-
Notifications
You must be signed in to change notification settings - Fork 153
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
https://hub.docker.com/u/nginxinc doesn't have official or docker verified tag #19
Comments
Hi @sandywang1982! We've had a few requests asking whether this is an official image, whether it's safe to pull and so on. We are trying to figure out the best solution to address these concerns at the moment - but in the meantime, rest assured this image is as "official" as an image without the official images tag can be. It's not hosted on the official Docker images library, true, but it is owned and maintained by NGINX on both GitHub and Docker Hub. Cheers, |
Base image is now https://hub.docker.com/r/nginxinc/nginx-unprivileged Image doesn't have the "official" tag on DockerHub but it's "owned and maintained by NGINX" > this image is as "official" as an image without the official images > tag can be. It's not hosted on the official Docker images library, > true, but it is owned and maintained by NGINX on both GitHub and > Docker Hub. See: nginxinc/docker-nginx-unprivileged#19 (comment) Part of ticket: https://trello.com/c/x7zhOJ4N/223-run-webapp-as-non-root-not-on-port-80
Hi Thanks for maintaining this image. Using a privileged container is a huge hazard and this image saves the day. |
Sadly, no. While talks are continuously ongoing, there are no major updates to report in this front (nor would I expect any changes in the near future). |
It has been more than 2 years since the last update on this issue. Has it been forgotten or can we expect some updates at some point? I can’t imagine what problems there may be that block the resolution of this issue 🤔 |
Hey @ste93cry! It's not been forgotten but there are indeed some problems that fundamentally block the resolution of this issue. The first and foremost is that Docker does not allow "use-case" specific images to be part of their "official" library. There are still continuous discussions on how to best approach this issue and I will hopefully have some positive news to share sooner rather than later, but for now and in the near future, I sadly don't expect anything to change. |
I will admit this is a question rooted in ignorance but I am curious the answer; Is there a reason to not have a rootless version of NGINX be the default? What consequences does this ultimately present to the user and/or administrator? |
I would suggest bringing up that topic on the https://github.com/nginxinc/docker-nginx repo. Discussions like this are always ongoing and in-flux. That being said, couple reasons that come to mind would be: |
Great news! We finally managed to become a verified publisher! I am sorry it's taken way, way longer than it should have, but we got there in the end! |
We are doing PodSecurityPolicy in our cluster, so we are thinking to pull nginx unprivileged image.
https://hub.docker.com/_/nginx has official images tag, while https://hub.docker.com/u/nginxinc doesn't, how can we make sure the image is safe to pull?
The text was updated successfully, but these errors were encountered: