diff --git a/README.md b/README.md index 19aa64f9..03dd48d9 100644 --- a/README.md +++ b/README.md @@ -70,9 +70,9 @@ Dockerfile.buildkit.plus Dockerfile with the same configuration as Docke with support for hiding secrets using Docker's Buildkit Dockerfile.latest-njs Dockerfile that inherits from the last build of the gateway and then builds and installs the latest version of njs from source -Dockerfile.latest-unpriviledged Dockerfiles that inherits from the last build of the gateway and +Dockerfile.unprivileged Dockerfiles that inherits from the last build of the gateway and makes the necessary modifications to allow running the container - as a non root, unpriviledged user. + as a non root, unprivileged user. settings.example Docker env file example standalone_ubuntu_oss_install.sh install script that will install the gateway as a Systemd service test.sh test launcher diff --git a/common/etc/nginx/templates/default.conf.template b/common/etc/nginx/templates/default.conf.template index 24fae2bb..76a4b90b 100644 --- a/common/etc/nginx/templates/default.conf.template +++ b/common/etc/nginx/templates/default.conf.template @@ -30,6 +30,13 @@ server { # information that could be used to find an exploit. server_tokens off; + # Normalize location path. Remove instances of double/multipe forward slashes. + # Disabling merge_slashes is necessary for this feature to work. + # Disabling port redirection to avoid broken URLs in bridged hosts + port_in_redirect off; + merge_slashes off; + rewrite (.*?)//+(.*) $1/$2 redirect; + # Uncomment this for a HTTP header that will let you know the cache status # of an object. # add_header X-Cache-Status $upstream_cache_status; diff --git a/docs/development.md b/docs/development.md index af29ca65..68051e32 100644 --- a/docs/development.md +++ b/docs/development.md @@ -44,5 +44,5 @@ If you invoke the test script with a plus parameter, you will need to add your NGINX repository keys to the `plus/etc/ssl/nginx` directory ``` -$ ./test.sh +$ ./test.sh ``` diff --git a/docs/getting_started.md b/docs/getting_started.md index 07628cf5..eaf97b73 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -148,15 +148,15 @@ docker run --env-file ./settings --publish 80:80 --name nginx-s3-gateway \ nginx-s3-gateway:oss ``` -In the same way, if you want to use NGINX OSS container image as a non-root, unpriviledged user, +In the same way, if you want to use NGINX OSS container image as a non-root, unprivileged user, you can build it as follows: ``` -docker build --file Dockerfile.latest-unpriviledged --tag nginx-s3-gateway --tag nginx-s3-gateway:latest-unpriviledged-oss . +docker build --file Dockerfile.unprivileged --tag nginx-s3-gateway --tag nginx-s3-gateway:unprivileged-oss . ``` And run the image binding the container port 8080 to 80 in the host like: ``` docker run --env-file ./settings --publish 80:8080 --name nginx-s3-gateway \ - nginx-s3-gateway:latest-unpriviledged-oss + nginx-s3-gateway:unprivileged-oss ``` ### Building the NGINX Plus Container Image