From fcc09c529711869f5ff8d6653b9d4363bb91b556 Mon Sep 17 00:00:00 2001 From: Dean Coakley Date: Thu, 17 Dec 2020 08:49:19 +0000 Subject: [PATCH 1/4] Update NGINX version to 1.19.6 --- build/Dockerfile | 2 +- build/DockerfileForAlpine | 2 +- build/DockerfileWithOpentracing | 2 +- build/openshift/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index e763ce7ca..39bf9607e 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,6 +1,6 @@ ARG GOLANG_CONTAINER=golang:latest -FROM nginx:1.19.3 AS base +FROM nginx:1.19.6 AS base # forward nginx access and error logs to stdout and stderr of the ingress # controller process diff --git a/build/DockerfileForAlpine b/build/DockerfileForAlpine index 92c8d2d8e..85b2817a1 100644 --- a/build/DockerfileForAlpine +++ b/build/DockerfileForAlpine @@ -1,6 +1,6 @@ ARG GOLANG_CONTAINER=golang:latest -FROM nginx:1.19.3-alpine AS base +FROM nginx:1.19.6-alpine AS base # forward nginx access and error logs to stdout and stderr of the ingress # controller process diff --git a/build/DockerfileWithOpentracing b/build/DockerfileWithOpentracing index c8fa51d7d..ba9388392 100644 --- a/build/DockerfileWithOpentracing +++ b/build/DockerfileWithOpentracing @@ -1,4 +1,4 @@ -ARG NGINX_VERSION=1.19.3 +ARG NGINX_VERSION=1.19.6 ARG OPENTRACING_CPP_VERSION=1.5.1 ARG GOLANG_CONTAINER=golang:latest diff --git a/build/openshift/Dockerfile b/build/openshift/Dockerfile index e8ec729ee..98f199f83 100644 --- a/build/openshift/Dockerfile +++ b/build/openshift/Dockerfile @@ -9,7 +9,7 @@ LABEL name="NGINX Ingress Controller" \ maintainer="NGINX Docker Maintainers " \ vendor="NGINX Inc " -ENV NGINX_VERSION=1.19.3 +ENV NGINX_VERSION=1.19.6 RUN set -x \ && groupadd --system --gid 101 nginx \ From 04a4972bbe5a6fcf7a632ae74b4f79d413f323a7 Mon Sep 17 00:00:00 2001 From: Dean Coakley Date: Thu, 17 Dec 2020 10:29:51 +0000 Subject: [PATCH 2/4] Update NGINX Plus version to R23 * Update AppProtect to 2.2 --- build/DockerfileForPlus | 2 +- build/DockerfileWithOpentracingForPlus | 4 ++-- .../appprotect/DockerfileWithAppProtectForPlus | 18 +++++++++--------- ...DockerfileWithAppProtectForPlusForOpenShift | 16 ++++++++-------- build/openshift/DockerfileForPlus | 2 +- 5 files changed, 21 insertions(+), 21 deletions(-) diff --git a/build/DockerfileForPlus b/build/DockerfileForPlus index bff412b0c..a71c196c0 100644 --- a/build/DockerfileForPlus +++ b/build/DockerfileForPlus @@ -5,7 +5,7 @@ FROM debian:buster-slim AS base LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_PLUS_VERSION 22-1~buster +ENV NGINX_PLUS_VERSION 23-1~buster ARG IC_VERSION # Download certificate and key from the customer portal (https://cs.nginx.com) diff --git a/build/DockerfileWithOpentracingForPlus b/build/DockerfileWithOpentracingForPlus index 4c4202d12..124a5aea9 100644 --- a/build/DockerfileWithOpentracingForPlus +++ b/build/DockerfileWithOpentracingForPlus @@ -13,8 +13,8 @@ RUN set -x \ FROM debian:buster-slim AS base LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_PLUS_VERSION 22-1~buster -ENV NGINX_OPENTRACING_MODULE_VERSION 22+0.9.0-1~buster +ENV NGINX_PLUS_VERSION 23-1~buster +ENV