← Go back to Info :: LinuxServer.io

Notification: Significant changes to nginx based images

August 20, 2022 at 6:00 PM

Notifications bookstack cops diskover dokuwiki freshrss grav grocy heimdall librespeed lychee muximux nextcloud nginx photoshow phpmyadmin piwigo pixapop projectsend snapdrop snipe-it swag xbackbone


Most images using our alpine-nginx base image are being updated to alpine 3.15 with php8 and some significant changes to the nginx configs.

Changes you will likely notice:

  • Bring our default shipped configs as close as possible to alpine upstream defaults
  • Include worker_processes.conf and init script to generate it in the base
  • Include resolver.conf and init script to generate it in the base
  • Include ssl.conf in the base (the same as what is currently shipped in SWAG, but adjusted to use the self-signed certs generated by the base)
  • include /config/nginx/site-confs/*.conf; with *.conf extension (rename existing user files automatically)
  • Rework default.conf
    • Expect applications inside containers to exist at /app/www/public/, and if that does not exist, use /config/www
    • Include ipv6 support
    • deny access to .htaccess/.htpasswd files
    • adjust php location and fastcgi_params to use PATH_INFO and mitigate HTTP_PROXY vulnerability
  • Restructure nginx configs
    • Configs in /defaults/nginx/ are recursively copied to the user’s /config/nginx/ (maintaining the structure)
    • All configs are now named *.sample and all include ## Version YYYY/MM/DD - Changelog: <url to repo history> used by /etc/cont-init.d/85-version-checks
      • Required configs (/config/nginx/nginx.conf, /config/nginx/server-confs/ssl.conf and /config/nginx/site-confs/default.conf) are enabled by default. Downstream images can include and/or enable others as needed (ex: SWAG will enable /config/nginx/location-confs/proxy.conf and /config/nginx/server-confs/502.conf)
    • Folder structure is as follows (in the /config/nginx/ context):
      • All nginx based images:
        • Includes nginx.conf (enabled by default)
        • Includes resolver.conf (enabled by default)
        • Includes ssl.conf (enabled by default)
        • Includes worker_processes.conf (enabled by default)
        • /config/nginx/site-confs/* included inside the http context in /config/nginx/nginx.conf
          • Includes default.conf (enabled by default)
      • SWAG:
        • Includes 502.conf (enabled by default)
        • Includes authelia-location.conf
        • Includes authelia-server.conf
        • Includes ldap-location.conf
        • Includes ldap-server.conf
        • Includes proxy.conf (enabled by default)

Under the hood:

  • Split out init scripts
    • root/migrations/01-nginx-site-confs-default migrate existing default to default.conf
    • root/etc/cont-init.d/11-folders creates all the folders needed in /config
    • root/etc/cont-init.d/12-samples removes existing *.sample files from /config/nginx and copies any included *.sample files from the image
    • root/etc/cont-init.d/13-nginx enable required configs (nginx.conf, ssl.conf and default.conf) if they don’t exist, setup dhparams.pem, setup resolver.conf, setup worker_processes.conf
    • root/etc/cont-init.d/14-php configure php
    • root/etc/cont-init.d/15-keygen create self signed certificates for ssl.conf
    • root/etc/cont-init.d/20-permissions set /config permissions
    • root/etc/cont-init.d/85-version-checks check all enabled *.conf files against all *.sample files shipped with the image and alert the user about updates

Status of affected images:

ImageBranchPRNotes
baseimage-alpine-nginxmasterhttps://github.com/linuxserver/docker-baseimage-alpine-nginx/pull/84
bookstackmasterhttps://github.com/linuxserver/docker-bookstack/pull/113
copsmasterhttps://github.com/linuxserver/docker-cops/pull/34composer downgraded to v1 for compatibility
diskovermasterhttps://github.com/linuxserver/docker-diskover/pull/43
dokuwikimasterhttps://github.com/linuxserver/docker-dokuwiki/pull/43
freshrssmasterhttps://github.com/linuxserver/docker-freshrss/pull/40
gravmainhttps://github.com/linuxserver/docker-grav/pull/9
grocymasterhttps://github.com/linuxserver/docker-grocy/pull/52
heimdallmainhttps://github.com/linuxserver/docker-heimdall/pull/79
librespeedmasterhttps://github.com/linuxserver/docker-librespeed/pull/15
lycheemasterhttps://github.com/linuxserver/docker-lychee/pull/51
muximuxmasterhttps://github.com/linuxserver/docker-muximux/pull/26
nextcloudmasterhttps://github.com/linuxserver/docker-nextcloud/pull/219
nginxmasterhttps://github.com/linuxserver/docker-nginx/pull/79
photoshowmasterhttps://github.com/linuxserver/docker-photoshow/pull/28Deprecated
phpmyadminmainhttps://github.com/linuxserver/docker-phpmyadmin/pull/12
piwigomasterhttps://github.com/linuxserver/docker-piwigo/pull/49
pixapopmasterhttps://github.com/linuxserver/docker-pixapop/pull/11Deprecated
projectsendmasterhttps://github.com/linuxserver/docker-projectsend/pull/22
snapdropmasterhttps://github.com/linuxserver/docker-snapdrop/pull/6
snipe-itmasterhttps://github.com/linuxserver/docker-snipe-it/pull/28
swagmasterhttps://github.com/linuxserver/docker-swag/pull/169
xbackbonemainhttps://github.com/linuxserver/docker-xbackbone/pull/5

Any images with notes above may not be merged. We will make efforts to update this page if any of the images with notes above are merged at a later date. We may also make individual announcements about status updates regarding these images.

Last updated: October 14, 2022 at 9:13 AM