Skip to content

docs(deployment): pin nginx image version in SSL docker-compose example#225

Open
andrerfneves wants to merge 1 commit into
mainfrom
maintenance/pin-nginx-compose-image-20260629
Open

docs(deployment): pin nginx image version in SSL docker-compose example#225
andrerfneves wants to merge 1 commit into
mainfrom
maintenance/pin-nginx-compose-image-20260629

Conversation

@andrerfneves

Copy link
Copy Markdown
Owner

Summary

Pins the nginx image from the floating :alpine tag to nginx:1.25-alpine in the SSL/TLS production docker-compose example in DEPLOYMENT_DOCKER.md.

Why

The example used image: nginx:alpine, a floating tag that follows the latest stable nginx release. This means:

  • A new nginx major version could ship and break the setup without any code changes
  • Two developers building on different days could get different nginx versions in their compose setup
  • Reproducible deployments require deterministic base images

Consistency

This change is consistent with:

  • PR build: pin nginx base image version for reproducible builds #220 — Pins FROM nginx:alpine to FROM nginx:1.25-alpine in the project Dockerfile (same version, same reasoning)
  • Security Considerations section — The same file already recommends using specific image tags (FROM nginx:1.25-alpine), but the docker-compose example itself didn't follow this guidance

Changes

  • DEPLOYMENT_DOCKER.md: Changed image: nginx:alpineimage: nginx:1.25-alpine in the SSL/TLS docker-compose example

Test Plan

The SSL/TLS production docker-compose example used image: nginx:alpine,
a floating tag that follows the latest stable nginx release. This means:

- A new nginx major version could ship and break the setup without any
  code changes
- Two developers building on different days could get different nginx
  versions
- The Security Considerations section already recommends using specific
  image tags (nginx:1.25-alpine), but the example itself didn't follow
  this recommendation

Pinning to nginx:1.25-alpine is consistent with:
- PR #220 which pins FROM nginx:alpine to nginx:1.25-alpine in the
  Dockerfile
- The 'Use specific image tags' guidance in the Security Considerations
  section of this same file

It tracks patch releases within a stable series while preventing
unexpected major version jumps.
@vercel

vercel Bot commented Jun 29, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
lightning-decoder Ready Ready Preview, Comment Jun 29, 2026 10:06pm

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 11ad828780

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread DEPLOYMENT_DOCKER.md

nginx:
image: nginx:alpine
image: nginx:1.25-alpine

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Pin a supported nginx release for production

For production users who copy this SSL/TLS compose example, this pins nginx to the old 1.25 branch; as of the current NGINX release listings, supported stable/mainline releases have moved past 1.25, so this change freezes deployments away from later security fixes that nginx:alpine would have picked up. Please pin a currently supported tag/digest and document an update cadence rather than recommending an EOL branch in the production example.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant