Update caddy to 2.7.6 to patch several vulns (#975)

willdollman · evict · web-flow · commit ab267a5dfe40 · 2024-02-01T14:13:46.000Z
* Update caddy to 2.7.6 to patch several vulns

Checked release notes for major changes and tested locally with `./docker-compose/dev/run.sh up`

* Quote variable

Co-authored-by: Vincent &lt;evict@users.noreply.github.com&gt;

---------

Co-authored-by: Vincent &lt;evict@users.noreply.github.com&gt;
diff --git a/docker-compose/docker-compose.yaml b/docker-compose/docker-compose.yaml
@@ -69,7 +69,7 @@ services:
   # https://caddyserver.com/docs/caddyfile
   caddy:
     container_name: caddy
-    image: 'index.docker.io/caddy:2.7.4-alpine@sha256:3d1bf053476f2415b40e728c37e1112ee7551fa154a63d6f62b275c13fea8166'
+    image: 'index.docker.io/caddy:2.7.6-alpine@sha256:80ca561981768b2c3568cc4bef3d4cd1f11c2a625c806bedeb8453aef98779a0'
     cpus: 4
     mem_limit: '4g'
     environment:
diff --git a/pure-docker/deploy-caddy.sh b/pure-docker/deploy-caddy.sh
@@ -1,36 +1,35 @@
 #!/usr/bin/env bash
 set -e
 
-  # Description: Acts as a reverse proxy for all of the sourcegraph-frontend instances
-  #
-  # Disk: 1GB / persistent SSD
-  # Ports exposed to other Sourcegraph services: none
-  # Ports exposed to the public internet: 80 (HTTP) and 443 (HTTPS)
-  #
-  # Sourcegraph ships with a few builtin templates that cover common HTTP/HTTPS configurations:
-  # - HTTP only (default)
-  # - HTTPS with Let's Encrypt
-  # - HTTPS with custom certificates
-  #
-  # Follow the directions in the comments below to swap between these configurations.
-  #
-  # If none of these built-in configurations suit your needs, then you can create your own Caddyfile, see:
-  # https://caddyserver.com/docs/caddyfile
+# Description: Acts as a reverse proxy for all of the sourcegraph-frontend instances
+#
+# Disk: 1GB / persistent SSD
+# Ports exposed to other Sourcegraph services: none
+# Ports exposed to the public internet: 80 (HTTP) and 443 (HTTPS)
+#
+# Sourcegraph ships with a few builtin templates that cover common HTTP/HTTPS configurations:
+# - HTTP only (default)
+# - HTTPS with Let's Encrypt
+# - HTTPS with custom certificates
+#
+# Follow the directions in the comments below to swap between these configurations.
+#
+# If none of these built-in configurations suit your needs, then you can create your own Caddyfile, see:
+# https://caddyserver.com/docs/caddyfile
 
 VOLUME="$HOME/sourcegraph-docker/caddy-storage"
 ./ensure-volume.sh $VOLUME 100
 docker run --detach \
-    --name=caddy \
-    --network=sourcegraph \
-    --restart=always \
-    --cpus="4" \
-    --memory=4g \
-    -e XDG_DATA_HOME="/caddy-storage/data" \
-    -e XDG_CONFIG_HOME="/caddy-storage/config" \
-    -e SRC_FRONTEND_ADDRESSES="sourcegraph-frontend-0:3080" \
-    -p 0.0.0.0:80:80 \
-    -p 0.0.0.0:443:443 \
-    -v $VOLUME:/caddy-storage \
-    --mount type=bind,source="$(pwd)"/../caddy/builtins/http.Caddyfile,target=/etc/caddy/Caddyfile \
-    index.docker.io/caddy:2.7.4-alpine@sha256:3d1bf053476f2415b40e728c37e1112ee7551fa154a63d6f62b275c13fea8166
-
+  --name=caddy \
+  --network=sourcegraph \
+  --restart=always \
+  --cpus="4" \
+  --memory=4g \
+  -e XDG_DATA_HOME="/caddy-storage/data" \
+  -e XDG_CONFIG_HOME="/caddy-storage/config" \
+  -e SRC_FRONTEND_ADDRESSES="sourcegraph-frontend-0:3080" \
+  -p 0.0.0.0:80:80 \
+  -p 0.0.0.0:443:443 \
+  -v "$VOLUME:/caddy-storage" \
+  --mount type=bind,source="$(pwd)"/../caddy/builtins/http.Caddyfile,target=/etc/caddy/Caddyfile \
+  index.docker.io/caddy:2.7.6-alpine@sha256:80ca561981768b2c3568cc4bef3d4cd1f11c2a625c806bedeb8453aef98779a0
