mirror of
https://github.com/bitnami/containers.git
synced 2026-03-02 16:17:31 +08:00
5.8.2-debian-10-r44 release
This commit is contained in:
Bitnami Bot
@@ -9,7 +9,7 @@ ENV HOME="/" \
|
||||
COPY prebuildfs /
|
||||
# Install required system packages and dependencies
|
||||
RUN install_packages acl ca-certificates curl gzip less libaudit1 libbsd0 libbz2-1.0 libc6 libcap-ng0 libcom-err2 libcurl4 libexpat1 libffi6 libfftw3-double3 libfontconfig1 libfreetype6 libgcc1 libgcrypt20 libgeoip1 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhogweed4 libicu63 libidn2-0 libjemalloc2 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.4-2 liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmcrypt4 libmemcached11 libmemcachedutil2 libncurses6 libnettle6 libnghttp2-14 libonig5 libp11-kit0 libpam0g libpcre3 libpng16-16 libpq5 libpsl5 libreadline7 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl1.1 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libunistring2 libuuid1 libwebp6 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 procps tar zlib1g
|
||||
RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "php" "7.4.27-2" --checksum 00c27d3d0d2dc5db11f1c8d5b0271c3e55d89e81e11e82b4ab9de26bfebf8b21
|
||||
RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "php" "7.4.27-3" --checksum 6e6afcff2aae442d1271343e88fea61dda066c449c241cd3cb2d612cda73098c
|
||||
RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "wp-cli" "2.5.0-0" --checksum b2be17e2065fc8d9d1a175e1dbc689e8f6a5543bb3b6a6f5470bc987b7c396ce
|
||||
RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "nginx" "1.21.5-0" --checksum e2c355bf9aacd333d1efd311aa016f412fe701aad136a981f6c5993a3d9bc82f
|
||||
RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "mysql-client" "10.3.32-0" --checksum 4a211faa9436c9747dfc4374cb9e8a7f9b0065dfc58dd4784cef0f5029c2e65e
|
||||
@@ -20,13 +20,13 @@ RUN chmod g+rwX /opt/bitnami
|
||||
|
||||
COPY rootfs /
|
||||
RUN /opt/bitnami/scripts/mysql-client/postunpack.sh
|
||||
RUN /opt/bitnami/scripts/php/postunpack.sh
|
||||
RUN /opt/bitnami/scripts/nginx/postunpack.sh
|
||||
RUN /opt/bitnami/scripts/php/postunpack.sh
|
||||
RUN /opt/bitnami/scripts/nginx-php-fpm/postunpack.sh
|
||||
RUN /opt/bitnami/scripts/wordpress/postunpack.sh
|
||||
ENV ALLOW_EMPTY_PASSWORD="no" \
|
||||
BITNAMI_APP_NAME="wordpress-nginx" \
|
||||
BITNAMI_IMAGE_VERSION="5.8.2-debian-10-r43" \
|
||||
BITNAMI_IMAGE_VERSION="5.8.2-debian-10-r44" \
|
||||
MARIADB_HOST="mariadb" \
|
||||
MARIADB_PORT_NUMBER="3306" \
|
||||
MARIADB_ROOT_PASSWORD="" \
|
||||
|
||||
@@ -22,10 +22,10 @@
|
||||
},
|
||||
"php": {
|
||||
"arch": "amd64",
|
||||
"digest": "00c27d3d0d2dc5db11f1c8d5b0271c3e55d89e81e11e82b4ab9de26bfebf8b21",
|
||||
"digest": "6e6afcff2aae442d1271343e88fea61dda066c449c241cd3cb2d612cda73098c",
|
||||
"distro": "debian-10",
|
||||
"type": "NAMI",
|
||||
"version": "7.4.27-2"
|
||||
"version": "7.4.27-3"
|
||||
},
|
||||
"render-template": {
|
||||
"arch": "amd64",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
#
|
||||
# Bitnami NGINX library
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
|
||||
# Load Generic Libraries
|
||||
. /opt/bitnami/scripts/libfs.sh
|
||||
@@ -79,7 +79,7 @@ nginx_configure_port() {
|
||||
debug "Setting port number to ${port} in '${file}'"
|
||||
# TODO: find an appropriate NGINX parser to avoid 'sed calls'
|
||||
nginx_configuration="$(sed -E "s/(listen\s+)[0-9]{1,5};/\1${port};/g" "$file")"
