From 9f5ed53b99cd6b350282dc869bbb3027eb08425b Mon Sep 17 00:00:00 2001 From: Aizat Faiz Date: Thu, 28 Nov 2024 22:10:36 +0800 Subject: [PATCH 01/14] docs: update title for bunkerweb-plugins/webhook --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 77d9b32389..e1b6f09069 100644 --- a/README.md +++ b/README.md @@ -375,7 +375,7 @@ Here is the list of "official" plugins that we maintain (see the [bunkerweb-plug | **Discord** | 1.6 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) | | **Slack** | 1.6 | Send security notifications to a Slack channel using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/slack) | | **VirusTotal** | 1.6 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) | -| **WebHook** | 1.6 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) | +| **WebHook** | 1.6 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/webhook](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) | You will find more information in the [plugins section](https://docs.bunkerweb.io/1.6.0-beta/plugins/?utm_campaign=self&utm_source=github) of the documentation. From 7496cb0e4764c7a8bbb4a2a5ff85370e8289086f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 29 Nov 2024 08:20:59 +0000 Subject: [PATCH 02/14] deps/tests/linux: bump redhat/ubi9-init in /tests/linux Bumps redhat/ubi9-init from `86b5c0a` to `2624d48`. --- updated-dependencies: - dependency-name: redhat/ubi9-init dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- tests/linux/Dockerfile-rhel9 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/linux/Dockerfile-rhel9 b/tests/linux/Dockerfile-rhel9 index 1e0828bcc3..6825433e14 100644 --- a/tests/linux/Dockerfile-rhel9 +++ b/tests/linux/Dockerfile-rhel9 @@ -1,4 +1,4 @@ -FROM redhat/ubi9-init:9.5@sha256:86b5c0a442723b5679ce64f8d9d73de24271d16c9cc89865e976d61ead350130 +FROM redhat/ubi9-init:9.5@sha256:2624d481eba41047d204eff27bb20449158d11783e717647b9dae6e59140a82b ENV NGINX_VERSION=1.26.2 From d7bd9f835fd3a8870d9e2f3913e040a7e55cc552 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 29 Nov 2024 08:45:24 +0000 Subject: [PATCH 03/14] deps/linux: bump redhat/ubi9 from `2bae906` to `1057dab` in /src/linux Bumps redhat/ubi9 from `2bae906` to `1057dab`. --- updated-dependencies: - dependency-name: redhat/ubi9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- src/linux/Dockerfile-rhel9 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/linux/Dockerfile-rhel9 b/src/linux/Dockerfile-rhel9 index 41d7314d83..e204ee2481 100644 --- a/src/linux/Dockerfile-rhel9 +++ b/src/linux/Dockerfile-rhel9 @@ -1,4 +1,4 @@ -FROM redhat/ubi9:9.5@sha256:2bae9062eddbbc18e76555972e7026ffe02cef560a0076e6d7f72bed2c05723f AS builder +FROM redhat/ubi9:9.5@sha256:1057dab827c782abcfb9bda0c3900c0966b5066e671d54976a7bcb3a2d1a5e53 AS builder ENV OS=rhel ENV NGINX_VERSION=1.26.2 @@ -65,7 +65,7 @@ COPY src/scheduler scheduler COPY src/VERSION VERSION COPY src/ui ui -FROM redhat/ubi9:9.5@sha256:2bae9062eddbbc18e76555972e7026ffe02cef560a0076e6d7f72bed2c05723f +FROM redhat/ubi9:9.5@sha256:1057dab827c782abcfb9bda0c3900c0966b5066e671d54976a7bcb3a2d1a5e53 # Set default umask to prevent huge recursive chmod increasing the final image size RUN umask 027 From b69841db2376189a2d891e546991ba2faa2bb2e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 08:13:58 +0000 Subject: [PATCH 04/14] deps/linux: bump ubuntu from `278628f` to `80dd3c3` in /src/linux Bumps ubuntu from `278628f` to `80dd3c3`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- src/linux/Dockerfile-ubuntu | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/linux/Dockerfile-ubuntu b/src/linux/Dockerfile-ubuntu index ec84296f6a..8a3647dc8a 100644 --- a/src/linux/Dockerfile-ubuntu +++ b/src/linux/Dockerfile-ubuntu @@ -1,4 +1,4 @@ -FROM ubuntu:noble@sha256:278628f08d4979fb9af9ead44277dbc9c92c2465922310916ad0c46ec9999295 AS builder +FROM ubuntu:noble@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab AS builder ENV OS=ubuntu ENV NGINX_VERSION=1.26.2 @@ -57,7 +57,7 @@ COPY src/scheduler scheduler COPY src/VERSION VERSION COPY src/ui ui -FROM ubuntu:noble@sha256:278628f08d4979fb9af9ead44277dbc9c92c2465922310916ad0c46ec9999295 +FROM ubuntu:noble@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab # Set default umask to prevent huge recursive chmod increasing the final image size RUN umask 027 From db0ed2a512353507ccddc9c1d8793a1babc2af30 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 08:13:59 +0000 Subject: [PATCH 05/14] deps/linux: bump redhat/ubi8 from `d497966` to `79d46e7` in /src/linux Bumps redhat/ubi8 from `d497966` to `79d46e7`. --- updated-dependencies: - dependency-name: redhat/ubi8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- src/linux/Dockerfile-rhel | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/linux/Dockerfile-rhel b/src/linux/Dockerfile-rhel index 6a4cebe4c1..4cb0f2080b 100644 --- a/src/linux/Dockerfile-rhel +++ b/src/linux/Dockerfile-rhel @@ -1,4 +1,4 @@ -FROM redhat/ubi8:8.10@sha256:d497966ce214138de5271eef321680639e18daf105ae94a6bff54247d8a191a3 AS builder +FROM redhat/ubi8:8.10@sha256:79d46e7029c2b13a713b2089650fd235aadb3e6e449c79f6741d6c9381ab41a1 AS builder ENV OS=rhel ENV NGINX_VERSION=1.26.2 @@ -64,7 +64,7 @@ COPY src/scheduler scheduler COPY src/VERSION VERSION COPY src/ui ui -FROM redhat/ubi8:8.10@sha256:d497966ce214138de5271eef321680639e18daf105ae94a6bff54247d8a191a3 +FROM redhat/ubi8:8.10@sha256:79d46e7029c2b13a713b2089650fd235aadb3e6e449c79f6741d6c9381ab41a1 # Set default umask to prevent huge recursive chmod increasing the final image size RUN umask 027 From baba613dec859b51a645286eda159dd2f5828bd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20Diot?= Date: Tue, 3 Dec 2024 09:41:58 +0100 Subject: [PATCH 06/14] fix: update DNSBL_LIST to remove deprecated entries and improve formatting --- docs/security-tuning.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/security-tuning.md b/docs/security-tuning.md index 632178e2be..944672720f 100644 --- a/docs/security-tuning.md +++ b/docs/security-tuning.md @@ -758,10 +758,10 @@ DNSBL or "DNS BlackList" is an external list of malicious IPs that you query usi Here is the list of settings related to DNSBL : -| Setting | Default | Description | -| :----------: | :--------------------------------------------------------------------------: | :--------------------------------------------- | -| `USE_DNSBL` | `yes` | When set to `yes`, will enable DNSBL checking. | -| `DNSBL_LIST` | `bl.blocklist.de problems.dnsbl.sorbs.net sbl.spamhaus.org xbl.spamhaus.org` | List of DNSBL servers to ask. | +| Setting | Default | Description | +| :----------: | :-------------------------------------------------: | :--------------------------------------------- | +| `USE_DNSBL` | `yes` | When set to `yes`, will enable DNSBL checking. | +| `DNSBL_LIST` | `bl.blocklist.de sbl.spamhaus.org xbl.spamhaus.org` | List of DNSBL servers to ask. | ## Limiting From eca4fb3326b6933f421778c3b1ac910d3c9d55ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20Diot?