From f5111793f91840f8cff63b816cd8820a6b2bfc19 Mon Sep 17 00:00:00 2001 From: Tommy Date: Sat, 15 Oct 2022 19:58:43 -0400 Subject: [PATCH] Grammar Fixes Signed-off-by: Tommy --- content/apps/Update your Signal TLS Proxy.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/apps/Update your Signal TLS Proxy.md b/content/apps/Update your Signal TLS Proxy.md index beead94..336ad52 100644 --- a/content/apps/Update your Signal TLS Proxy.md +++ b/content/apps/Update your Signal TLS Proxy.md @@ -9,12 +9,12 @@ author: Tommy Given the current censorship situation in Iran, I decided to have a look at the [Signal TLS Proxy](https://github.com/signalapp/Signal-TLS-Proxy). -One thing immediately jumped out - the NGINX image has not been updated [for years](https://github.com/signalapp/Signal-TLS-Proxy/blob/ac94d6b869f942ec05d7ef76840287a1d1f487f9/nginx-relay/Dockerfile#L9). In fact, NGINX 1.18 is so old that it has gone end of life [a year and a half](https://endoflife.date/nginx) as of this writing. +One thing immediately jumped out - the NGINX image has not been updated [for years](https://github.com/signalapp/Signal-TLS-Proxy/blob/ac94d6b869f942ec05d7ef76840287a1d1f487f9/nginx-relay/Dockerfile#L9). In fact, NGINX 1.18 is so old that it has gone end of life for [a year and a half](https://endoflife.date/nginx) as of this writing. -If you are thinking of deploying or maintaining a Signal TLS Proxy, I highly recommend that you use the upstream `nginx:alpine` image. +If you are deploying or maintaining a Signal TLS Proxy, I highly recommend that you use the upstream `nginx:alpine` image instead. -My Docker Compose setup can be found [here](https://github.com/tommytran732/Signal-TLS-Proxy). I have also fixed the missing `:Z` flag for mountpoints and and dropped privileges to reduce the attack surface there. I made a couple of pull requests for these changes, but Signal is taking their time to review and merge them, so... yeah. +My Docker Compose setup can be found [here](https://github.com/tommytran732/Signal-TLS-Proxy). I have also fixed the missing `:Z` flag for mountpoints and and dropped privileges to reduce the attack surface. I made a couple of pull requests for these changes, but Signal is being very slow on reviewing and merging them, so... yeah. - [Drop capabilities](https://github.com/signalapp/Signal-TLS-Proxy/pull/24) - [Use upstream NGINX image](https://github.com/signalapp/Signal-TLS-Proxy/pull/23) -- [Add :Z for SELinux](https://github.com/signalapp/Signal-TLS-Proxy/pull/22) \ No newline at end of file +- [Add :Z for SELinux](https://github.com/signalapp/Signal-TLS-Proxy/pull/22)