awesome-compose/nginx-wsgi-flask/nginx/Dockerfile
Madhu Kumar e20c8dd50b
Security upgrade nginx from 1.19.7-alpine to 1.20.1-alpine
Changes included in this PR
nginx-wsgi-flask/nginx/Dockerfile
We recommend upgrading to nginx:1.20.1-alpine, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

Severity	Priority Score / 1000	Issue	Exploit Maturity
critical severity	500	Out-of-bounds Read
SNYK-ALPINE313-APKTOOLS-1533754	No Known Exploit
critical severity	500	Double Free
SNYK-ALPINE313-CURL-1585246	No Known Exploit
critical severity	500	Double Free
SNYK-ALPINE313-CURL-1585246	No Known Exploit
critical severity	500	Buffer Overflow
SNYK-ALPINE313-OPENSSL-1569448	No Known Exploit
critical severity	500	Buffer Overflow
SNYK-ALPINE313-OPENSSL-1569448	No Known Exploit
2022-02-19 22:27:43 +01:00

33 lines
1.0 KiB
Docker

FROM nginx:1.20.1-alpine
# Add bash for boot cmd
RUN apk add bash
# Add nginx.conf to container
COPY --chown=nginx:nginx nginx.conf /etc/nginx/nginx.conf
COPY --chown=nginx:nginx start.sh /app/start.sh
# set workdir
WORKDIR /app
# permissions and nginx user for tightened security
RUN chown -R nginx:nginx /app && chmod -R 755 /app && \
chown -R nginx:nginx /var/cache/nginx && \
chown -R nginx:nginx /var/log/nginx && \
chmod -R 755 /var/log/nginx; \
chown -R nginx:nginx /etc/nginx/conf.d
RUN touch /var/run/nginx.pid && chown -R nginx:nginx /var/run/nginx.pid
# # Uncomment to keep the nginx logs inside the container - Leave commented for logging to stdout and stderr
# RUN mkdir -p /var/log/nginx
# RUN unlink /var/log/nginx/access.log \
# && unlink /var/log/nginx/error.log \
# && touch /var/log/nginx/access.log \
# && touch /var/log/nginx/error.log \
# && chown nginx /var/log/nginx/*log \
# && chmod 644 /var/log/nginx/*log
USER nginx
CMD ["nginx", "-g", "'daemon off;'"]