NGINX_OPENTRACING_MODULE_VERSION 23+0.9.0-1~buster ARG IC_VERSION diff --git a/build/appprotect/DockerfileWithAppProtectForPlus b/build/appprotect/DockerfileWithAppProtectForPlus index 309de593e..dbee31304 100644 --- a/build/appprotect/DockerfileWithAppProtectForPlus +++ b/build/appprotect/DockerfileWithAppProtectForPlus @@ -5,14 +5,14 @@ FROM debian:stretch-slim as base LABEL maintainer="NGINX Docker Maintainers " -ENV APPPROTECT_MODULE_VERSION 22+3.216.0-1~stretch -ENV APPPROTECT_PLUGIN_VERSION 3.216.0-1~stretch -ENV APPPROTECT_ENGINE_VERSION 4.40.0-1~stretch -ENV APPPROTECT_COMPILER_VERSION 4.40.0-1~stretch -ENV APPPROTECT_SIG_VERSION 2020.11.16-1~stretch -ENV APPPROTECT_THREAT_CAMPAIGNS_VERSION 2020.11.18-1~stretch -ENV NGINX_PLUS_VERSION 22-1~stretch -ENV NGINX_PLUS_RELEASE R22 +ENV APPPROTECT_MODULE_VERSION 23+3.263.0-1~stretch +ENV APPPROTECT_PLUGIN_VERSION 3.263.0-1~stretch +ENV APPPROTECT_ENGINE_VERSION 5.9.4-1~stretch +ENV APPPROTECT_COMPILER_VERSION 5.9.4-1~stretch +ENV APPPROTECT_SIG_VERSION 2020.12.13-1~stretch +ENV APPPROTECT_THREAT_CAMPAIGNS_VERSION 2020.12.01-1~stretch +ENV NGINX_PLUS_VERSION 23-1~stretch +ENV NGINX_PLUS_RELEASE R23 ARG IC_VERSION # Download certificate and key from the customer portal (https://cs.nginx.com) @@ -74,7 +74,7 @@ RUN ln -sf /proc/1/fd/1 /var/log/nginx/access.log \ && ln -sf /proc/1/fd/1 /var/log/nginx/stream-access.log \ && ln -sf /proc/1/fd/2 /var/log/nginx/error.log -RUN mkdir -p /var/lib/nginx \ +RUN mkdir -p /var/lib/nginx \ /etc/nginx/stream-conf.d \ /etc/nginx/secrets \ /etc/nginx/waf \ diff --git a/build/appprotect/DockerfileWithAppProtectForPlusForOpenShift b/build/appprotect/DockerfileWithAppProtectForPlusForOpenShift index 245c68d98..5590976f0 100644 --- a/build/appprotect/DockerfileWithAppProtectForPlusForOpenShift +++ b/build/appprotect/DockerfileWithAppProtectForPlusForOpenShift @@ -10,13 +10,13 @@ LABEL name="NGINX Ingress Controller" \ maintainer="NGINX Docker Maintainers " \ vendor="NGINX Inc " -ENV APPPROTECT_MODULE_VERSION 22+3.216.0-1.el7.ngx -ENV APPPROTECT_PLUGIN_VERSION 3.216.0-1.el7.ngx -ENV APPPROTECT_ENGINE_VERSION 4.40.3-1.el7.ngx -ENV APPPROTECT_COMPILER_VERSION 4.40.3-1.el7.ngx -ENV APPPROTECT_SIG_VERSION 2020.11.16-1.el7.ngx -ENV APPPROTECT_THREAT_CAMPAIGNS_VERSION 2020.11.18-1.el7.ngx -ENV NGINX_PLUS_VERSION 22-1.el7.ngx +ENV APPPROTECT_MODULE_VERSION 23+3.263.0-1.el7.ngx +ENV APPPROTECT_PLUGIN_VERSION 3.263.0-1.el7.ngx +ENV APPPROTECT_ENGINE_VERSION 5.9.4-1.el7.ngx +ENV APPPROTECT_COMPILER_VERSION 5.9.4-1.el7.ngx +ENV APPPROTECT_SIG_VERSION 2020.12.13-1.el7.ngx +ENV APPPROTECT_THREAT_CAMPAIGNS_VERSION 2020.12.01-1.el7.ngx +ENV NGINX_PLUS_VERSION 23-1.el7.ngx ARG IC_VERSION # Download certificate and key from the customer portal (https://cs.nginx.com) @@ -74,7 +74,7 @@ RUN ln -sf /proc/1/fd/1 /var/log/nginx/access.log \ && ln -sf /proc/1/fd/1 /var/log/nginx/stream-access.log \ && ln -sf /proc/1/fd/2 /var/log/nginx/error.log -RUN mkdir -p /var/lib/nginx \ +RUN mkdir -p /var/lib/nginx \ /etc/nginx/stream-conf.d \ /etc/nginx/secrets \ /etc/nginx/waf \ diff --git a/build/openshift/DockerfileForPlus