[bitnami/wordpress-nginx] Release 6.2.0-debian-11-r22 (#33494)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

bitnami/wordpress-nginx/6/debian-11/Dockerfile

@@ -3,10 +3,10 @@ FROM docker.io/bitnami/minideb:bullseye
 ARG TARGETARCH
 
 LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2023-05-09T17:03:57Z" \
+      org.opencontainers.image.created="2023-05-11T19:20:56Z" \
       org.opencontainers.image.description="Application packaged by VMware, Inc" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="6.2.0-debian-11-r21" \
+      org.opencontainers.image.ref.name="6.2.0-debian-11-r22" \
       org.opencontainers.image.title="wordpress-nginx" \
       org.opencontainers.image.vendor="VMware, Inc." \
       org.opencontainers.image.version="6.2.0"
@@ -22,10 +22,10 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN install_packages acl ca-certificates curl less libaudit1 libbrotli1 libbsd0 libbz2-1.0 libcap-ng0 libcom-err2 libcrypt1 libcurl4 libexpat1 libffi7 libfftw3-double3 libfontconfig1 libfreetype6 libgcc-s1 libgcrypt20 libgeoip1 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhogweed6 libicu67 libidn2-0 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.4-2 liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmd0 libmemcached11 libncurses6 libnettle8 libnghttp2-14 libonig5 libp11-kit0 libpam0g libpcre3 libpng16-16 libpq5 libpsl5 libreadline8 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl1.1 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libunistring2 libuuid1 libwebp6 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 procps zlib1g
 RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
     COMPONENTS=( \
-      "php-8.1.18-1-linux-${OS_ARCH}-debian-11" \
+      "php-8.1.19-0-linux-${OS_ARCH}-debian-11" \
       "nginx-1.23.4-3-linux-${OS_ARCH}-debian-11" \
-      "mysql-client-10.11.2-5-linux-${OS_ARCH}-debian-11" \
-      "wordpress-6.2.0-13-linux-${OS_ARCH}-debian-11" \
+      "mysql-client-10.11.3-0-linux-${OS_ARCH}-debian-11" \
+      "wordpress-6.2.0-14-linux-${OS_ARCH}-debian-11" \
       "render-template-1.0.5-5-linux-${OS_ARCH}-debian-11" \
     ) && \
     for COMPONENT in "${COMPONENTS[@]}"; do \

bitnami/wordpress-nginx/6/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json

@@ -3,7 +3,7 @@
         "arch": "amd64",
         "distro": "debian-11",
         "type": "NAMI",
-        "version": "10.11.2-5"
+        "version": "10.11.3-0"
     },
     "nginx": {
         "arch": "amd64",
@@ -15,7 +15,7 @@
         "arch": "amd64",
         "distro": "debian-11",
         "type": "NAMI",
-        "version": "8.1.18-1"
+        "version": "8.1.19-0"
     },
     "render-template": {
         "arch": "amd64",
@@ -27,6 +27,6 @@
         "arch": "amd64",
         "distro": "debian-11",
         "type": "NAMI",
-        "version": "6.2.0-13"
+        "version": "6.2.0-14"
     }
 }

bitnami/wordpress-nginx/6/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh

@@ -421,7 +421,7 @@ generate_random_string() {
     alphanumeric+special|special+alphanumeric)
         # Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters
         # Special characters are harder to write, and it could impact the overall UX if most passwords are too complex
-        filter='a-zA-Z0-9!@#$%^'
+        filter='a-zA-Z0-9:@.,/+!='
         ;;
     *)
         echo "Invalid type ${type}" >&2

bitnami/wordpress-nginx/6/debian-11/rootfs/opt/bitnami/scripts/libnginx.sh

@@ -629,3 +629,34 @@ nginx_custom_init_scripts() {
         info "No custom scripts in $NGINX_INITSCRIPTS_DIR"
     fi
 }
+
+########################
+# Generate sample TLS certificates without passphrase for sample HTTPS server_block
+# Globals:
+#   NGINX_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+nginx_generate_sample_certs() {
+    local certs_dir="${NGINX_CONF_DIR}/bitnami/certs"
+
+    if ! is_boolean_yes "$NGINX_SKIP_SAMPLE_CERTS" && [[ ! -f "${certs_dir}/server.crt" ]]; then
+        ensure_dir_exists "$certs_dir"
+        if is_file_writable "${certs_dir}/server.crt"; then
+            SSL_KEY_FILE="${certs_dir}/server.key"
+            SSL_CERT_FILE="${certs_dir}/server.crt"
+            SSL_CSR_FILE="${certs_dir}/server.csr"
+            SSL_SUBJ="/CN=example.com"
+            SSL_EXT="subjectAltName=DNS:example.com,DNS:www.example.com,IP:127.0.0.1"
+            rm -f "$SSL_KEY_FILE" "$SSL_CERT_FILE"
+            openssl genrsa -out "$SSL_KEY_FILE" 4096
+            openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" -addext "$SSL_EXT"
+            openssl x509 -req -sha256 -in "$SSL_CSR_FILE" -signkey "$SSL_KEY_FILE" -out "$SSL_CERT_FILE" -days 1825 -extfile <(echo -n "$SSL_EXT")
+            rm -f "$SSL_CSR_FILE"
+        else
+            warn "The certificates directories '${certs_dir}' is not writable, skipping sample HTTPS certificates generation"
+        fi
+    fi
+}