|
||||
echo "$nginx_configuration" > "$file"
|
||||
echo "$nginx_configuration" >"$file"
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -145,12 +145,12 @@ nginx_initialize() {
|
||||
chown -R "${NGINX_DAEMON_USER:-}" "$NGINX_TMP_DIR"
|
||||
fi
|
||||
nginx_user_configuration="$(sed -E "s/^(user\s+).*/\1${NGINX_DAEMON_USER:-} ${NGINX_DAEMON_GROUP:-};/g" "$NGINX_CONF_FILE")"
|
||||
is_file_writable "$NGINX_CONF_FILE" && echo "$nginx_user_configuration" > "$NGINX_CONF_FILE"
|
||||
is_file_writable "$NGINX_CONF_FILE" && echo "$nginx_user_configuration" >"$NGINX_CONF_FILE"
|
||||
else
|
||||
# The "user" directive makes sense only if the master process runs with super-user privileges
|
||||
# TODO: find an appropriate NGINX parser to avoid 'sed calls'
|
||||
nginx_user_configuration="$(sed -E "s/(^user)/# \1/g" "$NGINX_CONF_FILE")"
|
||||
is_file_writable "$NGINX_CONF_FILE" && echo "$nginx_user_configuration" > "$NGINX_CONF_FILE"
|
||||
is_file_writable "$NGINX_CONF_FILE" && echo "$nginx_user_configuration" >"$NGINX_CONF_FILE"
|
||||
fi
|
||||
if [[ -n "${NGINX_HTTP_PORT_NUMBER:-}" ]]; then
|
||||
nginx_configure_port "$NGINX_HTTP_PORT_NUMBER"
|
||||
@@ -202,37 +202,37 @@ ensure_nginx_app_configuration_exists() {
|
||||
shift
|
||||
while [[ "$#" -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--hosts \
|
||||
| --server-aliases)
|
||||
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
|
||||
shift
|
||||
read -r -a "$var_name" <<< "$1"
|
||||
;;
|
||||
--disable \
|
||||
| --disable-http \
|
||||
| --disable-https \
|
||||
)
|
||||
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
|
||||
export "${var_name}=yes"
|
||||
;;
|
||||
--type \
|
||||
| --server-name \
|
||||
| --allow-remote-connections \
|
||||
| --http-port \
|
||||
| --https-port \
|
||||
| --additional-configuration \
|
||||
| --external-configuration \
|
||||
| --document-root \
|
||||
| --extra-directory-configuration \
|
||||
)
|
||||
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
|
||||
shift
|
||||
export "${var_name}"="$1"
|
||||
;;
|
||||
*)
|
||||
echo "Invalid command line flag $1" >&2
|
||||
return 1
|
||||
;;
|
||||
--hosts | \
|
||||
--server-aliases)
|
||||
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
|
||||
shift
|
||||
read -r -a "$var_name" <<<"$1"
|
||||
;;
|
||||
--disable | \
|
||||
--disable-http | \
|
||||
--disable-https)
|
||||
|
||||
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
|
||||
export "${var_name}=yes"
|
||||
;;
|
||||
--type | \
|
||||
--server-name | \
|
||||
--allow-remote-connections | \
|
||||
--http-port | \
|
||||
--https-port | \
|
||||
--additional-configuration | \
|
||||
--external-configuration | \
|
||||
--document-root | \
|
||||
--extra-directory-configuration)
|
||||
|
||||
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
|
||||
shift
|
||||
export "${var_name}"="$1"
|
||||
;;
|
||||
*)
|
||||
echo "Invalid command line flag $1" >&2
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
@@ -290,12 +290,12 @@ absolute_redirect off;"
|
||||
local http_server_block="${NGINX_SERVER_BLOCKS_DIR}/${app}-server-block.conf"
|
||||
local https_server_block="${NGINX_SERVER_BLOCKS_DIR}/${app}-https-server-block.conf"
|
||||
local -r disable_suffix=".disabled"
|
||||
( is_boolean_yes "$disable" || is_boolean_yes "$disable_http" ) && http_server_block+="$disable_suffix"
|
||||
