Alpine image with Nginx/Naxsi for receiving notifications from payment service providers.
The naxsi configuration is kept in pay-infra and pushed to S3 by a Terraform module which runs as part of the Notifications deployment pipeline.
For local development and test purposes, docker copies a stub naxsi config
(tests/rules-stub.naxsi) into the notifications image.
When the notifications container starts in AWS, the docker-start.sh script
pulls the naxsi config from S3, overwriting the stub file, before
starting nginx.
For local development, you can manually mount the naxsi config from a checkout
of pay-infra by adding -v $PAY_INFRA/provisioning/terraform/modules/pay_notifications/files/notifications.naxsi:/etc/nginx/naxsi.rules
to your docker run command. (Where $PAY_INFRA points to a local checkout of
that repo.)
GOV.UK Pay aims to stay secure for everyone. If you are a security researcher and have discovered a security vulnerability in this code, we appreciate your help in disclosing it to us in a responsible manner. Please refer to our vulnerability disclosure policy and our security.txt file for details.