= Date: Tue, 3 Dec 2024 10:43:18 +0100 Subject: [PATCH 07/14] feat: add LIMIT_CONN_MAX_HTTP3 configuration to connection limits in JSON templates --- src/common/core/templates/templates/high.json | 1 + src/common/core/templates/templates/low.json | 1 + src/common/core/templates/templates/medium.json | 1 + 3 files changed, 3 insertions(+) diff --git a/src/common/core/templates/templates/high.json b/src/common/core/templates/templates/high.json index 0ddf387788..624f1ffbf2 100644 --- a/src/common/core/templates/templates/high.json +++ b/src/common/core/templates/templates/high.json @@ -48,6 +48,7 @@ "USE_LIMIT_CONN": "yes", "LIMIT_CONN_MAX_HTTP1": "10", "LIMIT_CONN_MAX_HTTP2": "100", + "LIMIT_CONN_MAX_HTTP3": "100", "USE_LIMIT_REQ": "yes", "LIMIT_REQ_URL": "/", "LIMIT_REQ_RATE": "2r/s", diff --git a/src/common/core/templates/templates/low.json b/src/common/core/templates/templates/low.json index 9706d7490b..35b7804ff5 100644 --- a/src/common/core/templates/templates/low.json +++ b/src/common/core/templates/templates/low.json @@ -48,6 +48,7 @@ "USE_LIMIT_CONN": "yes", "LIMIT_CONN_MAX_HTTP1": "25", "LIMIT_CONN_MAX_HTTP2": "200", + "LIMIT_CONN_MAX_HTTP3": "200", "USE_LIMIT_REQ": "yes", "LIMIT_REQ_URL": "/", "LIMIT_REQ_RATE": "5r/s", diff --git a/src/common/core/templates/templates/medium.json b/src/common/core/templates/templates/medium.json index f601fff32e..8a0b4d06ef 100644 --- a/src/common/core/templates/templates/medium.json +++ b/src/common/core/templates/templates/medium.json @@ -48,6 +48,7 @@ "USE_LIMIT_CONN": "yes", "LIMIT_CONN_MAX_HTTP1": "20", "LIMIT_CONN_MAX_HTTP2": "150", + "LIMIT_CONN_MAX_HTTP3": "150", "USE_LIMIT_REQ": "yes", "LIMIT_REQ_URL": "/", "LIMIT_REQ_RATE": "4r/s", From b6ee15a66b722db2936778b819f6f0139b9d4882 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20Diot?= Date: Tue, 3 Dec 2024 11:09:42 +0100 Subject: [PATCH 08/14] fix: update regex for server name validation to escape hyphens --- src/common/settings.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/settings.json b/src/common/settings.json index d8eecdab42..2fef04c6d9 100644 --- a/src/common/settings.json +++ b/src/common/settings.json @@ -50,7 +50,7 @@ "help": "List of the virtual hosts served by bunkerweb.", "id": "server-name", "label": "Server name", - "regex": "^(((?!.*\\.\\.)(?![^\\s]{256,})([A-Za-z0-9]([A-Za-z0-9-]{0,61}[A-Za-z0-9])?\\.)+[A-Za-z]{2,63})(?!.*\\s\\2(\\s|$)))?(\\s(((?!.*\\.\\.)(?![^\\s]{256,})([A-Za-z0-9]([A-Za-z0-9-]{0,61}[A-Za-z0-9])?\\.)+[A-Za-z]{2,63}))(?!.*\\s\\5(\\s|$)))*$", + "regex": "^(((?!.*\\.\\.)(?![^\\s]{256,})([A-Za-z0-9]([A-Za-z0-9\\-]{0,61}[A-Za-z0-9])?\\.)+[A-Za-z]{2,63})(?!.*\\s\\2(\\s|$)))?(\\s(((?!.*\\.\\.)(?![^\\s]{256,})([A-Za-z0-9]([A-Za-z0-9\\-]{0,61}[A-Za-z0-9])?\\.)+[A-Za-z]{2,63}))(?!.*\\s\\5(\\s|$)))*$", "type": "text" }, "WORKER_PROCESSES": { From 59c70b51e6e556d44219675b575f440e8cb58d03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20Diot?= Date: Tue, 3 Dec 2024 11:10:12 +0100 Subject: [PATCH 09/14] fix: change default template value from 'high' to 'low' in services page --- src/ui/app/routes/services.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ui/app/routes/services.py b/src/ui/app/routes/services.py index 33cedc90ce..e1728cd962 100644 --- a/src/ui/app/routes/services.py +++ b/src/ui/app/routes/services.py @@ -357,7 +357,7 @@ def update_service(service: str, variables: Dict[str, str], is_draft: bool, mode mode = request.args.get("mode", "easy") search_type = request.args.get("type", "all") - template = request.args.get("template", "high") + template = request.args.get("template", "low") db_templates = DB.get_templates() db_custom_configs = DB.get_custom_configs(with_drafts=True, as_dict=True) clone = None From 3af012b3418e997027e70c211dd7cf008abf10ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20Diot?