update alpine/php logs/enable ssl_early_data

renovate[bot] · Zoey2936 · commit 11c61c195cf7 · 2024-01-27T12:52:20.000+01:00
Signed-off-by: Zoey &lt;zoey@z0ey.de&gt;
diff --git a/Caddy.Dockerfile b/Caddy.Dockerfile
@@ -1,6 +1,6 @@
 FROM caddy:2.7.6 as caddy
 
-FROM alpine:3.19.0
+FROM alpine:3.19.1
 RUN apk add --no-cache ca-certificates tzdata
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 COPY Caddyfile /etc/caddy/Caddyfile
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM --platform="$BUILDPLATFORM" alpine:3.19.0 as frontend
+FROM --platform="$BUILDPLATFORM" alpine:3.19.1 as frontend
 COPY frontend                        /build/frontend
 COPY global/certbot-dns-plugins.json /build/frontend/certbot-dns-plugins.json
 ARG NODE_ENV=production \
@@ -12,7 +12,7 @@ COPY darkmode.css /build/frontend/dist/css/darkmode.css
 COPY security.txt /build/frontend/dist/.well-known/security.txt
 
 
-FROM --platform="$BUILDPLATFORM" alpine:3.19.0 as backend
+FROM --platform="$BUILDPLATFORM" alpine:3.19.1 as backend
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 COPY backend                         /build/backend
 COPY global/certbot-dns-plugins.json /build/backend/certbot-dns-plugins.json
@@ -30,7 +30,7 @@ RUN apk add --no-cache ca-certificates nodejs-current yarn && \
     yarn cache clean --all
 
 
-FROM --platform="$BUILDPLATFORM" alpine:3.19.0 as crowdsec
+FROM --platform="$BUILDPLATFORM" alpine:3.19.1 as crowdsec
 
 ARG CSNB_VER=v1.0.6-rc5
 
@@ -48,13 +48,13 @@ RUN apk add --no-cache ca-certificates git build-base && \
     sed -i "s|BAN_TEMPLATE_PATH=.*|BAN_TEMPLATE_PATH=/data/etc/crowdsec/ban.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \
     sed -i "s|CAPTCHA_TEMPLATE_PATH=.*|CAPTCHA_TEMPLATE_PATH=/data/etc/crowdsec/captcha.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf
 
-FROM zoeyvid/nginx-quic:243
+FROM zoeyvid/nginx-quic:247
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 
 ARG CRS_VER=v4.0/dev
 
 COPY rootfs /
-COPY --from=zoeyvid/certbot-docker:19  /usr/local          /usr/local
+COPY --from=zoeyvid/certbot-docker:20  /usr/local          /usr/local
 COPY --from=zoeyvid/curl-quic:364      /usr/local/bin/curl /usr/local/bin/curl
 
 RUN apk add --no-cache ca-certificates tzdata tini \
diff --git a/rootfs/usr/local/bin/start.sh b/rootfs/usr/local/bin/start.sh
@@ -278,6 +278,7 @@ if [ "$PHP81" = "true" ]; then
     mkdir -vp /data/php
     cp -vrnT /etc/php81 /data/php/81
     sed -i "s|listen =.*|listen = /run/php81.sock|" /data/php/81/php-fpm.d/www.conf
+    sed -i "s|;error_log =|error_log = /proc/self/fd/2|g" /data/php/81/php-fpm.conf
     sed -i "s|include=.*|include=/data/php/81/php-fpm.d/*.conf|g" /data/php/81/php-fpm.conf
 
 elif [ "$FULLCLEAN" = "true" ]; then
@@ -310,6 +311,7 @@ if [ "$PHP82" = "true" ]; then
     mkdir -vp /data/php
     cp -vrnT /etc/php82 /data/php/82
     sed -i "s|listen =.*|listen = /run/php82.sock|" /data/php/82/php-fpm.d/www.conf
+    sed -i "s|;error_log =|error_log = /proc/self/fd/2|g" /data/php/82/php-fpm.conf
     sed -i "s|include=.*|include=/data/php/82/php-fpm.d/*.conf|g" /data/php/82/php-fpm.conf
 
 elif [ "$FULLCLEAN" = "true" ]; then
@@ -342,6 +344,7 @@ if [ "$PHP83" = "true" ]; then
     mkdir -vp /data/php
     cp -vrnT /etc/php83 /data/php/83
     sed -i "s|listen =.*|listen = /run/php83.sock|" /data/php/83/php-fpm.d/www.conf
+    sed -i "s|;error_log =|error_log = /proc/self/fd/2|g" /data/php/83/php-fpm.conf
     sed -i "s|include=.*|include=/data/php/83/php-fpm.d/*.conf|g" /data/php/83/php-fpm.conf
 
 elif [ "$FULLCLEAN" = "true" ]; then
diff --git a/rootfs/usr/local/nginx/conf/conf.d/include/proxy-location.conf b/rootfs/usr/local/nginx/conf/conf.d/include/proxy-location.conf
@@ -6,6 +6,7 @@ proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header Accept-Encoding "";
 proxy_set_header Host $host;
 
+proxy_set_header Early-Data $ssl_early_data;
 proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
 proxy_ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
 
diff --git a/rootfs/usr/local/nginx/conf/conf.d/include/proxy.conf b/rootfs/usr/local/nginx/conf/conf.d/include/proxy.conf
@@ -6,6 +6,7 @@ proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header Accept-Encoding "";
 proxy_set_header Host $host;
 
+proxy_set_header Early-Data $ssl_early_data;
 proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
 proxy_ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
 
diff --git a/rootfs/usr/local/nginx/conf/conf.d/include/tls-ciphers.conf b/rootfs/usr/local/nginx/conf/conf.d/include/tls-ciphers.conf
@@ -1,3 +1,5 @@
+ssl_early_data on;
+
 ssl_stapling on;
 ssl_stapling_verify on;
 

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+ssl_early_data on;`
	`2`	`+`
`1`	`3`	`ssl_stapling on;`
`2`	`4`	`ssl_stapling_verify on;`
`3`	`5`