Given the current censorship situation in Iran, I decided to have a look at the Signal TLS Proxy.
If you are deploying or maintaining a Signal TLS Proxy, I highly recommend that you use the upstream
nginx:alpine image instead.
My Docker Compose setup can be found here. I have also fixed the missing
:Z flag for mountpoints and and dropped privileges to reduce the attack surface. I made a couple of pull requests for these changes, but Signal is being very slow on reviewing and merging them, so… yeah.