NexaPG 0.2.2 - NGINX unprivileged security update
Migration Safety / Alembic upgrade/downgrade safety (push) Successful in 21s
PostgreSQL Compatibility Matrix / PG14 smoke (push) Successful in 8s
PostgreSQL Compatibility Matrix / PG15 smoke (push) Successful in 7s
PostgreSQL Compatibility Matrix / PG16 smoke (push) Successful in 7s
PostgreSQL Compatibility Matrix / PG17 smoke (push) Successful in 8s
PostgreSQL Compatibility Matrix / PG18 smoke (push) Successful in 8s
Docker Publish (Release) / Build and Push Docker Images (release) Successful in 1m33s
Stable
nessi
released this
2026-02-14 16:20:45 +00:00
| 5 commits to main since this release
Changed
Frontend Runtime Security Hardening
- Switched frontend runtime image to an unprivileged NGINX variant:
- from
nginx:1.29-alpine-slim
- to
nginxinc/nginx-unprivileged:stable-alpine
- Set explicit non-root runtime user in frontend container:
Frontend Runtime Port Alignment
- Updated NGINX listener in frontend runtime config:
- Updated frontend container port exposure:
- Updated Docker Compose frontend mapping:
- from
${FRONTEND_PORT}:80
- to
${FRONTEND_PORT}:8080
Why This Release
- Improves container runtime security posture by running frontend as non-root by default.
- Aligns deployment with Docker Scout best-practice checks (
default non-root user).
- Keeps external access unchanged (still via
FRONTEND_PORT on host), while hardening internal container behavior.
Notes
- No database migration required.
- Rebuild and republish frontend image, then redeploy to apply changes.
- If using custom reverse-proxy/container configs, ensure upstream points to frontend container port
8080.
Downloads