From c9977dba375d28e4e18a4ac11e1249f434aaf5f2 Mon Sep 17 00:00:00 2001
From: Eric Nemchik <eric@nemchik.com>
Date: Sun, 14 Aug 2022 20:46:28 -0500
Subject: [PATCH 1/5] Notification: Significant changes to nginx based images

---
 content/issues/2022-08-20-nginx-base.md | 106 ++++++++++++++++++++++++
 1 file changed, 106 insertions(+)
 create mode 100644 content/issues/2022-08-20-nginx-base.md

diff --git a/content/issues/2022-08-20-nginx-base.md b/content/issues/2022-08-20-nginx-base.md
new file mode 100644
index 00000000..aac2293a
--- /dev/null
+++ b/content/issues/2022-08-20-nginx-base.md
@@ -0,0 +1,106 @@
+---
+title: 'Notification: Significant changes to nginx based images'
+date: '2022-20-05 18:00:00Z'
+informational: true
+affected:
+  - 'Notifications'
+  - 'bookstack'
+  - 'cops'
+  - 'diskover'
+  - 'dokuwiki'
+  - 'freshrss'
+  - 'grav'
+  - 'grocy'
+  - 'heimdall'
+  - 'librespeed'
+  - 'lychee'
+  - 'muximux'
+  - 'nextcloud'
+  - 'nginx'
+  - 'photoshow'
+  - 'phpmyadmin'
+  - 'piwigo'
+  - 'pixapop'
+  - 'projectsend'
+  - 'snapdrop'
+  - 'snipe-it'
+  - 'swag'
+  - 'xbackbone'
+section: 'issue'
+---
+Most images using our alpine-nginx base image have been updated to alpine 3.15 with php8 and some significant changes to the nginx configs.
+
+Changes you will likely notice:
+
+- Bring our default shipped configs as close as possible to alpine upstream defaults
+  - <https://git.alpinelinux.org/aports/tree/main/nginx/nginx.conf?h=3.15-stable>
+- Include `worker_processes.conf` and init script to generate it in the base
+- Include `resolver.conf` and init script to generate it in the base
+- Include `ssl.conf` in the base (the same as what is currently shipped in SWAG, but adjusted to use the self-signed certs generated by the base)
+- `include /config/nginx/site-confs/*.conf;` with `*.conf` extension (rename existing user files automatically)
+- Rework `default.conf`
+  - Expect applications inside containers to exist at `/app/www/public/`, and if that does not exist, use `/config/www`
+  - Include ipv6 support
+  - deny access to `.htaccess`/`.htpasswd` files
+  - adjust php location and `fastcgi_params` to use `PATH_INFO` and mitigate `HTTP_PROXY` vulnerability
+- Restructure nginx configs
+  - Configs in `/defaults/nginx/` are recursively copied to the user's `/config/nginx/` (maintaining the structure)
+  - All configs are now named `*.sample` and all include `## Version YYYY/MM/DD - Changelog: <url to repo history>` used by `/etc/cont-init.d/85-version-checks`
+    - Required configs (`/config/nginx/nginx.conf`, `/config/nginx/server-confs/ssl.conf` and `/config/nginx/site-confs/default.conf`) are enabled by default. Downstream images can include and/or enable others as needed (ex: SWAG will enable `/config/nginx/location-confs/proxy.conf` and `/config/nginx/server-confs/502.conf`)
+  - Folder structure is as follows (in the `/config/nginx/` context):
+    - All nginx based images:
+      - Includes `nginx.conf` (enabled by default)
+      - Includes `resolver.conf` (enabled by default)
+      - Includes `ssl.conf` (enabled by default)
+      - Includes `worker_processes.conf` (enabled by default)
+      - `/config/nginx/site-confs/*` included inside the `http` context in `/config/nginx/nginx.conf`
+        - Includes `default.conf` (enabled by default)
+    - SWAG:
+      - Includes `502.conf` (enabled by default)
+      - Includes `authelia-location.conf`
+      - Includes `authelia-server.conf`
+      - Includes `ldap-location.conf`
+      - Includes `ldap-server.conf`