= Date: Tue, 3 Dec 2024 11:24:02 +0100 Subject: [PATCH 10/14] fix: adjust admin age check to use local timezone to avoid comparison of offset-naive and offset-aware datetimes --- src/ui/app/routes/setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ui/app/routes/setup.py b/src/ui/app/routes/setup.py index 64329f3052..a125555655 100644 --- a/src/ui/app/routes/setup.py +++ b/src/ui/app/routes/setup.py @@ -249,7 +249,7 @@ def setup_loading(): db_config = DB.get_config(filtered_settings=("SERVER_NAME", "USE_UI", "REVERSE_PROXY_URL")) ui_service = {} ui_admin = DB.get_ui_user() - admin_old_enough = ui_admin and ui_admin.creation_date < datetime.now() - timedelta(minutes=5) + admin_old_enough = ui_admin and ui_admin.creation_date < datetime.now().astimezone() - timedelta(minutes=5) for server_name in db_config["SERVER_NAME"].split(" "): if server_name and db_config.get(f"{server_name}_USE_UI", "no") == "yes": From b2165f09c812db368a078ee7b64671a35f27ef05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20Diot?= Date: Tue, 3 Dec 2024 11:26:35 +0100 Subject: [PATCH 11/14] fix: update template handling to change default from 'high' to 'low' and adjust related logic in database queries and UI --- src/common/db/Database.py | 8 ++++++-- src/ui/app/static/js/plugins-settings.js | 10 +++++----- src/ui/app/templates/service_settings.html | 2 +- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/src/common/db/Database.py b/src/common/db/Database.py index 7c9989002e..a42d5a8032 100644 --- a/src/common/db/Database.py +++ b/src/common/db/Database.py @@ -49,7 +49,7 @@ from common_utils import bytes_hash # type: ignore from pymysql import install_as_MySQLdb -from sqlalchemy import create_engine, event, MetaData as sql_metadata, func, join, select as db_select, text, inspect +from sqlalchemy import case, create_engine, event, MetaData as sql_metadata, func, join, select as db_select, text, inspect from sqlalchemy.engine import Engine from sqlalchemy.exc import ( ArgumentError, @@ -3659,7 +3659,11 @@ def get_plugin_page(self, plugin_id: str) -> Optional[bytes]: def get_templates(self, plugin: Optional[str] = None) -> Dict[str, dict]: """Get templates.""" with self._db_session() as session: - query = session.query(Templates).with_entities(Templates.id, Templates.plugin_id, Templates.name) + query = ( + session.query(Templates) + .with_entities(Templates.id, Templates.plugin_id, Templates.name) + .order_by(case((Templates.name == "low", 0), else_=1)) # Pass as positional arguments + ) if plugin: query = query.filter_by(plugin_id=plugin) diff --git a/src/ui/app/static/js/plugins-settings.js b/src/ui/app/static/js/plugins-settings.js index d2ddc3f024..27eaa068c4 100644 --- a/src/ui/app/static/js/plugins-settings.js +++ b/src/ui/app/static/js/plugins-settings.js @@ -56,7 +56,7 @@ $(document).ready(() => { params.mode = currentMode; if (currentMode === "advanced" && currentType !== "all") params.type = currentType; - if (currentMode === "easy" && currentTemplate !== "high") + if (currentMode === "easy" && currentTemplate !== "low") params.template = currentTemplate; // If "easy" is selected, remove the "mode" parameter @@ -153,8 +153,8 @@ $(document).ready(() => { params.type = null; // Remove the type parameter - // If "high" is selected, remove the "template" parameter - if (currentTemplate === "high") { + // If "low" is selected, remove the "template" parameter + if (currentTemplate === "low") { params.template = null; // Set template to null to remove it from the URL updateUrlParams(params); // Call the function without the hash (keep it intact) } else { @@ -983,11 +983,11 @@ $(document).ready(() => { currentMode === "easy" ) { $(`button[data-bs-target="#navs-modes-advanced"]`).tab("show"); - } else if (usedTemplate !== "high" && currentMode === "easy") { + } else if (usedTemplate !