2026.5
Changes
This release makes two changes with respect to origin certificates for applications using web-server images in a cluster:
- The origin certificate authority is automatically trusted.
- Server certificates for all applications are made available for use.
Origin certificate authority
The origin certificate authority is used to sign origin certificates for
all applications within a control plane account. This CA is written to
/usr/local/share/ca-certificates/webscale-account-ca.crt and added to
the system’s trusted certificate authorities by running
update-ca-certificates.
Certificates for a single application
The server certificate for the application is written to the file
/etc/nginx/snippets/webscale.pem. To use it, the nginx site
configuration should contain include snippets/webscale.conf in a
server block with listen 443 ssl;. No other ssl_* parameters should
be configured. This enables all aliases configured for a cluster-using
application at the time the web server is created. If additional aliases
are added or removed, the cluster must be re-deployed to receive the
updated configuration. When utilizing this feature, the responsibility
for TLS configuration shfits to the base image instead of being
assigned to each environment.
Multiple applications
When multiple applications are assigned to a cluster server, multiple
server blocks must be used because nginx supports only a single server
certificate per server block. In this case each application should have
its own server block and use include snippets/id.conf where id is
the application id.
Artifacts matrix
| Image Type | Family / Variant | OS | Packages | Architectures | URI |
|---|---|---|---|---|---|
| VM | nfs-server | Ubuntu Minimal 24.04 | amd64, arm64 | ||
| VM | web-server | Ubuntu Minimal 24.04 | amd64, arm64 | ||
| VM | container-host | Ubuntu Minimal 24.04 | arm64 | ||
| Container | php-fpm:8.1-arm64 | Debian 13.2 | php 8.1.34, composer-2.9.3 | arm64 | public.ecr.aws/webscale/php-fpm:8.1-arm64-2026.3 |
| Container | php-fpm:8.2-arm64 | Debian 13.2 | php 8.2.30, composer-2.9.3 | arm64 | public.ecr.aws/webscale/php-fpm:8.2-arm64-2026.3 |
| Container | php-fpm:8.3-arm64 | Debian 13.2 | php 8.3.29, composer-2.9.3 | arm64 | public.ecr.aws/webscale/php-fpm:8.3-arm64-2026.3 |
| Container | php-fpm:8.4-arm64 | Debian 13.2 | php 8.4.16, composer-2.9.3 | arm64 | public.ecr.aws/webscale/php-fpm:8.4-arm64-2026.3 |
| Container | php-fpm:8.1-deb | Debian 13.2 | php 8.1.34, composer-2.9.3 | amd64 | public.ecr.aws/webscale/php-fpm:8.1-deb-2026.3 |
| Container | php-fpm:8.2-deb | Debian 13.2 | php 8.2.30, composer-2.9.3 | amd64 | public.ecr.aws/webscale/php-fpm:8.2-deb-2026.3 |
| Container | php-fpm:8.3-deb | Debian 13.2 | php 8.3.29, composer-2.9.3 | amd64 | public.ecr.aws/webscale/php-fpm:8.3-deb-2026.3 |
| Container | php-fpm:8.4-deb | Debian 13.2 | php 8.4.16, composer-2.9.3 | amd64 | public.ecr.aws/webscale/php-fpm:8.4-deb-2026.3 |
| Container | php-fpm:8.1 | Alpine 3.21.5 | php 8.1.34, composer-2.9.3 | amd64 | public.ecr.aws/webscale/php-fpm:8.1-2026.3 |
| Container | php-fpm:8.2 | Alpine 3.23.2 | php 8.2.30, composer-2.9.3 | amd64 | public.ecr.aws/webscale/php-fpm:8.2-2026.3 |
| Container | php-fpm:8.3 | Alpine 3.23.2 | php 8.3.29, composer-2.9.3 | amd64 | public.ecr.aws/webscale/php-fpm:8.3-2026.3 |
| Container | php-fpm:8.4 | Alpine 3.23.2 | php 8.4.16, composer-2.9.3 | amd64 | public.ecr.aws/webscale/php-fpm:8.4-2026.3 |
| Container | rabbitmq | Ubuntu 24.04.3 LTS | rabbitmq 4.2.2 | arm64 | public.ecr.aws/webscale/rabbitmq |
| Container | varnish | Debian 12.12 | varnish-6.0.16 | arm64 | public.ecr.aws/webscale/varnish |
Last modified on June 3, 2026