Skip to content

Commit

Permalink
fix(api): update kong image to address vulnerability
Browse files Browse the repository at this point in the history
  • Loading branch information
sweatybridge committed Oct 28, 2024
1 parent 39ce039 commit 588b473
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 11 deletions.
18 changes: 9 additions & 9 deletions internal/start/start.go
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ var (
//go:embed templates/custom_nginx.template
nginxConfigEmbed string
// Hardcoded configs which match nginxConfigEmbed
nginxEmailTemplateDir = "/home/kong/templates/email"
nginxEmailTemplateDir = "/etc/kong/templates/email"
nginxTemplateServerPort = 8088
)

Expand Down Expand Up @@ -400,7 +400,7 @@ EOF
Image: utils.Config.Api.KongImage,
Env: []string{
"KONG_DATABASE=off",
"KONG_DECLARATIVE_CONFIG=/home/kong/kong.yml",
"KONG_DECLARATIVE_CONFIG=/etc/kong/kong.yml",
"KONG_DNS_ORDER=LAST,A,CNAME", // https://github.com/supabase/cli/issues/14
"KONG_PLUGINS=request-transformer,cors",
fmt.Sprintf("KONG_PORT_MAPS=%d:8000", utils.Config.Api.Port),
Expand All @@ -411,14 +411,14 @@ EOF
"KONG_NGINX_PROXY_PROXY_BUFFERS=64 160k",
"KONG_NGINX_WORKER_PROCESSES=1",
// Use modern TLS certificate
"KONG_SSL_CERT=/home/kong/localhost.crt",
"KONG_SSL_CERT_KEY=/home/kong/localhost.key",
"KONG_SSL_CERT=/etc/kong/localhost.crt",
"KONG_SSL_CERT_KEY=/etc/kong/localhost.key",
},
Entrypoint: []string{"sh", "-c", `cat <<'EOF' > /home/kong/kong.yml && \
cat <<'EOF' > /home/kong/custom_nginx.template && \
cat <<'EOF' > /home/kong/localhost.crt && \
cat <<'EOF' > /home/kong/localhost.key && \
./docker-entrypoint.sh kong docker-start --nginx-conf /home/kong/custom_nginx.template
Entrypoint: []string{"sh", "-c", `cat <<'EOF' > /etc/kong/kong.yml && \
cat <<'EOF' > /etc/kong/custom_nginx.template && \
cat <<'EOF' > /etc/kong/localhost.crt && \
cat <<'EOF' > /etc/kong/localhost.key && \
./docker-entrypoint.sh kong docker-start --nginx-conf /etc/kong/custom_nginx.template
` + kongConfigBuf.String() + `
EOF
` + nginxConfigEmbed + `
Expand Down
9 changes: 8 additions & 1 deletion internal/start/templates/custom_nginx.template
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,14 @@ error_log logs/error.log ${{LOG_LEVEL}}; # can be set by kong.conf
daemon ${{NGINX_DAEMON}}; # can be set by kong.conf
worker_processes ${{NGINX_WORKER_PROCESSES}}; # can be set by kong.conf

# https://github.com/Kong/kong/discussions/9548#discussioncomment-6174906
lmdb_environment_path dbless.lmdb;
lmdb_map_size 128m;

events {
# Must be greater or equal to the default value of lua_max_pending_timers
# https://github.com/openresty/lua-nginx-module?tab=readme-ov-file#lua_max_pending_timers
worker_connections 1024;
multi_accept on;
}

Expand All @@ -20,7 +27,7 @@ http {

location /email {
autoindex on;
root /home/kong/templates;
root /etc/kong/templates;
}
}

Expand Down
2 changes: 1 addition & 1 deletion pkg/config/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ const (
Pg15Image = "supabase/postgres:15.1.1.78"
// Append to ServiceImages when adding new dependencies below
// TODO: try https://github.com/axllent/mailpit
kongImage = "library/kong:2.8.1"
kongImage = "library/kong:3.8.0"
inbucketImage = "inbucket/inbucket:3.0.3"
postgrestImage = "postgrest/postgrest:v12.2.0"
pgmetaImage = "supabase/postgres-meta:v0.84.2"
Expand Down

0 comments on commit 588b473

Please sign in to comment.