== "low" && currentMode === "easy") { $(`button[data-bs-target="#navs-templates-${usedTemplate}"]`).tab("show"); } - if (currentMode === "easy" && currentTemplate !== "high") { + if (currentMode === "easy" && currentTemplate !== "low") { $(`button[data-bs-target="#navs-templates-${currentTemplate}"]`).tab( "show", ); diff --git a/src/ui/app/templates/service_settings.html b/src/ui/app/templates/service_settings.html index dabff3a61f..012c128e53 100644 --- a/src/ui/app/templates/service_settings.html +++ b/src/ui/app/templates/service_settings.html @@ -10,7 +10,7 @@ id="selected-mode" name="selected_mode" value="{{ mode }}"> - Date: Tue, 3 Dec 2024 11:30:40 +0100 Subject: [PATCH 12/14] fix: simplify draft settings logic in plugins settings initialization --- src/ui/app/static/js/plugins-settings.js | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/src/ui/app/static/js/plugins-settings.js b/src/ui/app/static/js/plugins-settings.js index 27eaa068c4..4c9e0e3a8f 100644 --- a/src/ui/app/static/js/plugins-settings.js +++ b/src/ui/app/static/js/plugins-settings.js @@ -1128,18 +1128,16 @@ $(document).ready(() => { if (isReadOnly) return; const form = getFormFromSettings($(this)); - if (currentMode !== "easy") { - let minSettings = 4; - if (!form.find("input[name='IS_DRAFT']").length) minSettings = 1; + let minSettings = 4; + if (!form.find("input[name='IS_DRAFT']").length) minSettings = 1; - const draftInput = $("#is-draft"); - const wasDraft = draftInput.data("original") === "yes"; - let isDraft = draftInput.val() === "yes"; - if (currentMode === "raw") - isDraft = form.find("input[name='IS_DRAFT']").val() === "yes"; + const draftInput = $("#is-draft"); + const wasDraft = draftInput.data("original") === "yes"; + let isDraft = draftInput.val() === "yes"; + if (currentMode === "raw") + isDraft = form.find("input[name='IS_DRAFT']").val() === "yes"; - if (form.children().length <= minSettings && isDraft === wasDraft) return; - } + if (form.children().length <= minSettings && isDraft === wasDraft) return; // Cross-browser compatibility (for older browsers) var message = From ffc41a95cca4196105044a8ffdf6298c2dd08c48 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 10:38:52 +0000 Subject: [PATCH 13/14] deps/tests/linux: bump ubuntu in /tests/linux Bumps ubuntu from `278628f` to `80dd3c3`. --- updated-dependencies: - dependency-name: ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- tests/linux/Dockerfile-ubuntu | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/linux/Dockerfile-ubuntu b/tests/linux/Dockerfile-ubuntu index ea41219d13..f3fe7a6b89 100644 --- a/tests/linux/Dockerfile-ubuntu +++ b/tests/linux/Dockerfile-ubuntu @@ -1,4 +1,4 @@ -FROM ubuntu:noble@sha256:278628f08d4979fb9af9ead44277dbc9c92c2465922310916ad0c46ec9999295 +FROM ubuntu:noble@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab ENV container=docker ENV LC_ALL=C From 013206ce88e1f3053d1041453077e85427a9a272 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20Diot?= Date: Tue, 3 Dec 2024 11:40:49 +0100 Subject: [PATCH 14/14] fix: update Dockerfile to use a specific sha256 digest for redhat/ubi8-init image --- tests/linux/Dockerfile-rhel | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/linux/Dockerfile-rhel b/tests/linux/Dockerfile-rhel index d1507e67cc..b3790d0b6c 100644 --- a/tests/linux/Dockerfile-rhel +++ b/tests/linux/Dockerfile-rhel @@ -1,4 +1,4 @@ -FROM redhat/ubi8-init:8.10-9.1731462872@sha256:f27239c96f6878d49c9ba0cb3ba9376156529bd79c63d2316284a36d6a29dbf3 +FROM redhat/ubi8-init:8.10@sha256:7eb3cfe9b9df3b8f7b145839778f8fc282892eab47bda0488dc8b379691d5c5a ENV NGINX_VERSION=1.26.2