1
0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-11-13 18:11:33 -05:00
privsec.dev/content/apps/Update your Signal TLS Proxy.md
Tommy 2d39ed39c3
Update your Signal TLS Proxy (#71)
Signal TLS Proxy
Signed-off-by: Tommy <contact@tommytran.io>
2022-10-15 17:12:30 -04:00

1.3 KiB

title date tags author
Update your Signal TLS Proxy 2022-10-15
Applications
Linux
Container
Censorship Evasion
Tommy

Signal

Given the current censorship situation in Iran, I decided to have a look at the Signal TLS Proxy.

One thing immediately jumped out - the NGINX image has not been updated for years. In fact, NGINX 1.18 is so old that it has gone end of life a year and a half as of this writing.

If you are thinking of deploying or maintaining a Signal TLS Proxy, I highly recommend that you use the upstream nginx:alpine image.

My Docker Compose setup can be found here. I have also fixed the missing :Z flag for mountpoints and and dropped privileges to reduce the attack surface there. I made a couple of pull requests for these changes, but Signal is taking their time to review and merge them, so... yeah.