Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

https://hub.docker.com/u/nginxinc doesn't have official or docker verified tag #19

Closed
sandywang1982 opened this issue Mar 31, 2019 · 8 comments
Closed

https://hub.docker.com/u/nginxinc doesn't have official or docker verified tag #19

sandywang1982 opened this issue Mar 31, 2019 · 8 comments
Assignees
@alessfg
Labels
documentation Documentation request

Comments

@sandywang1982
Copy link

We are doing PodSecurityPolicy in our cluster, so we are thinking to pull nginx unprivileged image.
https://hub.docker.com/_/nginx has official images tag, while https://hub.docker.com/u/nginxinc doesn't, how can we make sure the image is safe to pull?
@alessfg alessfg self-assigned this Apr 3, 2019
@alessfg alessfg added the documentation Documentation request label Apr 3, 2019
@alessfg
Copy link
Collaborator

alessfg commented Apr 3, 2019

Hi @sandywang1982!

We've had a few requests asking whether this is an official image, whether it's safe to pull and so on. We are trying to figure out the best solution to address these concerns at the moment - but in the meantime, rest assured this image is as "official" as an image without the official images tag can be. It's not hosted on the official Docker images library, true, but it is owned and maintained by NGINX on both GitHub and Docker Hub.

Cheers,
Alessandro.

xoen added a commit to moj-analytical-services/webapp-template that referenced this issue May 31, 2019
@xoen
Run nginx as non-root
a47c554 
Base image is now https://hub.docker.com/r/nginxinc/nginx-unprivileged

Image doesn't have the "official" tag on DockerHub but it's "owned and
maintained by NGINX"

> this image is as "official" as an image without the official images
> tag can be. It's not hosted on the official Docker images library,
> true, but it is owned and maintained by NGINX on both GitHub and
> Docker Hub.

See: nginxinc/docker-nginx-unprivileged#19 (comment)

Part of ticket: https://trello.com/c/x7zhOJ4N/223-run-webapp-as-non-root-not-on-port-80
@xoen xoen mentioned this issue May 31, 2019
Merged
@alessfg alessfg mentioned this issue Nov 18, 2019
Closed
@SayakMukhopadhyay
Copy link

Hi
Sorry to bump such an old issue. I was wondering if there was any decision made as far as making this image "official". I realize that its official since its the same team as the "official" image and wanted to pitch in some ideas. I was wondering if this image could be released under the _nginx account too, maybe with its own tag.

Thanks for maintaining this image. Using a privileged container is a huge hazard and this image saves the day.

@alessfg
Copy link
Collaborator

alessfg commented Oct 14, 2020

Sadly, no. While talks are continuously ongoing, there are no major updates to report in this front (nor would I expect any changes in the near future).

@alessfg alessfg pinned this issue May 5, 2021
@Jellyfrog Jellyfrog mentioned this issue Mar 5, 2022
Merged
@kasia-kujawa kasia-kujawa mentioned this issue Sep 8, 2022
Merged
@ste93cry
Copy link

It has been more than 2 years since the last update on this issue. Has it been forgotten or can we expect some updates at some point? I can’t imagine what problems there may be that block the resolution of this issue 🤔

@alessfg
Copy link
Collaborator

alessfg commented May 2, 2023

Hey @ste93cry!

It's not been forgotten but there are indeed some problems that fundamentally block the resolution of this issue. The first and foremost is that Docker does not allow "use-case" specific images to be part of their "official" library.

There are still continuous discussions on how to best approach this issue and I will hopefully have some positive news to share sooner rather than later, but for now and in the near future, I sadly don't expect anything to change.

@NWarila
Copy link

NWarila commented Jun 23, 2023

I will admit this is a question rooted in ignorance but I am curious the answer; Is there a reason to not have a rootless version of NGINX be the default? What consequences does this ultimately present to the user and/or administrator?

@alessfg
Copy link
Collaborator

alessfg commented Jun 26, 2023

I would suggest bringing up that topic on the https://github.com/nginxinc/docker-nginx repo. Discussions like this are always ongoing and in-flux.

That being said, couple reasons that come to mind would be:
a) For legacy reasons -- millions of people are using the Docker NGINX image and suddenly swapping it around for a rootless version might break a ton of production environments.
b) NGINX running as non-root presents some uniques challenges in so far as permissions go. It can be done (as it is in these images), but extra care has to be employed when determining which directories to use for various NGINX functionalities.

@alessfg
Copy link
Collaborator

alessfg commented Aug 2, 2023

Great news! We finally managed to become a verified publisher! I am sorry it's taken way, way longer than it should have, but we got there in the end!

@alessfg alessfg closed this as completed Aug 2, 2023
@alessfg alessfg unpinned this issue Aug 2, 2023
@siegfriedweber siegfriedweber mentioned this issue Sep 5, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alessfg alessfg

Labels
documentation Documentation request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ste93cry @SayakMukhopadhyay @alessfg @NWarila @sandywang1982