( is_boolean_yes "$disable" || is_boolean_yes "$disable_https" ) && https_server_block+="$disable_suffix"
|
||||
(is_boolean_yes "$disable" || is_boolean_yes "$disable_http") && http_server_block+="$disable_suffix"
|
||||
(is_boolean_yes "$disable" || is_boolean_yes "$disable_https") && https_server_block+="$disable_suffix"
|
||||
if is_file_writable "$http_server_block"; then
|
||||
# Create file with root group write privileges, so it can be modified in non-root containers
|
||||
[[ ! -f "$http_server_block" ]] && touch "$http_server_block" && chmod g+rw "$http_server_block"
|
||||
render-template "${template_dir}/${template_name}-http-server-block.conf.tpl" | sed '/^\s*$/d' > "$http_server_block"
|
||||
render-template "${template_dir}/${template_name}-http-server-block.conf.tpl" | sed '/^\s*$/d' >"$http_server_block"
|
||||
elif [[ ! -f "$http_server_block" ]]; then
|
||||
error "Could not create server block for ${app} at '${http_server_block}'. Check permissions and ownership for parent directories."
|
||||
return 1
|
||||
@@ -305,7 +305,7 @@ absolute_redirect off;"
|
||||
if is_file_writable "$https_server_block"; then
|
||||
# Create file with root group write privileges, so it can be modified in non-root containers
|
||||
[[ ! -f "$https_server_block" ]] && touch "$https_server_block" && chmod g+rw "$https_server_block"
|
||||
render-template "${template_dir}/${template_name}-https-server-block.conf.tpl" | sed '/^\s*$/d' > "$https_server_block"
|
||||
render-template "${template_dir}/${template_name}-https-server-block.conf.tpl" | sed '/^\s*$/d' >"$https_server_block"
|
||||
elif [[ ! -f "$https_server_block" ]]; then
|
||||
error "Could not create server block for ${app} at '${https_server_block}'. Check permissions and ownership for parent directories."
|
||||
return 1
|
||||
@@ -364,21 +364,21 @@ ensure_nginx_prefix_configuration_exists() {
|
||||
shift
|
||||
while [[ "$#" -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--type \
|
||||
| --allow-remote-connections \
|
||||
| --additional-configuration \
|
||||
| --document-root \
|
||||
| --extra-directory-configuration \
|
||||
| --prefix \
|
||||
)
|
||||
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
|
||||
shift
|
||||
declare "${var_name}"="$1"
|
||||
;;
|
||||
*)
|
||||
echo "Invalid command line flag $1" >&2
|
||||
return 1
|
||||
;;
|
||||
--type | \
|
||||
--allow-remote-connections | \
|
||||
--additional-configuration | \
|
||||
--document-root | \
|
||||
--extra-directory-configuration | \
|
||||
--prefix)
|
||||
|
||||
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
|
||||
shift
|
||||
declare "${var_name}"="$1"
|
||||
;;
|
||||
*)
|
||||
echo "Invalid command line flag $1" >&2
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
@@ -407,7 +407,7 @@ absolute_redirect off;"
|
||||
if is_file_writable "$prefix_file"; then
|
||||
# Create file with root group write privileges, so it can be modified in non-root containers
|
||||
[[ ! -f "$prefix_file" ]] && touch "$prefix_file" && chmod g+rw "$prefix_file"
|
||||
render-template "${template_dir}/${template_name}-prefix.conf.tpl" | sed '/^\s*$/d' > "$prefix_file"
|
||||
render-template "${template_dir}/${template_name}-prefix.conf.tpl" | sed '/^\s*$/d' >"$prefix_file"
|
||||
elif [[ ! -f "$prefix_file" ]]; then
|
||||
error "Could not create web server configuration file for ${app} at '${prefix_file}'. Check permissions and ownership for parent directories."
