From 0e24f68d72690ab688b5bd5b45ed54b99d9cc7eb Mon Sep 17 00:00:00 2001
From: Rostislav Vitek <rostislav.vitek@shopsys.com>
Date: Sat, 21 Feb 2026 12:03:46 +0100
Subject: [PATCH 1/2] fix instructions in tests/README.md

---
 tests/README.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/tests/README.md b/tests/README.md
index 7597dc8..36e4d86 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -6,26 +6,28 @@ Tests for verifying Kubernetes manifest generation produces expected output.
 
 ```bash
 # Run all tests
-docker run --rm -v $(pwd):/workspace -w /workspace \
+docker run --rm --user "$(id -u):$(id -g)" -v "$(pwd)":/workspace -w /workspace \
   shopsys/kubernetes-buildpack:2.0 \
   ./tests/run-tests.sh
 
 # Run specific scenario
-docker run --rm -v $(pwd):/workspace -w /workspace \
+docker run --rm --user "$(id -u):$(id -g)" -v "$(pwd)":/workspace -w /workspace \
   shopsys/kubernetes-buildpack:2.0 \
   ./tests/run-tests.sh basic-production
 
 # Update expected files after intentional changes
-docker run --rm -v $(pwd):/workspace -w /workspace \
+docker run --rm --user "$(id -u):$(id -g)" -v "$(pwd)":/workspace -w /workspace \
   shopsys/kubernetes-buildpack:2.0 \
 ./tests/run-tests.sh --update
 
 # List available scenarios
-docker run --rm -v $(pwd):/workspace -w /workspace \
+docker run --rm --user "$(id -u):$(id -g)" -v "$(pwd)":/workspace -w /workspace \
   shopsys/kubernetes-buildpack:2.0 \
 ./tests/run-tests.sh --list
 ```
 
+Using `--user "$(id -u):$(id -g)"` ensures generated files are owned by your local user instead of `root`.
+
 ## Options
 
 ```

From c260070b4bd7eb471f20b31313cfb3e30cbbf356 Mon Sep 17 00:00:00 2001
From: Rostislav Vitek <rostislav.vitek@shopsys.com>
Date: Sat, 21 Feb 2026 12:11:44 +0100
Subject: [PATCH 2/2] nginx.yaml: pass forwarded scheme/host to imageResizer
 fastcgi

- this fixes HTTPS->HTTP redirects from imageResizer
---
 kubernetes/configmap/nginx.yaml                                | 3 +++
 tests/scenarios/basic-production/expected/webserver.yaml       | 3 +++
 .../development-single-domain/expected/webserver.yaml          | 3 +++
 tests/scenarios/escaping-env/expected/webserver.yaml           | 3 +++
 .../production-with-cloudflare/expected/webserver.yaml         | 3 +++
 5 files changed, 15 insertions(+)

diff --git a/kubernetes/configmap/nginx.yaml b/kubernetes/configmap/nginx.yaml
index 1683c06..4eaa9bc 100644
--- a/kubernetes/configmap/nginx.yaml
+++ b/kubernetes/configmap/nginx.yaml
@@ -285,6 +285,9 @@ data:
                 fastcgi_pass php-upstream;
                 include fastcgi_params;
                 fastcgi_param SCRIPT_FILENAME $realpath_root/imageResizer.php;
+                fastcgi_param HTTPS $http_x_forwarded_proto;
+                fastcgi_param HTTP_HOST $request_host;
+                fastcgi_param REQUEST_SCHEME $http_x_forwarded_proto;
             }
         
             # plain 404 page for missing files accessed via CDN
diff --git a/tests/scenarios/basic-production/expected/webserver.yaml b/tests/scenarios/basic-production/expected/webserver.yaml
index 95665fa..20ae8e1 100644
--- a/tests/scenarios/basic-production/expected/webserver.yaml
+++ b/tests/scenarios/basic-production/expected/webserver.yaml
@@ -300,6 +300,9 @@ data:
             fastcgi_pass php-upstream;
             include fastcgi_params;
             fastcgi_param SCRIPT_FILENAME $realpath_root/imageResizer.php;
+            fastcgi_param HTTPS $http_x_forwarded_proto;
+            fastcgi_param HTTP_HOST $request_host;
+            fastcgi_param REQUEST_SCHEME $http_x_forwarded_proto;
         }
 
         # plain 404 page for missing files accessed via CDN
diff --git a/tests/scenarios/development-single-domain/expected/webserver.yaml b/tests/scenarios/development-single-domain/expected/webserver.yaml
index f73fbf4..296414f 100644
--- a/tests/scenarios/development-single-domain/expected/webserver.yaml
+++ b/tests/scenarios/development-single-domain/expected/webserver.yaml
@@ -298,6 +298,9 @@ data:
             fastcgi_pass php-upstream;
             include fastcgi_params;
             fastcgi_param SCRIPT_FILENAME $realpath_root/imageResizer.php;
+            fastcgi_param HTTPS $http_x_forwarded_proto;
+            fastcgi_param HTTP_HOST $request_host;
+            fastcgi_param REQUEST_SCHEME $http_x_forwarded_proto;
         }
 
         # plain 404 page for missing files accessed via CDN
diff --git a/tests/scenarios/escaping-env/expected/webserver.yaml b/tests/scenarios/escaping-env/expected/webserver.yaml
index 7bec260..dde511d 100644
--- a/tests/scenarios/escaping-env/expected/webserver.yaml
+++ b/tests/scenarios/escaping-env/expected/webserver.yaml
@@ -300,6 +300,9 @@ data:
             fastcgi_pass php-upstream;
             include fastcgi_params;
             fastcgi_param SCRIPT_FILENAME $realpath_root/imageResizer.php;
+            fastcgi_param HTTPS $http_x_forwarded_proto;
+            fastcgi_param HTTP_HOST $request_host;
+            fastcgi_param REQUEST_SCHEME $http_x_forwarded_proto;
         }
 
         # plain 404 page for missing files accessed via CDN
diff --git a/tests/scenarios/production-with-cloudflare/expected/webserver.yaml b/tests/scenarios/production-with-cloudflare/expected/webserver.yaml
index 9d92adf..2878fd2 100644
--- a/tests/scenarios/production-with-cloudflare/expected/webserver.yaml
+++ b/tests/scenarios/production-with-cloudflare/expected/webserver.yaml
@@ -300,6 +300,9 @@ data:
             fastcgi_pass php-upstream;
             include fastcgi_params;
             fastcgi_param SCRIPT_FILENAME $realpath_root/imageResizer.php;
+            fastcgi_param HTTPS $http_x_forwarded_proto;
+            fastcgi_param HTTP_HOST $request_host;
+            fastcgi_param REQUEST_SCHEME $http_x_forwarded_proto;
         }
 
         # plain 404 page for missing files accessed via CDN