+      - Includes `proxy.conf` (enabled by default)
+
+Under the hood:
+
+- Split out init scripts
+  - `root/migrations/01-nginx-site-confs-default` migrate existing `default` to `default.conf`
+  - `root/etc/cont-init.d/11-folders` creates all the folders needed in `/config`
+  - `root/etc/cont-init.d/12-samples` removes existing `*.sample` files from `/config/nginx` and copies any included `*.sample` files from the image
+  - `root/etc/cont-init.d/13-nginx` enable required configs (`nginx.conf`, `ssl.conf` and `default.conf`) if they don't exist, setup `dhparams.pem`, setup `resolver.conf`, setup `worker_processes.conf`
+  - `root/etc/cont-init.d/14-php` configure php
+  - `root/etc/cont-init.d/15-keygen` create self signed certificates for `ssl.conf`
+  - `root/etc/cont-init.d/20-permissions` set `/config` permissions
+  - `root/etc/cont-init.d/85-version-checks` check all enabled `*.conf` files against all `*.sample` files shipped with the image and alert the user about updates
+
+Status of affected images:
+
+| Image | Branch | PR | Notes |
+|---|---|---|---|
+| baseimage-alpine-nginx | master | <https://github.com/linuxserver/docker-baseimage-alpine-nginx/pull/84> |  |
+| bookstack | master | <https://github.com/linuxserver/docker-bookstack/pull/113> |  |
+| cops | master | <https://github.com/linuxserver/docker-cops/pull/34> | composer dependencies not compatible with php8 |
+| diskover | master | <https://github.com/linuxserver/docker-diskover/pull/43> |  |
+| dokuwiki | master | <https://github.com/linuxserver/docker-dokuwiki/pull/43> |  |
+| freshrss | master | <https://github.com/linuxserver/docker-freshrss/pull/40> |  |
+| grav | main | <https://github.com/linuxserver/docker-grav/pull/9> |  |
+| grocy | master | <https://github.com/linuxserver/docker-grocy/pull/52> |  |
+| heimdall | main | <https://github.com/linuxserver/docker-heimdall/pull/79> |  |
+| librespeed | master | <https://github.com/linuxserver/docker-librespeed/pull/15> |  |
+| lychee | master | <https://github.com/linuxserver/docker-lychee/pull/51> | composer dependencies not compatible with php8 |
+| muximux | master | <https://github.com/linuxserver/docker-muximux/pull/26> |  |
+| nextcloud | master | <https://github.com/linuxserver/docker-nextcloud/pull/219> |  |
+| nginx | master | <https://github.com/linuxserver/docker-nginx/pull/79> |  |
+| photoshow | master | <https://github.com/linuxserver/docker-photoshow/pull/28> | uses deprecated function [get_magic_quotes_gpc](https://www.php.net/manual/en/function.get-magic-quotes-gpc.php), not compatible with php8 |
+| phpmyadmin | main | <https://github.com/linuxserver/docker-phpmyadmin/pull/3> |  |
+| piwigo | master | <https://github.com/linuxserver/docker-piwigo/pull/49> |  |
+| pixapop | master | <https://github.com/linuxserver/docker-pixapop/pull/11> | composer dependencies not compatible with php8 |
+| projectsend | master | <https://github.com/linuxserver/docker-projectsend/pull/22> |  |
+| snapdrop | master | <https://github.com/linuxserver/docker-snapdrop/pull/6> |  |
+| snipe-it | master | <https://github.com/linuxserver/docker-snipe-it/pull/28> |  |
+| swag | master | <https://github.com/linuxserver/docker-swag/pull/169> |  |
+| xbackbone | main | <https://github.com/linuxserver/docker-xbackbone/pull/5> |  |
+
+Any images with notes above may not be merged. We will make efforts to update this page if any of the images with notes above are merged at a later date. We may also make individual announcements about status updates regarding these images.

