mirror of
https://github.com/PrivSec-dev/privsec.dev.git
synced 2024-12-22 22:09:28 -05:00
c78c62bb70
Signed-off-by: Tommy <contact@tommytran.io>
1.3 KiB
1.3 KiB
title | date | tags | author | |||
---|---|---|---|---|---|---|
Update your Signal TLS Proxy | 2022-10-15 |
|
Tommy |
Given the current censorship situation in Iran, I decided to have a look at the Signal TLS Proxy.
One thing immediately jumped out - the NGINX image has not been updated for years. In fact, NGINX 1.18 is so old that it has gone end of life for a year and a half as of this writing.
If you are deploying or maintaining a Signal TLS Proxy, I highly recommend that you use the upstream nginx:alpine
image instead.
My Docker Compose setup can be found here. I have also fixed the missing :Z
flag for mountpoints and and dropped privileges to reduce the attack surface. I made a couple of pull requests for these changes, but Signal is being very slow on reviewing and merging them, so... yeah.