From 2ad4fd500a97887eaf3c66084584b79a4993e9d4 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 22 Sep 2023 17:05:00 +0200 Subject: [PATCH] Add community related docs --- .github/ISSUE_TEMPLATE/bug_report.md | 12 +++---- .github/ISSUE_TEMPLATE/feature_request.md | 6 ++-- .github/ISSUE_TEMPLATE/security_report.md | 8 ++--- .github/SECURITY.md | 19 ------------ .github/pull_request_template.md | 8 ++--- CODE_OF_CONDUCT.md | 2 +- CONTRIBUTING.md | 4 +-- README.md | 21 ++++++++++--- SECURITY.md | 38 +++++++++++++++++++++++ SUPPORT.md | 37 ++++++++++++++++++++++ 10 files changed, 111 insertions(+), 44 deletions(-) delete mode 100644 .github/SECURITY.md create mode 100644 SECURITY.md create mode 100644 SUPPORT.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index b3a72cd..d67363b 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -1,9 +1,9 @@ --- name: Bug report about: Create a bug report to help us improve -title: '' -labels: '' -assignees: '' +title: "" +labels: "" +assignees: "" --- ### Describe the bug @@ -23,9 +23,9 @@ A clear and concise description of what you expected to happen. ### Your environment -- Version of Docker -- Version of the NGINX Unprivileged Docker image -- Target deployment environment/platform +- Version of Docker and method of installation (e.g. Docker Desktop / Docker Server) +- Version/tag of the NGINX Unprivileged Docker image (e.g. `nginxinc/nginx-unprivileged:alpine`) +- Target deployment environment/platform (e.g. OpenShift / Kubernetes / Docker Compose / etc...) ### Additional context diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index d27aba8..bb6fb0f 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -1,9 +1,9 @@ --- name: Feature request about: Suggest an idea for this project -title: '' -labels: '' -assignees: '' +title: "" +labels: "" +assignees: "" --- ### Is your feature request related to a problem? Please describe diff --git a/.github/ISSUE_TEMPLATE/security_report.md b/.github/ISSUE_TEMPLATE/security_report.md index 60c33dd..0e79284 100644 --- a/.github/ISSUE_TEMPLATE/security_report.md +++ b/.github/ISSUE_TEMPLATE/security_report.md @@ -1,9 +1,9 @@ --- name: Security report about: Create a security report to help us improve -title: '' -labels: '' -assignees: '' +title: "" +labels: "" +assignees: "" --- ### Describe the bug @@ -24,4 +24,4 @@ Steps to reproduce the behavior: ### Additional context -Does this security vulnerability relate to one of the NGINX libraries specified in the [`SECURITY`](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/.github/SECURITY.md) doc? +Does this security vulnerability relate to one of the NGINX libraries specified in the [`SECURITY`](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/SECURITY.md) doc? diff --git a/.github/SECURITY.md b/.github/SECURITY.md deleted file mode 100644 index a224591..0000000 --- a/.github/SECURITY.md +++ /dev/null @@ -1,19 +0,0 @@ -# Security Policy - -## Reporting a Vulnerability - -If you find a security vulnerability that directly affects the Docker NGINX Unprivileged image we encourage you open an issue detailing the security vulnerability. **Do note that only vulnerabilities related to direct NGINX library dependencies will be considered. Other security vulnerabilities should be addressed by the weekly Monday night build and as such will be promptly closed.** For reference, the direct NGINX library dependencies are: - -* For Debian: - * `libc6` - * `libcrypt1` - * `libpcre2` - * `libssl` - * `zlib1g` - -* For Alpine Linux: - * `libc` - * `libcrypto` - * `libpcre2` - * `libssl` - * `libz` diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 9b1238d..a054d33 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -4,9 +4,9 @@ Describe the use case and detail of the change. If this PR addresses an issue on ### Checklist -Before creating a PR, run through this checklist and mark each as complete. +Before creating a PR, run through this checklist and mark each as complete: -- [ ] I have read the [`CONTRIBUTING`](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/CONTRIBUTING.md) document. -- [ ] I have tested that the NGINX Unprivileged Docker images build correctly on all supported platforms (check out the [`README`](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/README.md) for more details). -- [ ] I have deployed the NGINX Unprivileged Docker images on an unprivileged environment and checked that they run correctly. +- [ ] I have read the [`CONTRIBUTING`](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/CONTRIBUTING.md) document +- [ ] I have run `./update.sh` and ensured all entrypoint/Dockerfile template changes have been applied to the relevant image entrypoint scripts & Dockerfiles +- [ ] I have tested that the NGINX Unprivileged Docker images build and run correctly on all supported architectures on an unprivileged environment (check out the [`README`](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/README.md) for more details) - [ ] I have updated any relevant documentation ([`README`](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/README.md)) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 1cbfc7a..7a1962b 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -55,7 +55,7 @@ further defined and clarified by project maintainers. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the project team at nginx@nginx.org. All +reported by contacting the project team at . All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d2befb2..bcce76a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -34,7 +34,7 @@ To report a bug, open an issue on GitHub with the label `bug` using the availabl ### Report a Security vulnerability -To report a secuirty vulnerability, open an issue on GitHub with the label `security` using the available security report issue template. Please ensure the security vulnerability directly impacts one of the NGINX dependencies listed in the [`SECURITY`](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/.github/SECURITY.md) doc. Other security vulnerabilities should be addressed by the weekly Monday night build and as such will be promptly closed. +To report a security vulnerability, open an issue on GitHub with the label `security` using the available security report issue template. Please ensure the security vulnerability directly impacts one of the NGINX dependencies listed in the [`SECURITY`](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/.github/SECURITY.md) doc. Other security vulnerabilities should be addressed by the weekly Monday night build and as such will be promptly closed. ### Suggest a Feature or Enhancement @@ -54,7 +54,7 @@ Note: if you'd like to implement a new feature, please consider creating a featu Given this repository is a mirror image of the upstream [Docker NGINX image](https://github.com/nginxinc/docker-nginx), only two types of PRs will be considered: 1. PRs that incorporate changes made to upstream images (e.g. there's a new NGINX release). -2. PRs that add a critical feature or a nice-to-have enhancement for running these images on an unprivileged environment (e.g. allowing users specify the UID/GUI of the image user). +2. PRs that add a critical feature or a nice-to-have enhancement for running these images on an unprivileged environment (e.g. allowing users specify to the UID/GID of the image user). ### Git Guidelines diff --git a/README.md b/README.md index 1e7bbee..6dd5ea2 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,14 @@ [![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active) +[![Community Support](https://badgen.net/badge/support/community/cyan?icon=awesome)](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/SUPPORT.md) # NGINX Unprivileged Docker Image This repo contains a series of Dockerfiles to create an NGINX Docker image that runs NGINX as a non root, unprivileged user. Notable differences with respect to the official NGINX Docker image include: -* The default NGINX listen port is now `8080` instead of `80` (this is no longer necessary as of Docker `20.03` but it's still required in other container runtimes). -* The default NGINX user directive in `/etc/nginx/nginx.conf` has been removed. -* The default NGINX PID has been moved from `/var/run/nginx.pid` to `/tmp/nginx.pid`. -* Change `*_temp_path` variables to `/tmp/*`. +* The default NGINX listen port is now `8080` instead of `80` (this is no longer necessary as of Docker `20.03` but it's still required in other container runtimes) +* The default NGINX user directive in `/etc/nginx/nginx.conf` has been removed +* The default NGINX PID has been moved from `/var/run/nginx.pid` to `/tmp/nginx.pid` +* Change `*_temp_path` variables to `/tmp/*` New images are built and pushed to on a weekly basis (every Monday night). @@ -25,10 +26,20 @@ You can find built images in the following registries: * Docker Hub - * GitHub Container Registry - -### Platforms +### Architectures Most images are built for the `amd64`, `arm32v5` (for Debian), `arm32v6` (for Alpine), `arm32v7`, `arm64v8`, `i386`, `mips64le` (for Debian), `ppc64le` and `s390x` architectures. ## Common Issues * If you override the default `nginx.conf` file you may receive the message `nginx: [emerg] open() "/var/run/nginx.pid" failed (13: Permission denied)`, in this case you have to add the line `pid /tmp/nginx.pid` into your config. + +## Contributing + +Please see the [contributing guide](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/CONTRIBUTING.md) for guidelines on how to best contribute to this project. + +## License + +[Apache License, Version 2.0](https://github.com/nginxinc/ansible-role-nginx/blob/main/LICENSE) + +© [F5, Inc.](https://www.f5.com/) 2023 diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..75d58e3 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,38 @@ +# Security Policy + +## Latest Versions + +We advise users to run or update to the most recent release of the NGINX Docker Unprivileged image. Older versions of the NGINX Docker Unprivileged image may not have all enhancements and/or bug fixes applied to them. + +## Reporting a Vulnerability + +### Docker NGINX Unprivileged Image + +If you find a security vulnerability that directly affects a direct NGINX library dependency we encourage you open an issue detailing the security vulnerability. + +For reference, the direct NGINX library dependencies are: + +- For Debian: + - `libc6` + - `libcrypt1` + - `libpcre2` + - `libssl` + - `zlib1g` + +- For Alpine Linux: + - `libc` + - `libcrypto` + - `libpcre2` + - `libssl` + - `libz` + +***Note: Only vulnerabilities related to direct NGINX library dependencies will be considered. Other security vulnerabilities should be addressed by the weekly Monday night build and as such will be promptly closed.*** + +### Codebase + +If you find a security vulnerability that affects the codebase, we encourage you to report it to the F5 Security Incident Response Team (F5 SIRT): + +- If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/services/support). +- If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities with any F5 product to the F5 Security Incident Response Team at . + +For more information visit [https://www.f5.com/services/support/report-a-vulnerability](https://www.f5.com/services/support/report-a-vulnerability). diff --git a/SUPPORT.md b/SUPPORT.md new file mode 100644 index 0000000..bbcd998 --- /dev/null +++ b/SUPPORT.md @@ -0,0 +1,37 @@ +# Support + +## Ask a Question + +We use GitHub for tracking bugs and feature requests related to all the Docker NGINX images (including all variants and container registries). + +Don't know how something in this project works? Curious if this project can achieve your desired functionality? Please open an issue on GitHub with the label `question`. + +## NGINX Specific Questions and/or Issues + +This isn't the right place to get support for NGINX specific questions, but the following resources are available below. Thanks for your understanding! + +### Community Slack + +We have a community [Slack](https://nginxcommunity.slack.com/)! + +If you are not a member, click [here](https://community.nginx.org/joinslack) to sign up (and let us know if the link does not seem to be working!) + +Once you join, check out the `#beginner-questions` and `nginx-users` channels :) + +### Documentation + +For a comprehensive list of all NGINX directives, check out . + +For a comprehensive list of admin and deployment guides for all NGINX products, check out . + +### Mailing List + +Want to get in touch with the NGINX development team directly? Try using the relevant mailing list found at ! + +## Contributing + +Please see the [contributing guide](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/CONTRIBUTING.md) for guidelines on how to best contribute to this project. + +## Commercial Support + +Commercial support for this project may be available. Please get in touch with [NGINX sales](https://www.nginx.com/contact-sales/) or check your contract details for more info!