|
||||
return 1
|
||||
@@ -448,31 +448,31 @@ nginx_update_app_configuration() {
|
||||
shift
|
||||
while [[ "$#" -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--hosts \
|
||||
| --server-aliases)
|
||||
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
|
||||
shift
|
||||
read -r -a "$var_name" <<< "$1"
|
||||
;;
|
||||
--hosts | \
|
||||
--server-aliases)
|
||||
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
|
||||
shift
|
||||
read -r -a "$var_name" <<<"$1"
|
||||
;;
|
||||
|
||||
# Common flags
|
||||
--server-name \
|
||||
| --enable-http \
|
||||
| --enable-https \
|
||||
| --disable-http \
|
||||
| --disable-https \
|
||||
| --http-port \
|
||||
| --https-port \
|
||||
)
|
||||
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
|
||||
shift
|
||||
declare "${var_name}=${1}"
|
||||
;;
|
||||
# Common flags
|
||||
--server-name | \
|
||||
--enable-http | \
|
||||
--enable-https | \
|
||||
--disable-http | \
|
||||
--disable-https | \
|
||||
--http-port | \
|
||||
--https-port)
|
||||
|
||||
*)
|
||||
echo "Invalid command line flag $1" >&2
|
||||
return 1
|
||||
;;
|
||||
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
|
||||
shift
|
||||
declare "${var_name}=${1}"
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "Invalid command line flag $1" >&2
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
@@ -542,3 +542,41 @@ nginx_update_app_configuration() {
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
########################
|
||||
# Run custom initialization scripts
|
||||
# Globals:
|
||||
# NGINX_*
|
||||
# Arguments:
|
||||
# None
|
||||
# Returns:
|
||||
# None
|
||||
#########################
|
||||
nginx_custom_init_scripts() {
|
||||
if [[ -n $(find "${NGINX_INITSCRIPTS_DIR}/" -type f -regex ".*\.sh") ]]; then
|
||||
info "Loading user's custom files from $NGINX_INITSCRIPTS_DIR ..."
|
||||
local -r tmp_file="/tmp/filelist"
|
||||
nginx_start_bg
|
||||
find "${NGINX_INITSCRIPTS_DIR}/" -type f -regex ".*\.sh" | sort >"$tmp_file"
|
||||
while read -r f; do
|
||||
case "$f" in
|
||||
*.sh)
|
||||
if [[ -x "$f" ]]; then
|
||||
debug "Executing $f"
|
||||
"$f"
|
||||
else
|
||||
debug "Sourcing $f"
|
||||
. "$f"
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
debug "Ignoring $f"
|
||||
;;
|
||||
esac
|
||||
done <$tmp_file
|
||||
nginx_stop
|
||||
rm -f "$tmp_file"
|
||||
else
|
||||
info "No custom scripts in $NGINX_INITSCRIPTS_DIR"
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -47,6 +47,7 @@ export NGINX_HTDOCS_DIR="${NGINX_BASE_DIR}/html"
|
||||
export NGINX_TMP_DIR="${NGINX_BASE_DIR}/tmp"
|
||||
export NGINX_LOGS_DIR="${NGINX_BASE_DIR}/logs"
|
||||
export NGINX_SERVER_BLOCKS_DIR="${NGINX_CONF_DIR}/server_blocks"
|
||||
export NGINX_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d"
|
||||
export NGINX_CONF_FILE="${NGINX_CONF_DIR}/nginx.conf"
|
||||
export NGINX_PID_FILE="${NGINX_TMP_DIR}/nginx.pid"
|
||||
export PATH="${NGINX_SBIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${PATH}"
|
||||
|
||||
@@ -25,8 +25,8 @@ set -o pipefail
|
||||
#########################
|
||||
nginx_patch_httpoxy_vulnerability() {
|
||||
debug "Unsetting HTTP_PROXY header..."
