Skip to content

nginx: specify nginx version#1937

Open
alxndrsn wants to merge 1 commit into
getodk:nextfrom
alxndrsn:nginx-version-pin
Open

nginx: specify nginx version#1937
alxndrsn wants to merge 1 commit into
getodk:nextfrom
alxndrsn:nginx-version-pin

Conversation

@alxndrsn
Copy link
Copy Markdown
Contributor

@alxndrsn alxndrsn commented Jun 3, 2026
edited
Loading

Closes #1936

What has been done to verify that this works as intended?

✅ CI

Why is this the best possible solution? Were any other approaches considered?

Reduces nginx changes silently affecting production behaviour.

How does this change affect users? Describe intentional changes to behavior and behavior that could have accidentally been affected by code changes. In other words, what are the regression risks?

Reduces drift in nginx versions between same ODK Central versions. This should reduce risk.

Does this change require updates to documentation? If so, please file an issue here and include the link below.

I don't think so.

Before submitting this PR, please make sure you have:

  • branched off and targeted the next branch OR only changed documentation/infrastructure (master is stable and used in production)
  • verified that any code or assets from external sources are properly credited in comments or that everything is internally sourced

@alxndrsn alxndrsn marked this pull request as ready for review June 3, 2026 09:31
@alxndrsn alxndrsn mentioned this pull request Jun 3, 2026
Closed
@matthew-white
Copy link
Copy Markdown
Member

matthew-white commented Jun 3, 2026

I'm thinking that it makes sense for @sadiqkhoja to review this one, since he's the one who typically updates nginx (e.g., as part of #1805).

@matthew-white matthew-white requested a review from sadiqkhoja June 3, 2026 17:38
@matthew-white matthew-white linked an issue Jun 3, 2026 that may be closed by this pull request
[nginx] docker base image can transparently change nginx version #1936
Open
lognaturel
lognaturel reviewed Jun 3, 2026
View reviewed changes
Comment thread nginx.dockerfile
# * https://hub.docker.com/r/jonasal/nginx-certbot/tags
# 2. Look for upstream changes to redirector.conf
# 3. Confirm setup-odk.sh strips out HTTP-01 ACME challenge location.
FROM jonasal/nginx-certbot:6.1.0-nginx1.29.7
Copy link
Copy Markdown
Member

@lognaturel lognaturel Jun 3, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Servers that have rebuilt recently would have been running -nginx1.31.1. I think we should go straight to that tag since some production users already have it.

Whoops, I see 6.2.0 straddles nginx 1.29 and 1.31 but 6.1.0 does not. So we could stay on 6.1.0 for now and this would be the correct pin. Then we could look at actually upgrading later based on what the latest version is at that time.

@lognaturel
Copy link
Copy Markdown
Member

lognaturel commented Jun 3, 2026

@sadiqkhoja I added some notes at #1936 (comment) that you may find to be helpful context.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lognaturel lognaturel lognaturel left review comments

@sadiqkhoja sadiqkhoja Awaiting requested review from sadiqkhoja

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[nginx] docker base image can transparently change nginx version

3 participants

@alxndrsn @matthew-white @lognaturel