bitnami/wordpress-nginx/6/debian-11/rootfs/opt/bitnami/scripts/nginx-env.sh

@@ -24,6 +24,7 @@ export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
 nginx_env_vars=(
     NGINX_HTTP_PORT_NUMBER
     NGINX_HTTPS_PORT_NUMBER
+    NGINX_SKIP_SAMPLE_CERTS
     NGINX_ENABLE_ABSOLUTE_REDIRECT
     NGINX_ENABLE_PORT_IN_REDIRECT
 )
@@ -70,6 +71,7 @@ export NGINX_HTTP_PORT_NUMBER="${NGINX_HTTP_PORT_NUMBER:-}"
 export WEB_SERVER_HTTP_PORT_NUMBER="$NGINX_HTTP_PORT_NUMBER"
 export NGINX_HTTPS_PORT_NUMBER="${NGINX_HTTPS_PORT_NUMBER:-}"
 export WEB_SERVER_HTTPS_PORT_NUMBER="$NGINX_HTTPS_PORT_NUMBER"
+export NGINX_SKIP_SAMPLE_CERTS="${NGINX_SKIP_SAMPLE_CERTS:-false}"
 export NGINX_ENABLE_ABSOLUTE_REDIRECT="${NGINX_ENABLE_ABSOLUTE_REDIRECT:-no}"
 export NGINX_ENABLE_PORT_IN_REDIRECT="${NGINX_ENABLE_PORT_IN_REDIRECT:-no}"
 

bitnami/wordpress-nginx/6/debian-11/rootfs/opt/bitnami/scripts/nginx/setup.sh

@@ -24,20 +24,9 @@ trap "nginx_stop" EXIT
 # Ensure NGINX daemon user exists when running as 'root'
 am_i_root && ensure_user_exists "$NGINX_DAEMON_USER" --group "$NGINX_DAEMON_GROUP"
 
-# Regenerate SSL certs (without a passphrase)
-ensure_dir_exists "${NGINX_CONF_DIR}/bitnami/certs"
-if [[ ! -f "${NGINX_CONF_DIR}/bitnami/certs/server.crt" ]]; then
-    SSL_KEY_FILE="${NGINX_CONF_DIR}/bitnami/certs/server.key"
-    SSL_CERT_FILE="${NGINX_CONF_DIR}/bitnami/certs/server.crt"
-    SSL_CSR_FILE="${NGINX_CONF_DIR}/bitnami/certs/server.csr"
-    SSL_SUBJ="/CN=example.com"
-    SSL_EXT="subjectAltName=DNS:example.com,DNS:www.example.com,IP:127.0.0.1"
-    rm -f "$SSL_KEY_FILE" "$SSL_CERT_FILE"
-    openssl genrsa -out "$SSL_KEY_FILE" 4096
-    openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" -addext "$SSL_EXT"
-    openssl x509 -req -sha256 -in "$SSL_CSR_FILE" -signkey "$SSL_KEY_FILE" -out "$SSL_CERT_FILE" -days 1825 -extfile <(echo -n "$SSL_EXT")
-    rm -f "$SSL_CSR_FILE"
-fi
+# Configure HTTPS sample block using generated SSL certs
+nginx_generate_sample_certs
+
 # Run init scripts
 nginx_custom_init_scripts
 
@@ -45,7 +34,7 @@ nginx_custom_init_scripts
 ! am_i_root || chmod o+w "$(readlink /dev/stdout)" "$(readlink /dev/stderr)"
 
 # Configure HTTPS port number
-if [[ -n "${NGINX_HTTPS_PORT_NUMBER:-}" ]] && [[ ! -f "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf" ]] && is_file_writable "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf"; then
+if [[ -f "${NGINX_CONF_DIR}/bitnami/certs/server.crt" ]] && [[ -n "${NGINX_HTTPS_PORT_NUMBER:-}" ]] && [[ ! -f "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf" ]] && is_file_writable "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf"; then
     cp "${BITNAMI_ROOT_DIR}/scripts/nginx/bitnami-templates/default-https-server-block.conf" "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf"
 fi
 

bitnami/wordpress-nginx/README.md

@@ -24,6 +24,8 @@ docker-compose up
 - All Bitnami images available in Docker Hub are signed with [Docker Content Trust (DCT)](https://docs.docker.com/engine/security/trust/content_trust/). You can use `DOCKER_CONTENT_TRUST=1` to verify the integrity of the images.
 - Bitnami container images are released on a regular basis with the latest distribution packages available.
 
+Looking to use WordPress with NGINX in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
+
 ## Why use a non-root container?
 
 Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.bitnami.com/tutorials/work-with-non-root-containers/).