|
||||
echo '# Unset the HTTP_PROXY header' >> "${NGINX_CONF_DIR}/fastcgi_params"
|
||||
echo 'fastcgi_param HTTP_PROXY "";' >> "${NGINX_CONF_DIR}/fastcgi_params"
|
||||
echo '# Unset the HTTP_PROXY header' >>"${NGINX_CONF_DIR}/fastcgi_params"
|
||||
echo 'fastcgi_param HTTP_PROXY "";' >>"${NGINX_CONF_DIR}/fastcgi_params"
|
||||
}
|
||||
|
||||
# Load NGINX environment variables
|
||||
@@ -36,7 +36,7 @@ nginx_patch_httpoxy_vulnerability() {
|
||||
rm -rf "${BITNAMI_ROOT_DIR}/certs" "${BITNAMI_ROOT_DIR}/server_blocks"
|
||||
|
||||
# Ensure non-root user has write permissions on a set of directories
|
||||
for dir in "$NGINX_VOLUME_DIR" "$NGINX_CONF_DIR" "$NGINX_SERVER_BLOCKS_DIR" "${NGINX_CONF_DIR}/bitnami" "$NGINX_LOGS_DIR" "$NGINX_TMP_DIR"; do
|
||||
for dir in "$NGINX_VOLUME_DIR" "$NGINX_CONF_DIR" "$NGINX_INITSCRIPTS_DIR" "$NGINX_SERVER_BLOCKS_DIR" "${NGINX_CONF_DIR}/bitnami" "$NGINX_LOGS_DIR" "$NGINX_TMP_DIR"; do
|
||||
ensure_dir_exists "$dir"
|
||||
chmod -R g+rwX "$dir"
|
||||
done
|
||||
|
||||
@@ -24,6 +24,9 @@ trap "nginx_stop" EXIT
|
||||
# Ensure NGINX daemon user exists when running as 'root'
|
||||
am_i_root && ensure_user_exists "$NGINX_DAEMON_USER" --group "$NGINX_DAEMON_GROUP"
|
||||
|
||||
# Run init scripts
|
||||
nginx_custom_init_scripts
|
||||
|
||||
# Fix logging issue when running as root
|
||||
! am_i_root || chmod o+w "$(readlink /dev/stdout)" "$(readlink /dev/stderr)"
|
||||
|
||||
|
||||
@@ -37,7 +37,7 @@ Non-root container images add an extra layer of security and are generally recom
|
||||
Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers/).
|
||||
|
||||
|
||||
- [`5`, `5-debian-10`, `5.8.2`, `5.8.2-debian-10-r43`, `latest` (5/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-wordpress-nginx/blob/5.8.2-debian-10-r43/5/debian-10/Dockerfile)
|
||||
- [`5`, `5-debian-10`, `5.8.2`, `5.8.2-debian-10-r44`, `latest` (5/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-wordpress-nginx/blob/5.8.2-debian-10-r44/5/debian-10/Dockerfile)
|
||||
|
||||
Subscribe to project updates by watching the [bitnami/wordpress-nginx GitHub repo](https://github.com/bitnami/bitnami-docker-wordpress-nginx).
|
||||
|
||||
|
||||
Reference in New Issue
Block a user