Skip to content

Commit

Permalink
fix: Correct vulnerabilities found through static code analysis
Browse files Browse the repository at this point in the history 
* Dockerfile
 * Changes http to https
 * Change use of pipes to avoid pipefail messages
  • Loading branch information
@phantomjinx
phantomjinx committed Feb 19, 2024
1 parent 7d161ab commit 72d1344
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ LABEL url="https://www.nginx.com/" \

COPY docker/nginx.repo /etc/yum.repos.d/nginx.repo

RUN curl -sO http://nginx.org/keys/nginx_signing.key && \
RUN curl -sO https://nginx.org/keys/nginx_signing.key && \
rpm --import ./nginx_signing.key && \
microdnf -y install --setopt=tsflags=nodocs nginx-${NGINX_VERSION}.ngx nginx-module-njs-${NGINX_MODULE_NJS_VERSION}.ngx && \
rm -f ./nginx_signing.key && \
Expand All @@ -47,11 +47,11 @@ RUN curl -sO http://nginx.org/keys/nginx_signing.key && \
# - modify perms for non-root runtime
RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
ln -sf /dev/stderr /var/log/nginx/error.log && \
sed -i 's|/var/run/nginx.pid|/var/cache/nginx/nginx.pid|g' /etc/nginx/nginx.conf && \
sed -i 's~/var/run/nginx.pid~/var/cache/nginx/nginx.pid~g' /etc/nginx/nginx.conf && \
sed -i -e '/user/!b' -e '/nginx/!b' -e '/nginx/d' /etc/nginx/nginx.conf && \
echo -e "load_module modules/ngx_http_js_module.so;\n$(cat /etc/nginx/nginx.conf)" > /etc/nginx/nginx.conf && \
# Uncomment this line to output info log for nginx.js
sed -i 's|/var/log/nginx/error.log warn|/var/log/nginx/error.log info|g' /etc/nginx/nginx.conf && \
sed -i 's~/var/log/nginx/error.log warn~/var/log/nginx/error.log info~g' /etc/nginx/nginx.conf && \
chown -R 998 /var/cache/nginx /etc/nginx && \
rm -f /etc/nginx/conf.d/default.conf && \
chmod -R g=u /var/cache/nginx /etc/nginx
Expand Down

0 comments on commit 72d1344

Please sign in to comment.