From beae6f94c0df5bfd68d21f678291465817feed15 Mon Sep 17 00:00:00 2001
From: Eric Nemchik <eric@nemchik.com>
Date: Mon, 15 Aug 2022 06:58:26 -0500
Subject: [PATCH 2/5] Update 2022-08-20-nginx-base.md

---
 content/issues/2022-08-20-nginx-base.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/issues/2022-08-20-nginx-base.md b/content/issues/2022-08-20-nginx-base.md
index aac2293a..1408571d 100644
--- a/content/issues/2022-08-20-nginx-base.md
+++ b/content/issues/2022-08-20-nginx-base.md
@@ -28,7 +28,7 @@ affected:
   - 'xbackbone'
 section: 'issue'
 ---
-Most images using our alpine-nginx base image have been updated to alpine 3.15 with php8 and some significant changes to the nginx configs.
+Most images using our alpine-nginx base image are being updated to alpine 3.15 with php8 and some significant changes to the nginx configs.
 
 Changes you will likely notice:
 

From 036703d768db7b19a8f6ad88973e6968746ffded Mon Sep 17 00:00:00 2001
From: Eric Nemchik <eric@nemchik.com>
Date: Mon, 15 Aug 2022 08:12:36 -0500
Subject: [PATCH 3/5] Update 2022-08-20-nginx-base.md

---
 content/issues/2022-08-20-nginx-base.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/issues/2022-08-20-nginx-base.md b/content/issues/2022-08-20-nginx-base.md
index 1408571d..372a17de 100644
--- a/content/issues/2022-08-20-nginx-base.md
+++ b/content/issues/2022-08-20-nginx-base.md
@@ -26,7 +26,7 @@ affected:
   - 'snipe-it'
   - 'swag'
   - 'xbackbone'
-section: 'issue'
+section: 'Notifications'
 ---
 Most images using our alpine-nginx base image are being updated to alpine 3.15 with php8 and some significant changes to the nginx configs.
 

From 4a6e0856a5538f909c650025cb56a38a82b23bb4 Mon Sep 17 00:00:00 2001
From: Eric Nemchik <eric@nemchik.com>
Date: Sat, 20 Aug 2022 09:04:26 -0500
Subject: [PATCH 4/5] Update 2022-08-20-nginx-base.md

---
 content/issues/2022-08-20-nginx-base.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/issues/2022-08-20-nginx-base.md b/content/issues/2022-08-20-nginx-base.md
index 372a17de..c116c153 100644
--- a/content/issues/2022-08-20-nginx-base.md
+++ b/content/issues/2022-08-20-nginx-base.md
@@ -94,7 +94,7 @@ Status of affected images:
 | nextcloud | master | <https://github.com/linuxserver/docker-nextcloud/pull/219> |  |
 | nginx | master | <https://github.com/linuxserver/docker-nginx/pull/79> |  |
 | photoshow | master | <https://github.com/linuxserver/docker-photoshow/pull/28> | uses deprecated function [get_magic_quotes_gpc](https://www.php.net/manual/en/function.get-magic-quotes-gpc.php), not compatible with php8 |
-| phpmyadmin | main | <https://github.com/linuxserver/docker-phpmyadmin/pull/3> |  |
+| phpmyadmin | main | <https://github.com/linuxserver/docker-phpmyadmin/pull/12> |  |
 | piwigo | master | <https://github.com/linuxserver/docker-piwigo/pull/49> |  |
 | pixapop | master | <https://github.com/linuxserver/docker-pixapop/pull/11> | composer dependencies not compatible with php8 |
 | projectsend | master | <https://github.com/linuxserver/docker-projectsend/pull/22> |  |

From c282421ab5c45ae29ade7428cd03859df0ea7313 Mon Sep 17 00:00:00 2001
From: Eric Nemchik <eric@nemchik.com>
Date: Sat, 20 Aug 2022 10:20:10 -0500
Subject: [PATCH 5/5] Update 2022-08-20-nginx-base.md

---
 content/issues/2022-08-20-nginx-base.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/issues/2022-08-20-nginx-base.md b/content/issues/2022-08-20-nginx-base.md
index c116c153..c9c3f7d9 100644
--- a/content/issues/2022-08-20-nginx-base.md
+++ b/content/issues/2022-08-20-nginx-base.md
@@ -1,6 +1,6 @@
 ---
 title: 'Notification: Significant changes to nginx based images'
-date: '2022-20-05 18:00:00Z'
+date: '2022-08-20 18:00:00Z'
 informational: true
 affected:
   - 'Notifications'