Open bullet-ant opened 1 month ago
google-cla[bot]
commented
1 month ago Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).
View this failed invocation of the CLA check for more information.
For the most up to date status, view the checks section at the bottom of the pull request.
lgarron
commented
1 month ago Do you have more context on why these changes are necessary/worthwhile?
Also, we have to use an old version of nginx for old SSL, do you foresee any issues with that?
bullet-ant
commented
1 month ago Thank you for reviewing the PR, @lgarron
Regarding the necessity of these changes:
RUN gem update --system command because it caused an error during the Docker build process. The error was due to RubyGems being installed through APT, which does not support upgrading via RubyGems itself.ssl on directive is necessary because it’s deprecated in the Nginx version included with Ubuntu 24.04. The newer Nginx version uses listen ... ssl instead. Since we’re not specifying a version in the Dockerfile, apt installs the latest version available in the Ubuntu repositories, which requires this change.Regarding your concern about using an older version of Nginx for old SSL:
If we need to maintain compatibility with legacy SSL protocols, we could consider pinning Nginx to an older version that supports ssl on. However, doing so may introduce security risks, as older versions might not have the latest security patches. I’d be happy to explore this further if you think it’s necessary.
Thanks again for your guidance, and I look forward to your feedback!
ssl onfrom Nginx configurations