3=B8rgensen?= Date: Thu, 30 Jan 2025 10:34:52 +0100 Subject: [PATCH 2/2] Support Docker containers with more than one IP address Before we would fail if there where more than one. --- context/base/docker-entrypoint.d/20-certs.sh | 7 ++++--- context/base/etc/https-proxy/cert.cfg.template | 1 - 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/context/base/docker-entrypoint.d/20-certs.sh b/context/base/docker-entrypoint.d/20-certs.sh index 8ba681d..e4ae0f5 100755 --- a/context/base/docker-entrypoint.d/20-certs.sh +++ b/context/base/docker-entrypoint.d/20-certs.sh @@ -7,15 +7,16 @@ CERT_KEY="/cert/${FIRST_VIRTUAL_HOST:-localhost}.key" CA_CERT="/rootCA/rootCA.pem" CA_KEY="/rootCA/rootCA-key.pem" -IP_ADDRESS=$(hostname -i) -export IP_ADDRESS - envsubst /tmp/cert.cfg for host in ${VIRTUAL_HOST:-localhost}; do echo "dns_name = $host" >>/tmp/cert.cfg done +for ip_address in $(hostname -i); do + echo "ip_address = $ip_address" >>/tmp/cert.cfg +done + certtool --generate-privkey --outfile "${CERT_KEY}" if [ ! -r "${CA_CERT}" ] || [ ! -r "${CA_KEY}" ]; then diff --git a/context/base/etc/https-proxy/cert.cfg.template b/context/base/etc/https-proxy/cert.cfg.template index c5b03d7..992ce41 100644 --- a/context/base/etc/https-proxy/cert.cfg.template +++ b/context/base/etc/https-proxy/cert.cfg.template @@ -2,4 +2,3 @@ organization = "Development certificate" unit = "${HOSTNAME}" cn = "${FIRST_VIRTUAL_HOST}" expiration_days = ${EXPIRATION_DAYS} -ip_address = "${IP_ADDRESS}"