b/build/openshift/DockerfileForPlus index 3d2322fd9..1c1b4f671 100644 --- a/build/openshift/DockerfileForPlus +++ b/build/openshift/DockerfileForPlus @@ -10,7 +10,7 @@ LABEL name="NGINX Ingress Controller" \ maintainer="NGINX Docker Maintainers " \ vendor="NGINX Inc " -ENV NGINX_PLUS_VERSION 22-1.el8.ngx +ENV NGINX_PLUS_VERSION 23-1.el8.ngx ARG IC_VERSION # Download certificate and key from the customer portal (https://cs.nginx.com) From e1d56b726ac72b27134d4af043c6d0bf090d7fb9 Mon Sep 17 00:00:00 2001 From: Dean Coakley Date: Thu, 17 Dec 2020 10:29:07 +0000 Subject: [PATCH 3/4] Update NGINX versions in tech spec doc --- docs-web/technical-specifications.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs-web/technical-specifications.md b/docs-web/technical-specifications.md index 38f544eca..6d46120d7 100644 --- a/docs-web/technical-specifications.md +++ b/docs-web/technical-specifications.md @@ -11,7 +11,7 @@ We provide the following Docker images, which include NGINX/NGINX Plus bundled w ### Images with NGINX -All images include NGINX 1.19.3. +All images include NGINX 1.19.6. The supported architecture is x86-64. ```eval_rst @@ -25,17 +25,17 @@ The supported architecture is x86-64. - DockerHub image * - Debian-based image - ``Dockerfile`` - - ``nginx:1.19.3``, which is based on ``debian:buster-slim`` + - ``nginx:1.19.6``, which is based on ``debian:buster-slim`` - - ``nginx/nginx-ingress:1.9.1`` * - Alpine-based image - ``DockerfileForAlpine`` - - ``nginx:1.19.3-alpine``, which is based on ``alpine:3.10`` + - ``nginx:1.19.6-alpine``, which is based on ``alpine:3.10`` - - ``nginx/nginx-ingress:1.9.1-alpine`` * - Debian-based image with Opentracing - ``DockerfileWithOpentracing`` - - ``nginx:1.19.3``, which is based on ``debian:buster-slim`` + - ``nginx:1.19.6``, which is based on ``debian:buster-slim`` - OpenTracing API for C++ 1.5.1, NGINX plugin for OpenTracing, C++ OpenTracing binding for Jaeger 0.4.2 - * - Ubi-based image @@ -48,7 +48,7 @@ The supported architecture is x86-64. ### Images with NGINX Plus -All images include NGINX Plus R22. +All images include NGINX Plus R23. The supported architecture is x86-64. NGINX Plus images are not available through DockerHub. From f740b944445b011aef579f279c3bdb2a675d7149 Mon Sep 17 00:00:00 2001 From: Dean Coakley Date: Fri, 18 Dec 2020 15:06:11 +0000 Subject: [PATCH 4/4] Fix NAP test to not create duplicate headers --- tests/suite/test_app_protect_integration.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suite/test_app_protect_integration.py b/tests/suite/test_app_protect_integration.py index 17b14d607..f9b0ad5d7 100644 --- a/tests/suite/test_app_protect_integration.py +++ b/tests/suite/test_app_protect_integration.py @@ -335,9 +335,9 @@ def test_ap_sec_logs_on( print("----------------------- Send valid request ----------------------") headers = { - "host": ingress_host, - "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0" - } + "Host": ingress_host, + "User-Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0" + } response = requests.get( appprotect_setup.req_url, headers=headers, verify=False )