docs(deployment): pin nginx image version in SSL docker-compose example#225
docs(deployment): pin nginx image version in SSL docker-compose example#225andrerfneves wants to merge 1 commit into
Conversation
The SSL/TLS production docker-compose example used image: nginx:alpine, a floating tag that follows the latest stable nginx release. This means: - A new nginx major version could ship and break the setup without any code changes - Two developers building on different days could get different nginx versions - The Security Considerations section already recommends using specific image tags (nginx:1.25-alpine), but the example itself didn't follow this recommendation Pinning to nginx:1.25-alpine is consistent with: - PR #220 which pins FROM nginx:alpine to nginx:1.25-alpine in the Dockerfile - The 'Use specific image tags' guidance in the Security Considerations section of this same file It tracks patch releases within a stable series while preventing unexpected major version jumps.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 11ad828780
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| nginx: | ||
| image: nginx:alpine | ||
| image: nginx:1.25-alpine |
There was a problem hiding this comment.
Pin a supported nginx release for production
For production users who copy this SSL/TLS compose example, this pins nginx to the old 1.25 branch; as of the current NGINX release listings, supported stable/mainline releases have moved past 1.25, so this change freezes deployments away from later security fixes that nginx:alpine would have picked up. Please pin a currently supported tag/digest and document an update cadence rather than recommending an EOL branch in the production example.
Useful? React with 👍 / 👎.
Summary
Pins the nginx image from the floating
:alpinetag tonginx:1.25-alpinein the SSL/TLS production docker-compose example inDEPLOYMENT_DOCKER.md.Why
The example used
image: nginx:alpine, a floating tag that follows the latest stable nginx release. This means:Consistency
This change is consistent with:
FROM nginx:alpinetoFROM nginx:1.25-alpinein the project Dockerfile (same version, same reasoning)FROM nginx:1.25-alpine), but the docker-compose example itself didn't follow this guidanceChanges
DEPLOYMENT_DOCKER.md: Changedimage: nginx:alpine→image: nginx:1.25-alpinein the SSL/TLS docker-compose exampleTest Plan