From ec14ed490a43fcb8c264ed97b53246b73acfda63 Mon Sep 17 00:00:00 2001 From: heil Date: Sun, 21 Jun 2015 21:41:17 +0200 Subject: [PATCH 01/17] nginx: fix musl compatibility - include Patches according to issue #1129 - refresh Makefile Signed-off-by: heil --- net/nginx/Makefile | 4 +-- net/nginx/patches/100-musl-no-sysctl.patch | 35 ++++++++++++++++++++++ 2 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 net/nginx/patches/100-musl-no-sysctl.patch diff --git a/net/nginx/Makefile b/net/nginx/Makefile index e93326e52..667bacb5d 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2009-2012 OpenWrt.org +# Copyright (C) 2012-2015 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx PKG_VERSION:=1.4.7 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://nginx.org/download/ diff --git a/net/nginx/patches/100-musl-no-sysctl.patch b/net/nginx/patches/100-musl-no-sysctl.patch new file mode 100644 index 000000000..4e35bf6ba --- /dev/null +++ b/net/nginx/patches/100-musl-no-sysctl.patch @@ -0,0 +1,35 @@ +Index: nginx-1.4.7/src/os/unix/ngx_linux_config.h +=================================================================== +--- nginx-1.4.7.orig/src/os/unix/ngx_linux_config.h ++++ nginx-1.4.7/src/os/unix/ngx_linux_config.h +@@ -51,7 +51,6 @@ + #include /* memalign() */ + #include /* IOV_MAX */ + #include +-#include + #include + #include /* uname() */ + +--- nginx-1.2.7/src/os/unix/ngx_user.c ++++ nginx-1.2.7-patched/src/os/unix/ngx_user.c +@@ -31,8 +31,6 @@ + struct crypt_data cd; + + cd.initialized = 0; +- /* work around the glibc bug */ +- cd.current_salt[0] = ~salt[0]; + + value = crypt_r((char *) key, (char *) salt, &cd); + +diff --git a/auto/lib/openssl/conf b/auto/lib/openssl/conf +index 528ee17..73ef359 100644 +--- a/auto/lib/openssl/conf ++++ b/auto/lib/openssl/conf +@@ -47,7 +47,7 @@ else + ngx_feature_run=no + ngx_feature_incs="#include " + ngx_feature_path= +- ngx_feature_libs="-lssl -lcrypto" ++ ngx_feature_libs="-lssl -lcrypto -lz" + ngx_feature_test="SSL_library_init()" + . auto/feature From 3c7b3d57dde4f5eeeab3cf09a6e632167dd91c15 Mon Sep 17 00:00:00 2001 From: Paul Fertser Date: Tue, 1 Sep 2015 08:15:26 +0300 Subject: [PATCH 02/17] nginx: add support for SPNEGO authentication This adds a module suitable for Kerberos SSO, e.g. for integrating into Active Directory domains. Signed-off-by: Paul Fertser --- net/nginx/Config.in | 10 ++++++++++ net/nginx/Makefile | 23 +++++++++++++++++++++-- 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/net/nginx/Config.in b/net/nginx/Config.in index b135e42d4..0ad36065f 100644 --- a/net/nginx/Config.in +++ b/net/nginx/Config.in @@ -38,6 +38,16 @@ config NGINX_LUA help Enable support for LUA scripts. +config NGINX_SPNEGO + bool + prompt "Enable SPNEGO module" + help + Enable support for Kerberos authentication via GSSAPI. + + See https://github.com/stnoonan/spnego-http-auth-nginx-module + for specific instructions. Make sure the keytab file is + readable by user "nobody". + config NGINX_PCRE bool prompt "Enable PCRE library usage" diff --git a/net/nginx/Makefile b/net/nginx/Makefile index 667bacb5d..bea9a5e1a 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx PKG_VERSION:=1.4.7 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://nginx.org/download/ @@ -26,6 +26,7 @@ PKG_CONFIG_DEPENDS := \ CONFIG_NGINX_SSL \ CONFIG_NGINX_DAV \ CONFIG_NGINX_LUA \ + CONFIG_NGINX_SPNEGO \ CONFIG_NGINX_PCRE \ CONFIG_NGINX_HTTP_CACHE \ CONFIG_NGINX_HTTP_CHARSET \ @@ -59,7 +60,7 @@ define Package/nginx SUBMENU:=Web Servers/Proxies TITLE:=Nginx web server URL:=http://nginx.org/ - DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +libpthread +NGINX_LUA:liblua + DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +libpthread +NGINX_LUA:liblua +NGINX_SPNEGO:krb5-libs MENU:=1 endef @@ -100,6 +101,10 @@ endif ifeq ($(CONFIG_NGINX_LUA),y) ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/lua-nginx endif +ifeq ($(CONFIG_NGINX_SPNEGO),y) + ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/spnego-http-auth-nginx-module + TARGET_CFLAGS += -I $(STAGING_DIR)/usr/include/krb5 +endif ifneq ($(CONFIG_NGINX_HTTP_CACHE),y) ADDITIONAL_MODULES += --without-http-cache endif @@ -215,6 +220,7 @@ endef define Build/Prepare $(call Build/Prepare/Default) $(if $(CONFIG_NGINX_LUA),$(call Prepare/lua-nginx)) + $(if $(CONFIG_NGINX_SPNEGO),$(call Prepare/spnego-http-auth-nginx-module)) $(if $(CONFIG_NGINX_NAXSI),$(call Prepare/nginx-naxsi)) $(if $(CONFIG_NGINX_SYSLOG),$(call Prepare/nginx-syslog)) $(if $(CONFIG_NGINX_HTTP_UPSTREAM_CHECK),$(call Prepare/nginx-upstream-check)) @@ -327,6 +333,19 @@ define Package/nginx-syslog/install endef +define Download/spnego-http-auth-nginx-module + VERSION:=c85a38c595 + SUBDIR:=spnego-http-auth-nginx-module + FILE:=spnego-http-auth-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz + URL:=https://github.com/stnoonan/spnego-http-auth-nginx-module + PROTO:=git +endef + +define Prepare/spnego-http-auth-nginx-module + $(eval $(call Download,spnego-http-auth-nginx-module)) + gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) +endef + $(eval $(call BuildPackage,nginx)) $(eval $(call BuildPackage,nginx-naxsi)) $(eval $(call BuildPackage,nginx-proxyprotocol)) From d44b07c279f082c7b33b7f65d12a519590520501 Mon Sep 17 00:00:00 2001 From: Luka Perkov Date: Sat, 10 Oct 2015 18:20:10 +0200 Subject: [PATCH 03/17] nginx: bump to 1.9.6 In this bump as agreed with Thomas we are dropping out all the nginx 3rd party addons. In case you would like to see your 3rd party addon included please send a pull request and make sure it works with newest version. Signed-off-by: Luka Perkov --- net/nginx/Config.in | 81 +- net/nginx/Makefile | 193 +-- net/nginx/files/nginx.init | 31 +- net/nginx/files/nginx.proxyprotocol.example | 40 - net/nginx/files/nginx.syslog.example | 59 - net/nginx/patches-lua-nginx/300-ldl.patch | 21 - .../check_1.2.6+.patch | 209 --- net/nginx/patches/100-musl-no-sysctl.patch | 35 - net/nginx/patches/101-feature_test_fix.patch | 20 +- .../patches/300-crosscompile_ccflags.patch | 33 - ...-nginx-1.4.x_proxy_protocol_patch_v2.patch | 1183 ----------------- .../patches/401-nginx-1.4.0-syslog.patch | 698 ---------- 12 files changed, 76 insertions(+), 2527 deletions(-) delete mode 100644 net/nginx/files/nginx.proxyprotocol.example delete mode 100644 net/nginx/files/nginx.syslog.example delete mode 100644 net/nginx/patches-lua-nginx/300-ldl.patch delete mode 100644 net/nginx/patches-nginx-upstream-check/check_1.2.6+.patch delete mode 100644 net/nginx/patches/100-musl-no-sysctl.patch delete mode 100644 net/nginx/patches/300-crosscompile_ccflags.patch delete mode 100644 net/nginx/patches/400-nginx-1.4.x_proxy_protocol_patch_v2.patch delete mode 100644 net/nginx/patches/401-nginx-1.4.0-syslog.patch diff --git a/net/nginx/Config.in b/net/nginx/Config.in index 0ad36065f..a4cc4c8c8 100644 --- a/net/nginx/Config.in +++ b/net/nginx/Config.in @@ -8,54 +8,33 @@ menu "Configuration" depends on PACKAGE_nginx -config NGINX_STUB_STATUS - bool - prompt "Enable stub status module" - help - Enable the stub status module which gives some status from the server. - -config NGINX_FLV - bool - prompt "Enable FLV module" - help - Provides the ability to seek within FLV (Flash) files using time-based offsets. - config NGINX_SSL bool prompt "Enable SSL module" help Enable HTTPS/SSL support. + default n config NGINX_DAV bool prompt "Enable WebDAV module" help Enable the HTTP and WebDAV methods PUT, DELETE, MKCOL, COPY and MOVE. + default n -config NGINX_LUA +config NGINX_FLV bool - prompt "Enable LUA module" + prompt "Enable FLV module" help - Enable support for LUA scripts. + Provides the ability to seek within FLV (Flash) files using time-based offsets. + default n -config NGINX_SPNEGO +config NGINX_STUB_STATUS bool - prompt "Enable SPNEGO module" + prompt "Enable stub status module" help - Enable support for Kerberos authentication via GSSAPI. - - See https://github.com/stnoonan/spnego-http-auth-nginx-module - for specific instructions. Make sure the keytab file is - readable by user "nobody". - -config NGINX_PCRE - bool - prompt "Enable PCRE library usage" - default y - -config NGINX_HTTP_CACHE - bool - prompt "Enable HTTP cache" + Enable the stub status module which gives some status from the server. + default n config NGINX_HTTP_CHARSET bool @@ -163,40 +142,34 @@ config NGINX_HTTP_BROWSER prompt "Enable HTTP browser module" default y +config NGINX_HTTP_UPSTREAM_HASH + bool + prompt "Enable HTTP hash module" + default y + config NGINX_HTTP_UPSTREAM_IP_HASH bool prompt "Enable HTTP IP hash module" default y -config NGINX_NAXSI +config NGINX_HTTP_UPSTREAM_LEAST_CONN bool - prompt "Enable NAXSI module" - select PACKAGE_nginx-naxsi + prompt "Enable HTTP least conn module" default y - help - Enable support for NAXSI WAF. -config NGINX_PROXYPROTOCOL +config NGINX_HTTP_UPSTREAM_KEEPALIVE bool - prompt "Enable HAProxy proxyprotocol" - select PACKAGE_nginx-proxyprotocol - select NGINX_SSL - default n - help - Enable support for PROXY PROTOCOL - -config NGINX_SYSLOG - bool - prompt "Enable Syslog module" - select PACKAGE_nginx-syslog + prompt "Enable HTTP keepalive module" default y - help - Provides the ability log to a remote destination -config NGINX_HTTP_UPSTREAM_CHECK +config NGINX_HTTP_CACHE bool - select NGINX_SSL - prompt "Enable HTTP upstream check module" - default n + prompt "Enable HTTP cache" + default y + +config NGINX_PCRE + bool + prompt "Enable PCRE library usage" + default y endmenu diff --git a/net/nginx/Makefile b/net/nginx/Makefile index bea9a5e1a..cc5971577 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -8,27 +8,25 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx -PKG_VERSION:=1.4.7 -PKG_RELEASE:=4 +PKG_VERSION:=1.9.6 +PKG_RELEASE:=1 -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://nginx.org/download/ -PKG_MD5SUM:=aee151d298dcbfeb88b3f7dd3e7a4d17 +PKG_MD5SUM:=f6899825e7a8deadba4948ff84515ad6 PKG_MAINTAINER:=Thomas Heil PKG_LICENSE:=2-clause BSD-like license +PKG_BUILD_DIR:=$(BUILD_DIR)/nginx-$(PKG_VERSION) + PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 PKG_CONFIG_DEPENDS := \ - CONFIG_NGINX_STUB_STATUS \ - CONFIG_NGINX_FLV \ CONFIG_NGINX_SSL \ CONFIG_NGINX_DAV \ - CONFIG_NGINX_LUA \ - CONFIG_NGINX_SPNEGO \ - CONFIG_NGINX_PCRE \ - CONFIG_NGINX_HTTP_CACHE \ + CONFIG_NGINX_FLV \ + CONFIG_NGINX_STUB_STATUS \ CONFIG_NGINX_HTTP_CHARSET \ CONFIG_NGINX_HTTP_GZIP \ CONFIG_NGINX_HTTP_SSI \ @@ -50,7 +48,13 @@ PKG_CONFIG_DEPENDS := \ CONFIG_NGINX_HTTP_LIMIT_REQ \ CONFIG_NGINX_HTTP_EMPTY_GIF \ CONFIG_NGINX_HTTP_BROWSER \ - CONFIG_NGINX_HTTP_UPSTREAM_IP_HASH + CONFIG_NGINX_HTTP_UPSTREAM_HASH \ + CONFIG_NGINX_HTTP_UPSTREAM_IP_HASH \ + CONFIG_NGINX_HTTP_UPSTREAM_LEAST_CONN \ + CONFIG_NGINX_HTTP_UPSTREAM_KEEPALIVE \ + CONFIG_NGINX_HTTP_UPSTREAM_ZONE \ + CONFIG_NGINX_HTTP_CACHE \ + CONFIG_NGINX_PCRE include $(INCLUDE_DIR)/package.mk @@ -60,7 +64,7 @@ define Package/nginx SUBMENU:=Web Servers/Proxies TITLE:=Nginx web server URL:=http://nginx.org/ - DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +libpthread +NGINX_LUA:liblua +NGINX_SPNEGO:krb5-libs + DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +libpthread MENU:=1 endef @@ -80,9 +84,6 @@ define Package/nginx/conffiles endef ADDITIONAL_MODULES:= -ifeq ($(CONFIG_NGINX_NAXSI),y) - ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_src -endif ifeq ($(CONFIG_IPV6),y) ADDITIONAL_MODULES += --with-ipv6 endif @@ -98,13 +99,6 @@ endif ifeq ($(CONFIG_NGINX_DAV),y) ADDITIONAL_MODULES += --with-http_dav_module endif -ifeq ($(CONFIG_NGINX_LUA),y) - ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/lua-nginx -endif -ifeq ($(CONFIG_NGINX_SPNEGO),y) - ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/spnego-http-auth-nginx-module - TARGET_CFLAGS += -I $(STAGING_DIR)/usr/include/krb5 -endif ifneq ($(CONFIG_NGINX_HTTP_CACHE),y) ADDITIONAL_MODULES += --without-http-cache endif @@ -174,23 +168,21 @@ endif ifneq ($(CONFIG_NGINX_HTTP_BROWSER),y) ADDITIONAL_MODULES += --without-http_browser_module endif +ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_HASH),y) + ADDITIONAL_MODULES += --without-http_upstream_hash_module +endif ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_IP_HASH),y) ADDITIONAL_MODULES += --without-http_upstream_ip_hash_module endif -ifeq ($(CONFIG_NGINX_PROXYPROTOCOL),y) - ADDITIONAL_MODULES += --with-proxy-protocol +ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_LEAST_CONN),y) + ADDITIONAL_MODULES += --without-http_upstream_least_conn_module endif -ifeq ($(CONFIG_NGINX_SYSLOG),y) - ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-syslog -endif -ifeq ($(CONFIG_NGINX_HTTP_UPSTREAM_CHECK),y) - ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-upstream-check +ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_KEEPALIVE),y) + ADDITIONAL_MODULES += --without-http_upstream_keepalive_module endif define Build/Configure - # TODO: fix --crossbuild - (cd $(PKG_BUILD_DIR) ;\ - $(if $(CONFIG_NGINX_LUA),LUA_INC=$(STAGING_DIR)/usr/include LUA_LIB=$(STAGING_DIR)/usr/lib) \ + ( cd $(PKG_BUILD_DIR) ; \ ./configure \ --crossbuild=Linux::$(ARCH) \ --prefix=/usr \ @@ -205,7 +197,9 @@ define Build/Configure --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ --with-cc="$(TARGET_CC)" \ --with-cc-opt="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \ - --with-ld-opt="$(TARGET_LDFLAGS)" ) + --with-ld-opt="$(TARGET_LDFLAGS)" \ + --without-http_upstream_zone_module \ + ) endef define Package/nginx/install @@ -217,137 +211,4 @@ define Package/nginx/install $(INSTALL_BIN) ./files/nginx.init $(1)/etc/init.d/nginx endef -define Build/Prepare - $(call Build/Prepare/Default) - $(if $(CONFIG_NGINX_LUA),$(call Prepare/lua-nginx)) - $(if $(CONFIG_NGINX_SPNEGO),$(call Prepare/spnego-http-auth-nginx-module)) - $(if $(CONFIG_NGINX_NAXSI),$(call Prepare/nginx-naxsi)) - $(if $(CONFIG_NGINX_SYSLOG),$(call Prepare/nginx-syslog)) - $(if $(CONFIG_NGINX_HTTP_UPSTREAM_CHECK),$(call Prepare/nginx-upstream-check)) -endef - -define Download/lua-nginx - VERSION:=d3ab0edd45bffe1b9a36abdf5bff544de436ccee - SUBDIR:=lua-nginx - FILE:=lua-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz - URL:=https://github.com/chaoslawful/lua-nginx-module.git - PROTO:=git -endef - -define Prepare/lua-nginx - $(eval $(call Download,lua-nginx)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) - $(call PatchDir,$(PKG_BUILD_DIR),./patches-lua-nginx) -endef - -define Download/nginx-upstream-check - VERSION:=d40b9f956d9d978005bb15616d2f283d4e3d2031 - SUBDIR:=nginx-upstream-check - FILE:=nginx-upstream-check-$(PKG_VERSION)-$$(VERSION).tar.gz - URL:=https://github.com/yaoweibin/nginx_upstream_check_module.git - PROTO:=git -endef - -define Prepare/nginx-upstream-check - $(eval $(call Download,nginx-upstream-check)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) - $(call PatchDir,$(PKG_BUILD_DIR),./patches-nginx-upstream-check) -endef - - -define Package/nginx-naxsi - MENU:=1 - $(call Package/nginx) - TITLE:=nginx-naxsi - DEPENDS:=nginx @NGINX_NAXSI -endef - -define Package/nginx-naxsi/description - NGINX WAF NAXSI -endef - -define Package/nginx-proxyprotocol - MENU:=1 - $(call Package/nginx) - TITLE:=nginx - DEPENDS:=nginx @NGINX_PROXYPROTOCOL -endef - -define Package/nginx-proxyprotocol/description - IMPLEMENT Proxy Protocol -endef - -define Package/nginx-syslog - MENU:=1 - $(call Package/nginx) - TITLE:=nginx-syslog - DEPENDS:=nginx @NGINX_SYSLOG -endef - -define Package/nginx-syslog/description - IMPLEMENT Syslog Protocol -endef - -define Download/nginx-naxsi - VERSION:=34dcb45fe4fdcb144c5258d83672f8e1e1c8db2e - SUBDIR:=nginx-naxsi - FILE:=nginx-naxsi-module-$(PKG_VERSION)-$$(VERSION).tar.gz - URL:=https://github.com/nbs-system/naxsi.git - PROTO:=git -endef - -define Prepare/nginx-naxsi - $(eval $(call Download,nginx-naxsi)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) -endef - -define Package/nginx-naxsi/install - $(INSTALL_DIR) $(1)/etc/nginx - $(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-naxsi/naxsi_config/naxsi_core.rules $(1)/etc/nginx - chmod 0640 $(1)/etc/nginx/naxsi_core.rules -endef - -define Download/nginx-syslog - VERSION:=7abf48e52552c40a21463e1a8c608e0e575261cd - SUBDIR:=nginx-syslog - FILE:=nginx-syslog-module-$(PKG_VERSION)-$$(VERSION).tar.gz - URL:=https://github.com/splitice/nginx_syslog_patch.git - PROTO:=git -endef - -define Prepare/nginx-syslog - $(eval $(call Download,nginx-syslog)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) -endef - -define Package/nginx-proxyprotocol/install - $(INSTALL_DIR) $(1)/etc/nginx - $(INSTALL_BIN) ./files/nginx.proxyprotocol.example $(1)/etc/nginx/nginx.conf.proxyprotocol - chmod 0640 $(1)/etc/nginx/nginx.conf.proxyprotocol -endef - -define Package/nginx-syslog/install - $(INSTALL_DIR) $(1)/etc/nginx - $(INSTALL_BIN) ./files/nginx.syslog.example $(1)/etc/nginx/nginx.conf.syslog - chmod 0640 $(1)/etc/nginx/nginx.conf.syslog -endef - - -define Download/spnego-http-auth-nginx-module - VERSION:=c85a38c595 - SUBDIR:=spnego-http-auth-nginx-module - FILE:=spnego-http-auth-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz - URL:=https://github.com/stnoonan/spnego-http-auth-nginx-module - PROTO:=git -endef - -define Prepare/spnego-http-auth-nginx-module - $(eval $(call Download,spnego-http-auth-nginx-module)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) -endef - $(eval $(call BuildPackage,nginx)) -$(eval $(call BuildPackage,nginx-naxsi)) -$(eval $(call BuildPackage,nginx-proxyprotocol)) -$(eval $(call BuildPackage,nginx-syslog)) - diff --git a/net/nginx/files/nginx.init b/net/nginx/files/nginx.init index adf36b442..d47d46f89 100644 --- a/net/nginx/files/nginx.init +++ b/net/nginx/files/nginx.init @@ -1,24 +1,17 @@ #!/bin/sh /etc/rc.common -# Copyright (C) 2009-2012 OpenWrt.org +# Copyright (C) 2015 OpenWrt.org START=50 -NGINX_BIN=/usr/sbin/nginx -start() { - mkdir -p /var/log/nginx - mkdir -p /var/lib/nginx - $NGINX_BIN +USE_PROCD=1 + +start_service() { + [ -d /var/log/nginx ] || mkdir -p /var/log/nginx + [ -d /var/lib/nginx ] || mkdir -p /var/lib/nginx + + procd_open_instance + procd_set_param command /usr/sbin/nginx -c /etc/nginx/nginx.conf -g 'daemon off;' + procd_set_param file /etc/nginx/nginx.conf + procd_set_param respawn + procd_close_instance } - -stop() { - $NGINX_BIN -s stop -} - -reload() { - $NGINX_BIN -s reload -} - -shutdown() { - $NGINX_BIN -s quit -} - diff --git a/net/nginx/files/nginx.proxyprotocol.example b/net/nginx/files/nginx.proxyprotocol.example deleted file mode 100644 index ab4bad625..000000000 --- a/net/nginx/files/nginx.proxyprotocol.example +++ /dev/null @@ -1,40 +0,0 @@ -worker_processes 1; -pid /tmp/nginx.pid; -daemon off; -master_process off; -error_log stderr debug_core; - -events { - debug_connection ; - debug_connection ; - worker_connections 1024; -} - -http { - default_type application/octet-stream; - client_body_temp_path /tmp/body 1; - - access_log /tmp/nginx_access.log; - - server { -# listen 8082 ssl; -# proxy protocol configuration for nginx 1.4.x: - listen 8082 accept_proxy_protocol=on; -# same with spdy enabled: -# listen 8082 spdy ssl accept_proxy_protocol=on; - listen [::]:8082 ipv6only=on; - ssl_certificate /your/certificate; - ssl_certificate_key /your/key; - server_name localhost; -# proxy protocol configuration for nginx 1.2.x: -# accept_proxy_protocol on; - - location / { - proxy_pass http://127.0.0.1:8084; - proxy_set_header X-Real-IP $remote_addr; - proxy_connect_timeout 10s; - proxy_read_timeout 10s; - send_proxy_protocol on; - } - } -} diff --git a/net/nginx/files/nginx.syslog.example b/net/nginx/files/nginx.syslog.example deleted file mode 100644 index 05943448d..000000000 --- a/net/nginx/files/nginx.syslog.example +++ /dev/null @@ -1,59 +0,0 @@ -worker_processes 1; - -syslog local6 nginx; - -events { - worker_connections 1024; -} - -http { - include mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] $request ' - '"$status" $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - server { - listen 80; - server_name localhost; - - #send the log to syslog and file. - access_log syslog:notice|logs/host1.access.log main; - - # pre 1.5.x - error_log syslog:notice|logs/host1.error.log; - - location / { - root html; - index index.html index.htm; - } - } - - server { - listen 80; - server_name www.example.com; - - access_log syslog:warn|logs/host2.access.log main; - error_log syslog:warn|logs/host2.error.log; - - location / { - root html; - index index.html index.htm; - } - } - - server { - listen 80; - server_name www.test.com; - - #send the log just to syslog. - access_log syslog:error main; - error_log syslog:error; - - location / { - root html; - index index.html index.htm; - } - } -} diff --git a/net/nginx/patches-lua-nginx/300-ldl.patch b/net/nginx/patches-lua-nginx/300-ldl.patch deleted file mode 100644 index d826bcf26..000000000 --- a/net/nginx/patches-lua-nginx/300-ldl.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- a/lua-nginx/config -+++ b/lua-nginx/config -@@ -1,5 +1,5 @@ - ngx_feature="Lua library" --ngx_feature_libs="-llua -lm" -+ngx_feature_libs="-llua -lm -ldl" - ngx_feature_name= - ngx_feature_run=no - ngx_feature_incs="#include " -@@ -47,9 +47,9 @@ else - ngx_feature="Lua library in $LUA_LIB and $LUA_INC (specified by the LUA_LIB and LUA_INC env)" - ngx_feature_path="$LUA_INC" - if [ $NGX_RPATH = YES ]; then -- ngx_feature_libs="-R$LUA_LIB -L$LUA_LIB -llua -lm" -+ ngx_feature_libs="-R$LUA_LIB -L$LUA_LIB -llua -lm -ldl" - else -- ngx_feature_libs="-L$LUA_LIB -llua -lm" -+ ngx_feature_libs="-L$LUA_LIB -llua -lm -ldl" - fi - - . auto/feature diff --git a/net/nginx/patches-nginx-upstream-check/check_1.2.6+.patch b/net/nginx/patches-nginx-upstream-check/check_1.2.6+.patch deleted file mode 100644 index 3ab913472..000000000 --- a/net/nginx/patches-nginx-upstream-check/check_1.2.6+.patch +++ /dev/null @@ -1,209 +0,0 @@ -diff --git a/src/http/modules/ngx_http_upstream_ip_hash_module.c b/src/http/modules/ngx_http_upstream_ip_hash_module.c -index 89ccc2b..a552044 100644 ---- a/src/http/modules/ngx_http_upstream_ip_hash_module.c -+++ b/src/http/modules/ngx_http_upstream_ip_hash_module.c -@@ -9,6 +9,10 @@ - #include - #include - -+#if (NGX_UPSTREAM_CHECK_MODULE) -+#include "ngx_http_upstream_check_handler.h" -+#endif -+ - - typedef struct { - /* the round robin data must be first */ -@@ -208,6 +212,12 @@ ngx_http_upstream_get_ip_hash_peer(ngx_peer_connection_t *pc, void *data) - - if (!peer->down) { - -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "get ip_hash peer, check_index: %ui", -+ peer->check_index); -+ if (!ngx_http_check_peer_down(peer->check_index)) { -+#endif - if (peer->max_fails == 0 || peer->fails < peer->max_fails) { - break; - } -@@ -216,6 +226,9 @@ ngx_http_upstream_get_ip_hash_peer(ngx_peer_connection_t *pc, void *data) - peer->checked = now; - break; - } -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ } -+#endif - } - - iphp->rrp.tried[n] |= m; -diff --git a/src/http/modules/ngx_http_upstream_least_conn_module.c b/src/http/modules/ngx_http_upstream_least_conn_module.c -index 21156ae..c57393d 100644 ---- a/src/http/modules/ngx_http_upstream_least_conn_module.c -+++ b/src/http/modules/ngx_http_upstream_least_conn_module.c -@@ -9,6 +9,10 @@ - #include - #include - -+#if (NGX_UPSTREAM_CHECK_MODULE) -+#include "ngx_http_upstream_check_handler.h" -+#endif -+ - - typedef struct { - ngx_uint_t *conns; -@@ -203,6 +207,16 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t *pc, void *data) - continue; - } - -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "get least_conn peer, check_index: %ui", -+ peer->check_index); -+ -+ if (ngx_http_check_peer_down(peer->check_index)) { -+ continue; -+ } -+#endif -+ - if (peer->max_fails - && peer->fails >= peer->max_fails - && now - peer->checked <= peer->fail_timeout) -@@ -256,6 +270,16 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t *pc, void *data) - continue; - } - -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "get least_conn peer, check_index: %ui", -+ peer->check_index); -+ -+ if (ngx_http_check_peer_down(peer->check_index)) { -+ continue; -+ } -+#endif -+ - if (lcp->conns[i] * best->weight != lcp->conns[p] * peer->weight) { - continue; - } -diff --git a/src/http/ngx_http_upstream_round_robin.c b/src/http/ngx_http_upstream_round_robin.c -index 4b78cff..f077b46 100644 ---- a/src/http/ngx_http_upstream_round_robin.c -+++ b/src/http/ngx_http_upstream_round_robin.c -@@ -9,6 +9,9 @@ - #include - #include - -+#if (NGX_UPSTREAM_CHECK_MODULE) -+#include "ngx_http_upstream_check_handler.h" -+#endif - - static ngx_int_t ngx_http_upstream_cmp_servers(const void *one, - const void *two); -@@ -87,7 +90,17 @@ ngx_http_upstream_init_round_robin(ngx_conf_t *cf, - peers->peer[n].weight = server[i].weight; - peers->peer[n].effective_weight = server[i].weight; - peers->peer[n].current_weight = 0; -- n++; -+ -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ if (!server[i].down) { -+ peers->peer[n].check_index = -+ ngx_http_check_add_peer(cf, us, &server[i].addrs[j]); -+ } -+ else { -+ peers->peer[n].check_index = (ngx_uint_t) NGX_ERROR; -+ } -+#endif -+ n++; - } - } - -@@ -145,6 +158,17 @@ ngx_http_upstream_init_round_robin(ngx_conf_t *cf, - backup->peer[n].max_fails = server[i].max_fails; - backup->peer[n].fail_timeout = server[i].fail_timeout; - backup->peer[n].down = server[i].down; -+ -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ if (!server[i].down) { -+ backup->peer[n].check_index = -+ ngx_http_check_add_peer(cf, us, &server[i].addrs[j]); -+ } -+ else { -+ backup->peer[n].check_index = (ngx_uint_t) NGX_ERROR; -+ } -+#endif -+ - n++; - } - } -@@ -206,6 +230,9 @@ ngx_http_upstream_init_round_robin(ngx_conf_t *cf, - peers->peer[i].current_weight = 0; - peers->peer[i].max_fails = 1; - peers->peer[i].fail_timeout = 10; -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ peers->peer[i].check_index = (ngx_uint_t) NGX_ERROR; -+#endif - } - - us->peer.data = peers; -@@ -323,6 +350,9 @@ ngx_http_upstream_create_round_robin_peer(ngx_http_request_t *r, - peers->peer[0].current_weight = 0; - peers->peer[0].max_fails = 1; - peers->peer[0].fail_timeout = 10; -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ peers->peer[0].check_index = (ngx_uint_t) NGX_ERROR; -+#endif - - } else { - -@@ -356,6 +386,9 @@ ngx_http_upstream_create_round_robin_peer(ngx_http_request_t *r, - peers->peer[i].current_weight = 0; - peers->peer[i].max_fails = 1; - peers->peer[i].fail_timeout = 10; -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ peers->peer[i].check_index = (ngx_uint_t) NGX_ERROR; -+#endif - } - } - -@@ -434,6 +467,12 @@ ngx_http_upstream_get_round_robin_peer(ngx_peer_connection_t *pc, void *data) - goto failed; - } - -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ if (ngx_http_check_peer_down(peer->check_index)) { -+ goto failed; -+ } -+#endif -+ - } else { - - /* there are several peers */ -@@ -531,6 +570,12 @@ ngx_http_upstream_get_peer(ngx_http_upstream_rr_peer_data_t *rrp) - continue; - } - -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ if (ngx_http_check_peer_down(peer->check_index)) { -+ continue; -+ } -+#endif -+ - if (peer->max_fails - && peer->fails >= peer->max_fails - && now - peer->checked <= peer->fail_timeout) -diff --git a/src/http/ngx_http_upstream_round_robin.h b/src/http/ngx_http_upstream_round_robin.h -index 3f8cbf8..1613168 100644 ---- a/src/http/ngx_http_upstream_round_robin.h -+++ b/src/http/ngx_http_upstream_round_robin.h -@@ -30,6 +30,10 @@ typedef struct { - ngx_uint_t max_fails; - time_t fail_timeout; - -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ ngx_uint_t check_index; -+#endif -+ - ngx_uint_t down; /* unsigned down:1; */ - - #if (NGX_HTTP_SSL) diff --git a/net/nginx/patches/100-musl-no-sysctl.patch b/net/nginx/patches/100-musl-no-sysctl.patch deleted file mode 100644 index 4e35bf6ba..000000000 --- a/net/nginx/patches/100-musl-no-sysctl.patch +++ /dev/null @@ -1,35 +0,0 @@ -Index: nginx-1.4.7/src/os/unix/ngx_linux_config.h -=================================================================== ---- nginx-1.4.7.orig/src/os/unix/ngx_linux_config.h -+++ nginx-1.4.7/src/os/unix/ngx_linux_config.h -@@ -51,7 +51,6 @@ - #include /* memalign() */ - #include /* IOV_MAX */ - #include --#include - #include - #include /* uname() */ - ---- nginx-1.2.7/src/os/unix/ngx_user.c -+++ nginx-1.2.7-patched/src/os/unix/ngx_user.c -@@ -31,8 +31,6 @@ - struct crypt_data cd; - - cd.initialized = 0; -- /* work around the glibc bug */ -- cd.current_salt[0] = ~salt[0]; - - value = crypt_r((char *) key, (char *) salt, &cd); - -diff --git a/auto/lib/openssl/conf b/auto/lib/openssl/conf -index 528ee17..73ef359 100644 ---- a/auto/lib/openssl/conf -+++ b/auto/lib/openssl/conf -@@ -47,7 +47,7 @@ else - ngx_feature_run=no - ngx_feature_incs="#include " - ngx_feature_path= -- ngx_feature_libs="-lssl -lcrypto" -+ ngx_feature_libs="-lssl -lcrypto -lz" - ngx_feature_test="SSL_library_init()" - . auto/feature diff --git a/net/nginx/patches/101-feature_test_fix.patch b/net/nginx/patches/101-feature_test_fix.patch index 8e15fe96e..a345c0e3c 100644 --- a/net/nginx/patches/101-feature_test_fix.patch +++ b/net/nginx/patches/101-feature_test_fix.patch @@ -11,7 +11,7 @@ ngx_feature_libs= --- a/auto/cc/conf +++ b/auto/cc/conf -@@ -155,7 +155,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then +@@ -178,7 +178,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then else ngx_feature="C99 variadic macros" ngx_feature_name="NGX_HAVE_C99_VARIADIC_MACROS" @@ -20,7 +20,7 @@ ngx_feature_incs="#include #define var(dummy, ...) sprintf(__VA_ARGS__)" ngx_feature_path= -@@ -169,7 +169,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then +@@ -192,7 +192,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then ngx_feature="gcc variadic macros" ngx_feature_name="NGX_HAVE_GCC_VARIADIC_MACROS" @@ -31,7 +31,7 @@ ngx_feature_path= --- a/auto/os/linux +++ b/auto/os/linux -@@ -48,7 +48,7 @@ fi +@@ -36,7 +36,7 @@ fi ngx_feature="epoll" ngx_feature_name="NGX_HAVE_EPOLL" @@ -40,7 +40,7 @@ ngx_feature_incs="#include " ngx_feature_path= ngx_feature_libs= -@@ -73,7 +73,7 @@ fi +@@ -93,7 +93,7 @@ ngx_feature_test="int fd; struct stat sb CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE" ngx_feature="sendfile()" ngx_feature_name="NGX_HAVE_SENDFILE" @@ -49,7 +49,7 @@ ngx_feature_incs="#include #include " ngx_feature_path= -@@ -94,7 +94,7 @@ fi +@@ -114,7 +114,7 @@ fi CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64" ngx_feature="sendfile64()" ngx_feature_name="NGX_HAVE_SENDFILE64" @@ -58,7 +58,7 @@ ngx_feature_incs="#include #include " ngx_feature_path= -@@ -112,7 +112,7 @@ ngx_include="sys/prctl.h"; . auto/includ +@@ -132,7 +132,7 @@ ngx_include="sys/prctl.h"; . auto/includ ngx_feature="prctl(PR_SET_DUMPABLE)" ngx_feature_name="NGX_HAVE_PR_SET_DUMPABLE" @@ -69,7 +69,7 @@ ngx_feature_libs= --- a/auto/unix +++ b/auto/unix -@@ -618,7 +618,7 @@ ngx_feature_test="void *p; p = memalign( +@@ -678,7 +678,7 @@ ngx_feature_test="void *p; p = memalign( ngx_feature="mmap(MAP_ANON|MAP_SHARED)" ngx_feature_name="NGX_HAVE_MAP_ANON" @@ -78,7 +78,7 @@ ngx_feature_incs="#include " ngx_feature_path= ngx_feature_libs= -@@ -631,7 +631,7 @@ ngx_feature_test="void *p; +@@ -691,7 +691,7 @@ ngx_feature_test="void *p; ngx_feature='mmap("/dev/zero", MAP_SHARED)' ngx_feature_name="NGX_HAVE_MAP_DEVZERO" @@ -87,7 +87,7 @@ ngx_feature_incs="#include #include #include " -@@ -646,7 +646,7 @@ ngx_feature_test='void *p; int fd; +@@ -706,7 +706,7 @@ ngx_feature_test='void *p; int fd; ngx_feature="System V shared memory" ngx_feature_name="NGX_HAVE_SYSVSHM" @@ -96,7 +96,7 @@ ngx_feature_incs="#include #include " ngx_feature_path= -@@ -660,7 +660,7 @@ ngx_feature_test="int id; +@@ -720,7 +720,7 @@ ngx_feature_test="int id; ngx_feature="POSIX semaphores" ngx_feature_name="NGX_HAVE_POSIX_SEM" diff --git a/net/nginx/patches/300-crosscompile_ccflags.patch b/net/nginx/patches/300-crosscompile_ccflags.patch deleted file mode 100644 index 4a06a7696..000000000 --- a/net/nginx/patches/300-crosscompile_ccflags.patch +++ /dev/null @@ -1,33 +0,0 @@ ---- a/auto/endianness -+++ b/auto/endianness -@@ -21,7 +21,7 @@ int main() { - - END - --ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \ -+ngx_test="$CC $NGX_CC_OPT $CC_TEST_FLAGS $CC_AUX_FLAGS \ - -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs" - - eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1" ---- a/auto/feature -+++ b/auto/feature -@@ -39,7 +39,7 @@ int main() { - END - - --ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS $ngx_feature_inc_path \ -+ngx_test="$CC $NGX_CC_OPT $CC_TEST_FLAGS $CC_AUX_FLAGS $ngx_feature_inc_path \ - -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_TEST_LD_OPT $ngx_feature_libs" - - ngx_feature_inc_path= ---- a/auto/include -+++ b/auto/include -@@ -27,7 +27,7 @@ int main() { - END - - --ngx_test="$CC -o $NGX_AUTOTEST $NGX_AUTOTEST.c" -+ngx_test="$CC $NGX_CC_OPT -o $NGX_AUTOTEST $NGX_AUTOTEST.c" - - eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1" - diff --git a/net/nginx/patches/400-nginx-1.4.x_proxy_protocol_patch_v2.patch b/net/nginx/patches/400-nginx-1.4.x_proxy_protocol_patch_v2.patch deleted file mode 100644 index ba63834e8..000000000 --- a/net/nginx/patches/400-nginx-1.4.x_proxy_protocol_patch_v2.patch +++ /dev/null @@ -1,1183 +0,0 @@ -Index: nginx-1.4.7/auto/modules -=================================================================== ---- nginx-1.4.7.orig/auto/modules -+++ nginx-1.4.7/auto/modules -@@ -297,6 +297,10 @@ if [ $HTTP_SSL = YES ]; then - HTTP_SRCS="$HTTP_SRCS $HTTP_SSL_SRCS" - fi - -+if [ $PROXY_PROTOCOL = YES ]; then -+ have=NGX_PROXY_PROTOCOL . auto/have -+fi -+ - if [ $HTTP_PROXY = YES ]; then - have=NGX_HTTP_X_FORWARDED_FOR . auto/have - #USE_MD5=YES -Index: nginx-1.4.7/auto/options -=================================================================== ---- nginx-1.4.7.orig/auto/options -+++ nginx-1.4.7/auto/options -@@ -47,6 +47,8 @@ USE_THREADS=NO - NGX_FILE_AIO=NO - NGX_IPV6=NO - -+PROXY_PROTOCOL=NO -+ - HTTP=YES - - NGX_HTTP_LOG_PATH= -@@ -192,6 +194,8 @@ do - --with-file-aio) NGX_FILE_AIO=YES ;; - --with-ipv6) NGX_IPV6=YES ;; - -+ --with-proxy-protocol) PROXY_PROTOCOL=YES ;; -+ - --without-http) HTTP=NO ;; - --without-http-cache) HTTP_CACHE=NO ;; - -@@ -350,6 +354,8 @@ cat << END - --with-file-aio enable file AIO support - --with-ipv6 enable IPv6 support - -+ --with-proxy-protocol enable proxy protocol support -+ - --with-http_ssl_module enable ngx_http_ssl_module - --with-http_spdy_module enable ngx_http_spdy_module - --with-http_realip_module enable ngx_http_realip_module -Index: nginx-1.4.7/auto/sources -=================================================================== ---- nginx-1.4.7.orig/auto/sources -+++ nginx-1.4.7/auto/sources -@@ -36,7 +36,8 @@ CORE_DEPS="src/core/nginx.h \ - src/core/ngx_conf_file.h \ - src/core/ngx_resolver.h \ - src/core/ngx_open_file_cache.h \ -- src/core/ngx_crypt.h" -+ src/core/ngx_crypt.h \ -+ src/core/ngx_proxy_protocol.h" - - - CORE_SRCS="src/core/nginx.c \ -@@ -67,7 +68,8 @@ CORE_SRCS="src/core/nginx.c \ - src/core/ngx_conf_file.c \ - src/core/ngx_resolver.c \ - src/core/ngx_open_file_cache.c \ -- src/core/ngx_crypt.c" -+ src/core/ngx_crypt.c \ -+ src/core/ngx_proxy_protocol.c" - - - REGEX_MODULE=ngx_regex_module -Index: nginx-1.4.7/src/core/ngx_connection.h -=================================================================== ---- nginx-1.4.7.orig/src/core/ngx_connection.h -+++ nginx-1.4.7/src/core/ngx_connection.h -@@ -63,6 +63,10 @@ struct ngx_listening_s { - unsigned shared:1; /* shared between threads or processes */ - unsigned addr_ntop:1; - -+#if (NGX_PROXY_PROTOCOL) -+ unsigned accept_proxy_protocol:2; /* proxy_protocol flag */ -+#endif -+ - #if (NGX_HAVE_INET6 && defined IPV6_V6ONLY) - unsigned ipv6only:1; - #endif -@@ -148,6 +152,10 @@ struct ngx_connection_s { - - ngx_uint_t requests; - -+#if (NGX_PROXY_PROTOCOL) -+ ngx_uint_t proxy_protocol; -+#endif -+ - unsigned buffered:8; - - unsigned log_error:3; /* ngx_connection_log_error_e */ -Index: nginx-1.4.7/src/core/ngx_core.h -=================================================================== ---- nginx-1.4.7.orig/src/core/ngx_core.h -+++ nginx-1.4.7/src/core/ngx_core.h -@@ -77,6 +77,9 @@ typedef void (*ngx_connection_handler_pt - #include - #include - #include -+#if (NGX_PROXY_PROTOCOL) -+#include -+#endif - - - #define LF (u_char) 10 -Index: nginx-1.4.7/src/core/ngx_proxy_protocol.c -=================================================================== ---- /dev/null -+++ nginx-1.4.7/src/core/ngx_proxy_protocol.c -@@ -0,0 +1,430 @@ -+ -+/* -+ * Copyright (C) Baptiste Assmann -+ * Copyright (C) Exceliance -+ */ -+ -+ -+#include -+#include -+#include -+ -+#if (NGX_PROXY_PROTOCOL) -+ -+int -+ngx_recv_proxy_protocol(ngx_connection_t *c, u_char *buf, ssize_t n) -+{ -+ u_char *end, *p, *t; -+ size_t len; -+ ssize_t s; -+ int step = 0; -+ ngx_proxy_protocol_t pp; -+ -+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "processing proxy protocol"); -+ -+ /* 16 is the minimal length of the proxy protocol string */ -+ if (n < 18) { -+ step = 1; -+ goto fail; -+ } -+ -+ s = n; -+ end = memchr(buf, '\n', n); -+ if (end == NULL) { -+ step = 2; -+ goto fail; -+ } -+ -+ p = buf; -+ if (memcmp(p, "PROXY ", 6) != 0) { -+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, -+ "incorrect proxy protocol header string"); -+ step = 3; -+ goto fail; -+ } -+ p += 6; -+ s -= 6; -+ if (s <= 0) { -+ step = 4; -+ goto fail; -+ } -+ -+ ngx_memzero(&pp, sizeof(ngx_proxy_protocol_t)); -+ -+ if (memcmp(p, "TCP4 ", 5) == 0) { -+ struct sockaddr_in *sin_src; -+ struct sockaddr_in *sin_dst; -+ -+ pp.pp_proto = NGX_PP_PROTO_TCP4; -+ pp.pp_src3.ss_family = AF_INET; -+ pp.pp_dst3.ss_family = AF_INET; -+ sin_src = (struct sockaddr_in *) &pp.pp_src3; -+ sin_dst = (struct sockaddr_in *) &pp.pp_dst3; -+ -+ p += 5; -+ s -= 5; -+ if (s <= 0) { -+ step = 5; -+ goto fail; -+ } -+ -+ /* l3 source address */ -+ if ( (t = (u_char *)memchr(p, ' ', s)) == NULL ) { -+ step = 6; -+ goto fail; -+ } -+ len = t - p; -+ if ((sin_src->sin_addr.s_addr = ngx_inet_addr(p, len)) == INADDR_NONE) { -+ step = 7; -+ goto fail; -+ } -+ pp.pp_src3_text.data = ngx_pcalloc(c->pool, len + 1); -+ ngx_memcpy(pp.pp_src3_text.data, p, len); -+ pp.pp_src3_text.len = len; -+ -+ p += (len + 1); -+ s -= (len + 1); -+ if (s <= 0) { -+ step = 8; -+ goto fail; -+ } -+ -+ /* l3 destination address */ -+ if ( (t = (u_char *)memchr(p, ' ', s)) == NULL ) { -+ step = 9; -+ goto fail; -+ } -+ len = t - p; -+ if ((sin_dst->sin_addr.s_addr = ngx_inet_addr(p, len)) == INADDR_NONE) { -+ step = 10; -+ goto fail; -+ } -+// FIXME pointer shift ??? -+ pp.pp_dst3_text.data = ngx_pcalloc(c->pool, len + 1); -+ ngx_memcpy(pp.pp_dst3_text.data, p, len); -+ pp.pp_dst3_text.len = len; -+ -+ p += (len + 1); -+ s -= (len + 1); -+ if (s <= 0) { -+ step = 11; -+ goto fail; -+ } -+ -+ /* l4 source port */ -+ if ( (t = (u_char *)memchr(p, ' ', s)) == NULL ) { -+ step = 12; -+ goto fail; -+ } -+ len = t - p; -+ pp.pp_src4 = ngx_atoi(p, len); -+ if ((pp.pp_src4 < 1024) -+ || (pp.pp_src4 > 65535)) { -+ step = 13; -+ goto fail; -+ } -+ sin_src->sin_port = htons(pp.pp_src4); -+ -+ p += (len + 1); -+ s -= (len + 1); -+ if (s <= 0) { -+ step = 14; -+ goto fail; -+ } -+ -+ /* l4 destination port */ -+ if ( (t = (u_char *)memchr(p, '\r', s)) == NULL ) { -+ step = 15; -+ goto fail; -+ } -+ len = t - p; -+ pp.pp_dst4 = ngx_atoi(p, len); -+ if (pp.pp_dst4 > 65535) { -+ step = 16; -+ goto fail; -+ } -+ sin_dst->sin_port = htons(pp.pp_dst4); -+ -+ if (p[len + 1] != '\n') { -+ step = 17; -+ goto fail; -+ } -+ -+ p += (len + 2); -+ s -= (len + 2); -+ -+ -+ /* if we managed to get there, then we can safely replace the -+ * information in the connection structure -+ */ -+ -+ /* updating connection with source information provided by proxy protocol */ -+ if (pp.pp_src3_text.len > c->addr_text.len) { -+ ngx_pfree(c->pool, c->addr_text.data); -+ c->addr_text.data = ngx_pcalloc(c->pool, pp.pp_src3_text.len); -+ } else { -+ ngx_memzero(c->addr_text.data, c->addr_text.len); -+ } -+ ngx_memcpy(c->addr_text.data, pp.pp_src3_text.data, pp.pp_src3_text.len); -+ c->addr_text.len = pp.pp_src3_text.len; -+ -+ ngx_pfree(c->pool, c->sockaddr); -+ c->socklen = NGX_SOCKADDRLEN; -+ c->sockaddr = ngx_pcalloc(c->pool, c->socklen); -+ ngx_memcpy(c->sockaddr, sin_src, c->socklen); -+ -+ if (c->sockaddr->sa_family != AF_INET) { -+ ngx_pfree(c->pool, c->sockaddr); -+ c->socklen = NGX_SOCKADDRLEN; -+ c->sockaddr = ngx_pcalloc(c->pool, c->socklen); -+ } else { -+ ngx_memzero(c->sockaddr, sizeof(struct sockaddr_in)); -+ c->socklen = NGX_SOCKADDRLEN; -+ } -+ ngx_memcpy(c->sockaddr, sin_src, c->socklen); -+ -+ /* updating connection with destination information provided by proxy protocol */ -+ ngx_pfree(c->pool, c->local_sockaddr); -+ c->local_sockaddr = ngx_pcalloc(c->pool, NGX_SOCKADDRLEN); -+ ngx_memcpy(c->local_sockaddr, sin_dst, NGX_SOCKADDRLEN); -+ -+ } -+ -+#if (NGX_HAVE_INET6) -+ -+ else if (memcmp(p, "TCP6 ", 5) == 0) { -+ -+ struct sockaddr_in6 *sin6_src; -+ struct sockaddr_in6 *sin6_dst; -+ -+ pp.pp_proto = NGX_PP_PROTO_TCP6; -+ pp.pp_src3.ss_family = AF_INET6; -+ pp.pp_dst3.ss_family = AF_INET6; -+ sin6_src = (struct sockaddr_in6 *) &pp.pp_src3; -+ sin6_dst = (struct sockaddr_in6 *) &pp.pp_dst3; -+ -+ p += 5; -+ s -= 5; -+ if (s <= 0) { -+ step = 18; -+ goto fail; -+ } -+ -+ /* l3 source address */ -+ if ( (t = (u_char *)memchr(p, ' ', s)) == NULL ) { -+ step = 19; -+ goto fail; -+ } -+ len = t - p; -+ if (ngx_inet6_addr(p, len, sin6_src->sin6_addr.s6_addr) != NGX_OK) { -+ step = 20; -+ goto fail; -+ } -+ pp.pp_src3_text.data = ngx_pcalloc(c->pool, len + 1); -+ ngx_memcpy(pp.pp_src3_text.data, p, len); -+ pp.pp_src3_text.len = len; -+ -+ p += (len + 1); -+ s -= (len + 1); -+ if (s <= 0) { -+ step = 21; -+ goto fail; -+ } -+ -+ /* l3 destination address */ -+ if ( (t = (u_char *)memchr(p, ' ', s)) == NULL ) { -+ step = 22; -+ goto fail; -+ } -+ len = t - p; -+ if (ngx_inet6_addr(p, len, sin6_dst->sin6_addr.s6_addr) != NGX_OK) { -+ step = 23; -+ goto fail; -+ } -+ pp.pp_dst3_text.data = ngx_pcalloc(c->pool, len + 1); -+ ngx_memcpy(pp.pp_dst3_text.data, p, len); -+ pp.pp_dst3_text.len = len; -+ -+ p += (len + 1); -+ s -= (len + 1); -+ if (s <= 0) { -+ step = 24; -+ goto fail; -+ } -+ -+ /* l4 source port */ -+ if ( (t = (u_char *)memchr(p, ' ', s)) == NULL ) { -+ step = 25; -+ goto fail; -+ } -+ len = t - p; -+ pp.pp_src4 = ngx_atoi(p, len); -+ if ((pp.pp_src4 < 1024) -+ || (pp.pp_src4 > 65535)) { -+ step = 26; -+ goto fail; -+ } -+ sin6_src->sin6_port = htons(pp.pp_src4); -+ -+ p += (len + 1); -+ s -= (len + 1); -+ if (s <= 0) { -+ step = 27; -+ goto fail; -+ } -+ -+ /* l4 destination port */ -+ if ( (t = (u_char *)memchr(p, '\r', s)) == NULL ) { -+ step = 28; -+ goto fail; -+ } -+ len = t - p; -+ pp.pp_dst4 = ngx_atoi(p, len); -+ if (pp.pp_dst4 > 65535) { -+ step = 29; -+ goto fail; -+ } -+ sin6_dst->sin6_port = htons(pp.pp_dst4); -+ -+ if (p[len + 1] != '\n') { -+ step = 30; -+ goto fail; -+ } -+ -+ p += (len + 2); -+ s -= (len + 2); -+ -+ /* if we managed to get there, then we can safely replace the -+ * information in the connection structure -+ */ -+ -+ /* updating connection with source provided by proxy protocol */ -+ if (pp.pp_src3_text.len > c->addr_text.len) { -+ ngx_pfree(c->pool, c->addr_text.data); -+ c->addr_text.data = ngx_pcalloc(c->pool, pp.pp_src3_text.len); -+ } else { -+ ngx_memzero(c->addr_text.data, c->addr_text.len); -+ } -+ ngx_memcpy(c->addr_text.data, pp.pp_src3_text.data, pp.pp_src3_text.len); -+ c->addr_text.len = pp.pp_src3_text.len; -+ -+ ngx_pfree(c->pool, c->sockaddr); -+ c->socklen = NGX_SOCKADDRLEN; -+ c->sockaddr = ngx_pcalloc(c->pool, c->socklen); -+ ngx_memcpy(c->sockaddr, sin6_src, c->socklen); -+ -+ /* updating connection with destination provided by proxy protocol */ -+ if (c->sockaddr->sa_family != AF_INET6) { -+ ngx_pfree(c->pool, c->local_sockaddr); -+ c->local_sockaddr = ngx_pcalloc(c->pool, NGX_SOCKADDRLEN); -+ } else { -+ ngx_memzero(c->sockaddr, sizeof(struct sockaddr_in6)); -+ c->socklen = NGX_SOCKADDRLEN; -+ } -+// ngx_memcpy(c->local_sockaddr, sin6_dst, NGX_SOCKADDRLEN); -+//FIXME must be finished here -+ -+ } -+ -+#endif -+ -+ else { -+ step = 31; -+ goto fail; -+ } -+ -+ ngx_print_proxy_protocol(&pp, c->log); -+ -+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, -+ "proxy_protocol, asking to remove %z chars", -+ end + 1 - buf); -+ -+ return (end + 1 - buf); -+ -+fail: -+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, -+ "proxy_protocol error at step: %d", step); -+ -+ return 0; -+ -+} -+ -+ -+void -+ngx_print_proxy_protocol(ngx_proxy_protocol_t *p, ngx_log_t *log) -+{ -+ switch (p->pp_proto) { -+ case NGX_PP_PROTO_TCP4: -+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, log, 0, -+ "proxy_protocol, proto: TCP4"); -+ break; -+ case NGX_PP_PROTO_TCP6: -+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, log, 0, -+ "proxy_protocol, proto: TCP6"); -+ break; -+ } -+ -+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, log, 0, -+ "proxy_protocol, string length: %d", ngx_proxy_protocol_string_length(p)); -+ ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0, -+ "proxy_protocol, src3: %s, %d", p->pp_src3_text.data, p->pp_src3_text.len); -+ ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0, -+ "proxy_protocol, dst3: %s, %d", p->pp_dst3_text.data, p->pp_dst3_text.len); -+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, log, 0, -+ "proxy_protocol, src4: %d", p->pp_src4); -+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, log, 0, -+ "proxy_protocol, dst4: %d", p->pp_dst4); -+} -+ -+ -+int -+ngx_proxy_protocol_string_length(ngx_proxy_protocol_t *p) -+{ -+ int len = 0; -+ -+ /* 'PROXY ' */ -+ len += (sizeof("PROXY ") - 1); -+ -+ /* protocol version (TCP4 or TCP6) + space */ -+ len += (sizeof("TCP0 ") - 1); -+ -+ /* src3 + space */ -+ len += p->pp_src3_text.len; -+ len += 1; -+ -+ /* dst3 + space */ -+ len += p->pp_dst3_text.len; -+ len += 1; -+ -+ /* src4 */ -+ if (p->pp_src4 < 10000) -+ /* 4 digits + 1 space */ -+ len += (sizeof("0000 ") - 1); -+ else -+ /* 5 digits + 1 space */ -+ len += (sizeof("00000 ") - 1); -+ -+ /* dst4 */ -+ if (p->pp_dst4 >= 10000) -+ /* 5 digits */ -+ len += (sizeof("00000 ") - 1); -+ else if (p->pp_dst4 >= 1000) -+ /* 4 digits */ -+ len += (sizeof("0000 ") - 1); -+ else if (p->pp_dst4 >= 100) -+ /* 3 digits */ -+ len += (sizeof("000 ") - 1); -+ else if (p->pp_dst4 >= 10) -+ /* 2 digits */ -+ len += (sizeof("00 ") - 1); -+ else -+ /* 1 digit */ -+ len += (sizeof("0 ") - 1); -+ -+ /* CRLF */ -+ len += (sizeof(CRLF) - 1); -+ -+ return len - 1; -+} -+ -+#endif -Index: nginx-1.4.7/src/core/ngx_proxy_protocol.h -=================================================================== ---- /dev/null -+++ nginx-1.4.7/src/core/ngx_proxy_protocol.h -@@ -0,0 +1,45 @@ -+ -+/* -+ * Copyright (C) Baptiste Assmann -+ * Copyright (C) Exceliance -+ */ -+ -+ -+#ifndef _NGX_PROXY_PROTOCOL_H_INCLUDED_ -+#define _NGX_PROXY_PROTOCOL_H_INCLUDED_ -+ -+ -+#include -+#include -+ -+ -+#if (NGX_PROXY_PROTOCOL) -+ -+typedef struct ngx_proxy_protocol_s ngx_proxy_protocol_t; -+ -+typedef enum { -+ NGX_PP_PROTO_TCP4 = 1, -+ NGX_PP_PROTO_TCP6 -+} ngx_pp_proto; -+ -+ -+struct ngx_proxy_protocol_s { -+ unsigned int pp_proto; /* proxy protocol related information */ -+ struct sockaddr_storage pp_src3; -+ ngx_str_t pp_src3_text; -+ struct sockaddr_storage pp_dst3; -+ ngx_str_t pp_dst3_text; -+ unsigned int pp_src4; -+ unsigned int pp_dst4; -+}; -+ -+ -+int ngx_recv_proxy_protocol(ngx_connection_t *, u_char *, ssize_t); -+void ngx_print_proxy_protocol(ngx_proxy_protocol_t *, ngx_log_t *); -+int ngx_proxy_protocol_string_length(ngx_proxy_protocol_t *); -+ -+ -+#endif -+ -+#endif /* _NGX_CONNECTION_H_INCLUDED_ */ -+ -Index: nginx-1.4.7/src/http/modules/ngx_http_proxy_module.c -=================================================================== ---- nginx-1.4.7.orig/src/http/modules/ngx_http_proxy_module.c -+++ nginx-1.4.7/src/http/modules/ngx_http_proxy_module.c -@@ -8,7 +8,9 @@ - #include - #include - #include -- -+#if (NGX_PROXY_PROTOCOL) -+#include -+#endif - - typedef struct ngx_http_proxy_rewrite_s ngx_http_proxy_rewrite_t; - -@@ -365,6 +367,17 @@ static ngx_command_t ngx_http_proxy_com - offsetof(ngx_http_proxy_loc_conf_t, upstream.busy_buffers_size_conf), - NULL }, - -+#if (NGX_PROXY_PROTOCOL) -+ -+ { ngx_string("send_proxy_protocol"), -+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, -+ ngx_conf_set_flag_slot, -+ NGX_HTTP_LOC_CONF_OFFSET, -+ offsetof(ngx_http_proxy_loc_conf_t, upstream.send_proxy_protocol), -+ NULL }, -+ -+#endif -+ - #if (NGX_HTTP_CACHE) - - { ngx_string("proxy_cache"), -@@ -2420,6 +2433,11 @@ ngx_http_proxy_create_loc_conf(ngx_conf_ - conf->upstream.pass_headers = NGX_CONF_UNSET_PTR; - - conf->upstream.intercept_errors = NGX_CONF_UNSET; -+ -+#if (NGX_PROXY_PROTOCOL) -+ conf->upstream.send_proxy_protocol = NGX_CONF_UNSET; -+#endif -+ - #if (NGX_HTTP_SSL) - conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; - #endif -@@ -2695,6 +2713,11 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t - ngx_conf_merge_value(conf->upstream.intercept_errors, - prev->upstream.intercept_errors, 0); - -+#if (NGX_PROXY_PROTOCOL) -+ ngx_conf_merge_value(conf->upstream.send_proxy_protocol, -+ prev->upstream.send_proxy_protocol, 0); -+#endif -+ - #if (NGX_HTTP_SSL) - ngx_conf_merge_value(conf->upstream.ssl_session_reuse, - prev->upstream.ssl_session_reuse, 1); -Index: nginx-1.4.7/src/http/ngx_http.c -=================================================================== ---- nginx-1.4.7.orig/src/http/ngx_http.c -+++ nginx-1.4.7/src/http/ngx_http.c -@@ -1228,6 +1228,9 @@ ngx_http_add_addresses(ngx_conf_t *cf, n - #if (NGX_HTTP_SPDY) - ngx_uint_t spdy; - #endif -+#if (NGX_PROXY_PROTOCOL) -+ ngx_uint_t accept_proxy_protocol; -+#endif - - /* - * we cannot compare whole sockaddr struct's as kernel -@@ -1283,6 +1286,10 @@ ngx_http_add_addresses(ngx_conf_t *cf, n - #if (NGX_HTTP_SPDY) - spdy = lsopt->spdy || addr[i].opt.spdy; - #endif -+#if (NGX_PROXY_PROTOCOL) -+ accept_proxy_protocol = lsopt->accept_proxy_protocol -+ || addr[i].opt.accept_proxy_protocol; -+#endif - - if (lsopt->set) { - -@@ -1316,6 +1323,9 @@ ngx_http_add_addresses(ngx_conf_t *cf, n - #if (NGX_HTTP_SPDY) - addr[i].opt.spdy = spdy; - #endif -+#if (NGX_PROXY_PROTOCOL) -+ addr[i].opt.accept_proxy_protocol = accept_proxy_protocol; -+#endif - - return NGX_OK; - } -@@ -1762,6 +1772,11 @@ ngx_http_add_listening(ngx_conf_t *cf, n - ls->pool_size = cscf->connection_pool_size; - ls->post_accept_timeout = cscf->client_header_timeout; - -+#if (NGX_PROXY_PROTOCOL) -+// CLEANUP: ls->accept_proxy_protocol = cscf->accept_proxy_protocol; -+ ls->accept_proxy_protocol = addr->opt.accept_proxy_protocol; -+#endif -+ - clcf = cscf->ctx->loc_conf[ngx_http_core_module.ctx_index]; - - ls->logp = clcf->error_log; -@@ -1840,6 +1855,9 @@ ngx_http_add_addrs(ngx_conf_t *cf, ngx_h - #if (NGX_HTTP_SPDY) - addrs[i].conf.spdy = addr[i].opt.spdy; - #endif -+#if (NGX_PROXY_PROTOCOL) -+ addrs[i].conf.accept_proxy_protocol = addr[i].opt.accept_proxy_protocol; -+#endif - - if (addr[i].hash.buckets == NULL - && (addr[i].wc_head == NULL -@@ -1904,6 +1922,9 @@ ngx_http_add_addrs6(ngx_conf_t *cf, ngx_ - #if (NGX_HTTP_SPDY) - addrs6[i].conf.spdy = addr[i].opt.spdy; - #endif -+#if (NGX_PROXY_PROTOCOL) -+ addrs6[i].conf.accept_proxy_protocol = addr[i].opt.accept_proxy_protocol; -+#endif - - if (addr[i].hash.buckets == NULL - && (addr[i].wc_head == NULL -Index: nginx-1.4.7/src/http/ngx_http_core_module.c -=================================================================== ---- nginx-1.4.7.orig/src/http/ngx_http_core_module.c -+++ nginx-1.4.7/src/http/ngx_http_core_module.c -@@ -4090,6 +4090,15 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx - continue; - } - -+#if (NGX_PROXY_PROTOCOL) -+ if (ngx_strncmp(value[n].data, "accept_proxy_protocol=on", 24) == 0) { -+ lsopt.accept_proxy_protocol = 1; -+ lsopt.set = 1; -+ lsopt.bind = 1; -+ continue; -+ } -+#endif -+ - if (ngx_strncmp(value[n].data, "ipv6only=o", 10) == 0) { - #if (NGX_HAVE_INET6 && defined IPV6_V6ONLY) - struct sockaddr *sa; -Index: nginx-1.4.7/src/http/ngx_http_core_module.h -=================================================================== ---- nginx-1.4.7.orig/src/http/ngx_http_core_module.h -+++ nginx-1.4.7/src/http/ngx_http_core_module.h -@@ -78,6 +78,11 @@ typedef struct { - #if (NGX_HTTP_SPDY) - unsigned spdy:1; - #endif -+ -+#if (NGX_PROXY_PROTOCOL) -+ unsigned accept_proxy_protocol:2; -+#endif -+ - #if (NGX_HAVE_INET6 && defined IPV6_V6ONLY) - unsigned ipv6only:1; - #endif -@@ -234,6 +239,10 @@ struct ngx_http_addr_conf_s { - - ngx_http_virtual_names_t *virtual_names; - -+#if (NGX_PROXY_PROTOCOL) -+ ngx_flag_t accept_proxy_protocol; -+#endif -+ - #if (NGX_HTTP_SSL) - unsigned ssl:1; - #endif -Index: nginx-1.4.7/src/http/ngx_http_request.c -=================================================================== ---- nginx-1.4.7.orig/src/http/ngx_http_request.c -+++ nginx-1.4.7/src/http/ngx_http_request.c -@@ -63,6 +63,9 @@ static void ngx_http_ssl_handshake(ngx_e - static void ngx_http_ssl_handshake_handler(ngx_connection_t *c); - #endif - -+#if (NGX_PROXY_PROTOCOL) -+static void ngx_http_proxy_protocol(ngx_event_t *rev); -+#endif - - static char *ngx_http_client_errors[] = { - -@@ -343,6 +346,14 @@ ngx_http_init_connection(ngx_connection_ - } - #endif - -+#if (NGX_PROXY_PROTOCOL) -+ { -+ if (hc->addr_conf->accept_proxy_protocol) { -+ rev->handler = ngx_http_proxy_protocol; -+ } -+ } -+#endif -+ - if (rev->ready) { - /* the deferred accept(), rtsig, aio, iocp */ - -@@ -364,7 +375,6 @@ ngx_http_init_connection(ngx_connection_ - } - } - -- - static void - ngx_http_wait_request_handler(ngx_event_t *rev) - { -@@ -469,6 +479,12 @@ ngx_http_wait_request_handler(ngx_event_ - } - - rev->handler = ngx_http_process_request_line; -+ -+#if (NGX_PROXY_PROTOCOL) -+ if (hc->addr_conf->accept_proxy_protocol) -+ rev->handler = ngx_http_proxy_protocol; -+#endif -+ - ngx_http_process_request_line(rev); - } - -@@ -582,6 +598,67 @@ ngx_http_create_request(ngx_connection_t - return r; - } - -+#if (NGX_PROXY_PROTOCOL) -+ -+static void -+ngx_http_proxy_protocol(ngx_event_t *rev) -+{ -+ ssize_t n; -+ size_t size = 1024; -+ u_char tmpbuf[size]; -+ ngx_connection_t *c; -+ ngx_http_connection_t *hc; -+ -+ c = rev->data; -+ hc = c->data; -+ rev->handler = ngx_http_wait_request_handler; -+ -+#if (NGX_HTTP_SPDY) -+ { -+ if (hc->addr_conf->spdy) { -+ rev->handler = ngx_http_spdy_init; -+ } -+ } -+#endif -+ -+#if (NGX_HTTP_SSL) -+ { -+ if (hc->addr_conf->ssl) { -+ rev->handler = ngx_http_ssl_handshake; -+ } -+ } -+#endif -+ -+ n = recv(c->fd, tmpbuf, size, MSG_PEEK); -+ -+ if ((n <= 0) && (c->listening) -+ && (hc->addr_conf->accept_proxy_protocol) -+ && (!c->proxy_protocol)) { -+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "ngx_http_proxy_protocol: pp required but not found"); -+ return; -+ } -+ if ((n > 0) && (c->listening) -+ && (hc->addr_conf->accept_proxy_protocol) -+ && (!c->proxy_protocol)) { -+ ssize_t m; -+ if (!(m = ngx_recv_proxy_protocol(c, tmpbuf, n))) { -+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "ngx_http_proxy_protocol: pp required but not found"); -+ ngx_http_close_connection(c); -+ return; -+ } -+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "ngx_http_proxy_protocol: pp required and found"); -+ -+ c->proxy_protocol = 1; -+ -+ /* strip the proxy protocol string from the buffer */ -+ recv(c->fd, tmpbuf, m, 0); -+ } -+ -+ rev->handler(rev); -+} -+ -+#endif -+ - - #if (NGX_HTTP_SSL) - -Index: nginx-1.4.7/src/http/ngx_http_upstream.c -=================================================================== ---- nginx-1.4.7.orig/src/http/ngx_http_upstream.c -+++ nginx-1.4.7/src/http/ngx_http_upstream.c -@@ -31,6 +31,10 @@ static ngx_int_t ngx_http_upstream_reini - ngx_http_upstream_t *u); - static void ngx_http_upstream_send_request(ngx_http_request_t *r, - ngx_http_upstream_t *u); -+#if (NGX_PROXY_PROTOCOL) -+static void ngx_http_upstream_send_proxy_protocol(ngx_http_request_t *r, -+ ngx_http_upstream_t *u); -+#endif - static void ngx_http_upstream_send_request_handler(ngx_http_request_t *r, - ngx_http_upstream_t *u); - static void ngx_http_upstream_process_header(ngx_http_request_t *r, -@@ -1255,6 +1259,13 @@ ngx_http_upstream_connect(ngx_http_reque - - u->request_sent = 0; - -+#if (NGX_PROXY_PROTOCOL) -+ if (u->conf->send_proxy_protocol && !(u->ssl && c->ssl == NULL)) { -+ ngx_http_upstream_send_proxy_protocol(r, u); -+ return; -+ } -+#endif -+ - if (rc == NGX_AGAIN) { - ngx_add_timer(c->write, u->conf->connect_timeout); - return; -@@ -1498,6 +1509,228 @@ ngx_http_upstream_send_request(ngx_http_ - } - - -+#if (NGX_PROXY_PROTOCOL) -+ -+static void -+ngx_http_upstream_send_proxy_protocol(ngx_http_request_t *r, ngx_http_upstream_t *u) -+{ -+ size_t len; -+ ngx_int_t rc; -+ ngx_connection_t *uc; -+ ngx_connection_t *cc; -+ ngx_chain_t *pp_string; -+ ngx_proxy_protocol_t pp; -+ ngx_buf_t *b; -+ char port[6]; -+ u_char *addr; -+ struct sockaddr_storage sa_src; -+ struct sockaddr_storage sa_dst; -+ socklen_t addrlen = NGX_SOCKADDRLEN; -+ struct sockaddr_in *sin_src; -+ struct sockaddr_in *sin_dst; -+ -+#if (NGX_HAVE_INET6) -+ -+ struct sockaddr_in6 *sin6_src; -+ struct sockaddr_in6 *sin6_dst; -+ -+#endif -+ -+ -+ uc = u->peer.connection; -+ cc = r->connection; -+ -+ if ( !(u->conf->send_proxy_protocol) ) { -+ return; -+ } -+ -+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, uc->log, 0, -+ "http upstream send proxy protocol"); -+ -+ if (!u->request_sent && ngx_http_upstream_test_connect(uc) != NGX_OK) { -+ ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_ERROR); -+ return; -+ } -+ -+ uc->log->action = "sending proxy protocol to upstream"; -+ -+ len = 0; -+ -+ if (r->connection->proxy_protocol) { -+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, uc->log, 0, -+ "PP: got proxy-protocol from client connection"); -+ -+ switch (cc->sockaddr->sa_family) { -+ -+#if (NGX_HAVE_INET6) -+ -+ case AF_INET6: -+ -+ pp.pp_proto = NGX_PP_PROTO_TCP6; -+ sin6_dst = (struct sockaddr_in6 *) cc->local_sockaddr; -+ sin6_src = (struct sockaddr_in6 *) cc->sockaddr; -+ -+ break; -+ -+#endif -+ -+ default: -+ pp.pp_proto = NGX_PP_PROTO_TCP4; -+ sin_dst = (struct sockaddr_in *) cc->local_sockaddr; -+ sin_src = (struct sockaddr_in *) cc->sockaddr; -+ -+ } -+ -+ } else { -+ -+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, uc->log, 0, -+ "PP: collecting information from socket fd"); -+ -+ getsockname(cc->fd, (struct sockaddr *) &sa_dst, &addrlen); -+ -+ switch (sa_dst.ss_family) { -+ -+#if (NGX_HAVE_INET6) -+ -+ case AF_INET6: -+ -+ pp.pp_proto = NGX_PP_PROTO_TCP6; -+ sin6_dst = (struct sockaddr_in6 *) &sa_dst; -+ -+ getpeername(cc->fd, (struct sockaddr *) &sa_src, &addrlen); -+ sin6_src = (struct sockaddr_in6 *) &sa_src; -+ -+ break; -+ -+#endif -+ -+ default: -+ -+ pp.pp_proto = NGX_PP_PROTO_TCP4; -+ sin_dst = (struct sockaddr_in *) &sa_dst; -+ getpeername(cc->fd, (struct sockaddr *) &sa_src, &addrlen); -+ sin_src = (struct sockaddr_in *) &sa_src; -+ } -+ -+ -+ } -+ -+ switch (pp.pp_proto) { -+ -+#if (NGX_HAVE_INET6) -+ -+ case NGX_PP_PROTO_TCP6: -+ -+ /* dst3 and dst4 */ -+ addr = ngx_pcalloc(r->pool, NGX_INET6_ADDRSTRLEN); -+ ngx_inet_ntop(AF_INET6, &sin6_dst->sin6_addr, addr, NGX_INET6_ADDRSTRLEN); -+ pp.pp_dst3_text.data = ngx_pcalloc(r->pool, NGX_INET6_ADDRSTRLEN); -+ pp.pp_dst3_text.len = ngx_strlen(addr); -+ ngx_memcpy(pp.pp_dst3_text.data, addr, pp.pp_dst3_text.len); -+ pp.pp_dst4 = htons(sin6_dst->sin6_port); -+ -+ ngx_memzero(addr, NGX_INET6_ADDRSTRLEN); -+ -+ /* src3 and src4 */ -+ ngx_inet_ntop(AF_INET6, &sin6_src->sin6_addr, addr, NGX_INET6_ADDRSTRLEN); -+ pp.pp_src3_text.data = ngx_pcalloc(r->pool, NGX_INET6_ADDRSTRLEN); -+ pp.pp_src3_text.len = ngx_strlen(addr); -+ ngx_memcpy(pp.pp_src3_text.data, addr, pp.pp_src3_text.len); -+ pp.pp_src4 = htons(sin6_src->sin6_port); -+ -+ break; -+ -+#endif -+ -+ default: -+ -+ /* dst3 and dst4 */ -+ addr = ngx_pcalloc(r->pool, NGX_INET_ADDRSTRLEN); -+ ngx_inet_ntop(AF_INET, &sin_dst->sin_addr, addr, NGX_INET_ADDRSTRLEN); -+ pp.pp_dst3_text.data = ngx_pcalloc(r->pool, NGX_INET_ADDRSTRLEN); -+ pp.pp_dst3_text.len = ngx_strlen(addr); -+ ngx_memcpy(pp.pp_dst3_text.data, addr, pp.pp_dst3_text.len); -+ pp.pp_dst4 = htons(sin_dst->sin_port); -+ -+ ngx_memzero(addr, NGX_INET_ADDRSTRLEN); -+ -+ /* src3 and src4 */ -+ ngx_inet_ntop(AF_INET, &sin_src->sin_addr, addr, NGX_INET_ADDRSTRLEN); -+ pp.pp_src3_text.data = ngx_pcalloc(r->pool, NGX_INET_ADDRSTRLEN); -+ pp.pp_src3_text.len = ngx_strlen(addr); -+ ngx_memcpy(pp.pp_src3_text.data, addr, pp.pp_src3_text.len); -+ pp.pp_src4 = htons(sin_src->sin_port); -+ -+ } -+ -+ len += ngx_proxy_protocol_string_length(&pp); -+ -+ ngx_print_proxy_protocol(&pp, uc->log); -+ -+ b = ngx_create_temp_buf(uc->pool, len); -+ if (b == NULL) { -+ return; -+ } -+ -+ pp_string = ngx_alloc_chain_link(uc->pool); -+ if (pp_string == NULL) { -+ return; -+ } -+ -+ pp_string->buf = b; -+ pp_string->next = NULL; -+ -+ b->last = ngx_cpymem(b->last, "PROXY ", sizeof("PROXY ") - 1); -+ -+ switch (pp.pp_proto) { -+ case NGX_PP_PROTO_TCP4: -+ b->last = ngx_cpymem(b->last, "TCP4 ", sizeof("TCP4 ") - 1); -+ break; -+ case NGX_PP_PROTO_TCP6: -+ b->last = ngx_cpymem(b->last, "TCP6 ", sizeof("TCP6 ") - 1); -+ break; -+ } -+ -+ /* src3 */ -+ b->last = ngx_cpymem(b->last, pp.pp_src3_text.data, pp.pp_src3_text.len); -+ b->last = ngx_cpymem(b->last, " ", 1); -+ -+ /* dst3 */ -+ b->last = ngx_cpymem(b->last, pp.pp_dst3_text.data, pp.pp_dst3_text.len); -+ b->last = ngx_cpymem(b->last, " ", 1); -+ -+ /* src4 */ -+ ngx_memzero(port, 6); -+ sprintf(port,"%d", pp.pp_src4); -+ b->last = ngx_cpymem(b->last, port, strlen(port)); -+ b->last = ngx_cpymem(b->last, " ", 1); -+ -+ /* dst4 */ -+ ngx_memzero(port, 6); -+ sprintf(port,"%d", pp.pp_dst4); -+ b->last = ngx_cpymem(b->last, port, strlen(port)); -+ -+ /* CRLF */ -+ b->last = ngx_cpymem(b->last, CRLF, sizeof(CRLF) - 1); -+ -+ ngx_log_debug3(NGX_LOG_DEBUG_HTTP, uc->log, 0, -+ "http upstream send proxy protocol: %d -%*s-", -+ ngx_proxy_protocol_string_length(&pp), -+ ngx_proxy_protocol_string_length(&pp) - 2, -+ b->start); -+ -+ rc = ngx_output_chain(&u->output, pp_string); -+ -+ if (rc == NGX_ERROR) { -+ ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_ERROR); -+ return; -+ } -+ -+} -+ -+#endif -+ -+ - static void - ngx_http_upstream_send_request_handler(ngx_http_request_t *r, - ngx_http_upstream_t *u) -Index: nginx-1.4.7/src/http/ngx_http_upstream.h -=================================================================== ---- nginx-1.4.7.orig/src/http/ngx_http_upstream.h -+++ nginx-1.4.7/src/http/ngx_http_upstream.h -@@ -188,6 +188,10 @@ typedef struct { - unsigned intercept_404:1; - unsigned change_buffering:1; - -+#if (NGX_PROXY_PROTOCOL) -+ ngx_flag_t send_proxy_protocol; -+#endif -+ - #if (NGX_HTTP_SSL) - ngx_ssl_t *ssl; - ngx_flag_t ssl_session_reuse; -Index: nginx-1.4.7/auto/cc/gcc -=================================================================== ---- nginx-1.4.7.orig/auto/cc/gcc -+++ nginx-1.4.7/auto/cc/gcc -@@ -168,7 +168,7 @@ esac - - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+CFLAGS="$CFLAGS" - - # debug - CFLAGS="$CFLAGS -g" -Index: nginx-1.4.7/auto/cc/icc -=================================================================== ---- nginx-1.4.7.orig/auto/cc/icc -+++ nginx-1.4.7/auto/cc/icc -@@ -115,7 +115,7 @@ case "$NGX_ICC_VER" in - esac - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+CFLAGS="$CFLAGS " - - # debug - CFLAGS="$CFLAGS -g" diff --git a/net/nginx/patches/401-nginx-1.4.0-syslog.patch b/net/nginx/patches/401-nginx-1.4.0-syslog.patch deleted file mode 100644 index 941c79aee..000000000 --- a/net/nginx/patches/401-nginx-1.4.0-syslog.patch +++ /dev/null @@ -1,698 +0,0 @@ -Index: nginx-1.4.7/src/core/ngx_cycle.c -=================================================================== ---- nginx-1.4.7.orig/src/core/ngx_cycle.c -+++ nginx-1.4.7/src/core/ngx_cycle.c -@@ -85,6 +85,12 @@ ngx_init_cycle(ngx_cycle_t *old_cycle) - cycle->pool = pool; - cycle->log = log; - cycle->new_log.log_level = NGX_LOG_ERR; -+#if (NGX_ENABLE_SYSLOG) -+ cycle->new_log.facility = SYSLOG_FACILITY; -+ cycle->new_log.facility = ERR_SYSLOG_PRIORITY; -+ cycle->new_log.syslog_on = 0; -+ cycle->new_log.syslog_set = 0; -+#endif - cycle->old_cycle = old_cycle; - - cycle->conf_prefix.len = old_cycle->conf_prefix.len; -Index: nginx-1.4.7/src/core/ngx_log.c -=================================================================== ---- nginx-1.4.7.orig/src/core/ngx_log.c -+++ nginx-1.4.7/src/core/ngx_log.c -@@ -10,6 +10,15 @@ - - - static char *ngx_error_log(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); -+#if (NGX_ENABLE_SYSLOG) -+static char *ngx_set_syslog(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); -+void log_exit(ngx_cycle_t *cycle); -+ -+typedef struct{ -+ ngx_str_t name; -+ ngx_int_t macro; -+} ngx_string_to_macro_t; -+#endif - - - static ngx_command_t ngx_errlog_commands[] = { -@@ -21,6 +30,15 @@ static ngx_command_t ngx_errlog_command - 0, - NULL}, - -+#if (NGX_ENABLE_SYSLOG) -+ {ngx_string("syslog"), -+ NGX_MAIN_CONF|NGX_CONF_TAKE12, -+ ngx_set_syslog, -+ 0, -+ 0, -+ NULL}, -+#endif -+ - ngx_null_command - }; - -@@ -43,7 +61,11 @@ ngx_module_t ngx_errlog_module = { - NULL, /* init thread */ - NULL, /* exit thread */ - NULL, /* exit process */ -- NULL, /* exit master */ -+#if (NGX_ENABLE_SYSLOG) -+ log_exit, /* exit master */ -+#else -+ NULL, -+#endif - NGX_MODULE_V1_PADDING - }; - -@@ -52,6 +74,48 @@ static ngx_log_t ngx_log; - static ngx_open_file_t ngx_log_file; - ngx_uint_t ngx_use_stderr = 1; - -+#if (NGX_ENABLE_SYSLOG) -+static ngx_string_to_macro_t ngx_syslog_facilities[] = { -+ {ngx_string("auth"), LOG_AUTH}, -+#if !(NGX_SOLARIS) -+ {ngx_string("authpriv"), LOG_AUTHPRIV}, -+#endif -+ {ngx_string("cron"), LOG_CRON}, -+ {ngx_string("daemon"), LOG_DAEMON}, -+#if !(NGX_SOLARIS) -+ {ngx_string("ftp"), LOG_FTP}, -+#endif -+ {ngx_string("kern"), LOG_KERN}, -+ {ngx_string("local0"), LOG_LOCAL0}, -+ {ngx_string("local1"), LOG_LOCAL1}, -+ {ngx_string("local2"), LOG_LOCAL2}, -+ {ngx_string("local3"), LOG_LOCAL3}, -+ {ngx_string("local4"), LOG_LOCAL4}, -+ {ngx_string("local5"), LOG_LOCAL5}, -+ {ngx_string("local6"), LOG_LOCAL6}, -+ {ngx_string("local7"), LOG_LOCAL7}, -+ {ngx_string("lpr"), LOG_LPR}, -+ {ngx_string("mail"), LOG_MAIL}, -+ {ngx_string("news"), LOG_NEWS}, -+ {ngx_string("syslog"), LOG_SYSLOG}, -+ {ngx_string("user"), LOG_USER}, -+ {ngx_string("uucp"), LOG_UUCP}, -+ { ngx_null_string, 0} -+}; -+ -+static ngx_string_to_macro_t ngx_syslog_priorities[] = { -+ {ngx_string("emerg"), LOG_EMERG}, -+ {ngx_string("alert"), LOG_ALERT}, -+ {ngx_string("crit"), LOG_CRIT}, -+ {ngx_string("error"), LOG_ERR}, -+ {ngx_string("err"), LOG_ERR}, -+ {ngx_string("warn"), LOG_WARNING}, -+ {ngx_string("notice"),LOG_NOTICE}, -+ {ngx_string("info"), LOG_INFO}, -+ {ngx_string("debug"), LOG_DEBUG}, -+ { ngx_null_string, 0} -+}; -+#endif - - static ngx_str_t err_levels[] = { - ngx_null_string, -@@ -89,11 +153,16 @@ ngx_log_error_core(ngx_uint_t level, ngx - va_list args; - #endif - u_char *p, *last, *msg; -+#if (NGX_ENABLE_SYSLOG) -+ u_char *errstr_syslog; -+#endif - u_char errstr[NGX_MAX_ERROR_STR]; - -+#if !(NGX_ENABLE_SYSLOG) - if (log->file->fd == NGX_INVALID_FILE) { - return; - } -+#endif - - last = errstr + NGX_MAX_ERROR_STR; - -@@ -102,6 +171,10 @@ ngx_log_error_core(ngx_uint_t level, ngx - - p = errstr + ngx_cached_err_log_time.len; - -+#if (NGX_ENABLE_SYSLOG) -+ errstr_syslog = p; -+#endif -+ - p = ngx_slprintf(p, last, " [%V] ", &err_levels[level]); - - /* pid#tid */ -@@ -140,11 +213,27 @@ ngx_log_error_core(ngx_uint_t level, ngx - - ngx_linefeed(p); - -+#if (NGX_ENABLE_SYSLOG) -+ if (log->file != NULL && log->file->name.len != 0) { - (void) ngx_write_fd(log->file->fd, errstr, p - errstr); -+ } -+ -+ /* Don't send the debug level info to syslog */ -+ if (log->syslog_on && level < NGX_LOG_DEBUG) { -+ /* write to syslog */ -+ syslog(log->priority, "%.*s", (int)(p - errstr_syslog), errstr_syslog); -+ } -+#else -+ (void) ngx_write_fd(log->file->fd, errstr, p - errstr); -+#endif - - if (!ngx_use_stderr - || level > NGX_LOG_WARN -+#if (NGX_ENABLE_SYSLOG) -+ || (log->file != NULL && log->file->fd == ngx_stderr)) -+#else - || log->file->fd == ngx_stderr) -+#endif - { - return; - } -@@ -367,6 +456,50 @@ ngx_log_create(ngx_cycle_t *cycle, ngx_s - } - - -+#if (NGX_ENABLE_SYSLOG) -+ngx_int_t -+ngx_log_get_priority(ngx_conf_t *cf, ngx_str_t *priority) -+{ -+ ngx_int_t p = 0; -+ ngx_uint_t n, match = 0; -+ -+ for (n = 0; ngx_syslog_priorities[n].name.len != 0; n++) { -+ if (ngx_strncmp(priority->data, ngx_syslog_priorities[n].name.data, -+ ngx_syslog_priorities[n].name.len) == 0) { -+ p = ngx_syslog_priorities[n].macro; -+ match = 1; -+ } -+ } -+ -+ if (!match) { -+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -+ "invalid syslog priority \"%V\"", priority); -+ return -1; -+ } -+ -+ return p; -+} -+ -+ -+char * -+ngx_log_set_priority(ngx_conf_t *cf, ngx_str_t *priority, ngx_log_t *log) -+{ -+ log->priority = ERR_SYSLOG_PRIORITY; -+ -+ if (priority->len == 0) { -+ return NGX_CONF_OK; -+ } -+ -+ log->priority = ngx_log_get_priority(cf, priority); -+ if (log->priority == (-1)) { -+ return NGX_CONF_ERROR; -+ } -+ -+ return NGX_CONF_OK; -+} -+#endif -+ -+ - char * - ngx_log_set_levels(ngx_conf_t *cf, ngx_log_t *log) - { -@@ -429,6 +562,13 @@ static char * - ngx_error_log(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) - { - ngx_str_t *value, name; -+#if (NGX_ENABLE_SYSLOG) -+ u_char *off = NULL; -+ ngx_str_t priority; -+ -+ ngx_str_null(&name); -+ ngx_str_null(&priority); -+#endif - - if (cf->cycle->new_log.file) { - return "is duplicate"; -@@ -436,7 +576,44 @@ ngx_error_log(ngx_conf_t *cf, ngx_comman - - value = cf->args->elts; - -+#if (NGX_ENABLE_SYSLOG) -+ if (ngx_strncmp(value[1].data, "syslog", sizeof("syslog") - 1) == 0) { -+ if (!cf->cycle->new_log.syslog_set) { -+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -+ "You must set the syslog directive and enable it first."); -+ return NGX_CONF_ERROR; -+ } -+ -+ cf->cycle->new_log.syslog_on = 1; -+ -+ if (value[1].data[sizeof("syslog") - 1] == ':') { -+ priority.len = value[1].len - sizeof("syslog"); -+ priority.data = value[1].data + sizeof("syslog"); -+ -+ off = (u_char *)ngx_strchr(priority.data, (int) '|'); -+ if (off != NULL) { -+ priority.len = off - priority.data; -+ -+ off++; -+ name.len = value[1].data + value[1].len - off; -+ name.data = off; -+ } -+ } -+ else { -+ if (value[1].len > sizeof("syslog")) { -+ name.len = value[1].len - sizeof("syslog"); -+ name.data = value[1].data + sizeof("syslog"); -+ } -+ } -+ -+ if (ngx_log_set_priority(cf, &priority, &cf->cycle->new_log) == NGX_CONF_ERROR) { -+ return NGX_CONF_ERROR; -+ } -+ } -+ else if (ngx_strcmp(value[1].data, "stderr") == 0) { -+#else - if (ngx_strcmp(value[1].data, "stderr") == 0) { -+#endif - ngx_str_null(&name); - - } else { -@@ -457,3 +634,63 @@ ngx_error_log(ngx_conf_t *cf, ngx_comman - - return ngx_log_set_levels(cf, &cf->cycle->new_log); - } -+ -+ -+#if (NGX_ENABLE_SYSLOG) -+ -+#define SYSLOG_IDENT_NAME "nginx" -+ -+static char * -+ngx_set_syslog(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) -+{ -+ char *program; -+ ngx_str_t *value; -+ ngx_int_t facility, match = 0; -+ ngx_uint_t n; -+ -+ value = cf->args->elts; -+ -+ if (cf->cycle->new_log.syslog_set) { -+ return "is duplicate"; -+ } -+ -+ cf->cycle->new_log.syslog_set = 1; -+ -+ for (n = 0; ngx_syslog_facilities[n].name.len != 0; n++) { -+ if (ngx_strncmp(value[1].data, ngx_syslog_facilities[n].name.data, -+ ngx_syslog_facilities[n].name.len) == 0) { -+ facility = ngx_syslog_facilities[n].macro; -+ match = 1; -+ break; -+ } -+ } -+ -+ if (match) { -+ cf->cycle->new_log.facility = facility; -+ cf->cycle->new_log.priority = ERR_SYSLOG_PRIORITY; -+ } -+ else { -+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -+ "invalid syslog facility \"%V\"", &value[1]); -+ return NGX_CONF_ERROR; -+ } -+ -+ program = SYSLOG_IDENT_NAME; -+ if (cf->args->nelts > 2) { -+ program = (char *) value[2].data; -+ } -+ -+ openlog(program, LOG_ODELAY, facility); -+ -+ return NGX_CONF_OK; -+} -+ -+ -+void log_exit(ngx_cycle_t *cycle) -+{ -+ if (cycle->new_log.syslog_set) { -+ closelog(); -+ } -+} -+#endif -+ -Index: nginx-1.4.7/src/core/ngx_log.h -=================================================================== ---- nginx-1.4.7.orig/src/core/ngx_log.h -+++ nginx-1.4.7/src/core/ngx_log.h -@@ -12,6 +12,13 @@ - #include - #include - -+#if (NGX_ENABLE_SYSLOG) -+#include -+ -+#define SYSLOG_FACILITY LOG_LOCAL5 -+#define ERR_SYSLOG_PRIORITY LOG_ERR -+#endif -+ - - #define NGX_LOG_STDERR 0 - #define NGX_LOG_EMERG 1 -@@ -61,6 +68,13 @@ struct ngx_log_s { - */ - - char *action; -+ -+#if (NGX_ENABLE_SYSLOG) -+ ngx_int_t priority; -+ ngx_int_t facility; -+ unsigned syslog_on:1; /* unsigned :1 syslog_on */ -+ unsigned syslog_set:1; /*unsigned :1 syslog_set */ -+#endif - }; - - -@@ -221,6 +235,10 @@ void ngx_cdecl ngx_log_debug_core(ngx_lo - - ngx_log_t *ngx_log_init(u_char *prefix); - ngx_log_t *ngx_log_create(ngx_cycle_t *cycle, ngx_str_t *name); -+#if (NGX_ENABLE_SYSLOG) -+ngx_int_t ngx_log_get_priority(ngx_conf_t *cf, ngx_str_t *priority); -+char * ngx_log_set_priority(ngx_conf_t *cf, ngx_str_t *priority, ngx_log_t *log); -+#endif - char *ngx_log_set_levels(ngx_conf_t *cf, ngx_log_t *log); - void ngx_cdecl ngx_log_abort(ngx_err_t err, const char *fmt, ...); - void ngx_cdecl ngx_log_stderr(ngx_err_t err, const char *fmt, ...); -Index: nginx-1.4.7/src/http/modules/ngx_http_log_module.c -=================================================================== ---- nginx-1.4.7.orig/src/http/modules/ngx_http_log_module.c -+++ nginx-1.4.7/src/http/modules/ngx_http_log_module.c -@@ -13,6 +13,11 @@ - #include - #endif - -+#if (NGX_ENABLE_SYSLOG) -+#include -+ -+#define HTTP_SYSLOG_PRIORITY LOG_NOTICE -+#endif - - typedef struct ngx_http_log_op_s ngx_http_log_op_t; - -@@ -67,6 +72,11 @@ typedef struct { - time_t disk_full_time; - time_t error_log_time; - ngx_http_log_fmt_t *format; -+ -+#if (NGX_ENABLE_SYSLOG) -+ ngx_int_t priority; -+ unsigned syslog_on:1; /* unsigned :1 syslog_on */ -+#endif - } ngx_http_log_t; - - -@@ -348,6 +358,14 @@ ngx_http_log_write(ngx_http_request_t *r - time_t now; - ssize_t n; - ngx_err_t err; -+ -+#if (NGX_ENABLE_SYSLOG) -+ n = 0; -+ if (log->syslog_on) { -+ syslog(log->priority, "%.*s", (int)len, buf); -+ } -+#endif -+ - #if (NGX_ZLIB) - ngx_http_log_buf_t *buffer; - #endif -@@ -355,6 +373,9 @@ ngx_http_log_write(ngx_http_request_t *r - if (log->script == NULL) { - name = log->file->name.data; - -+#if (NGX_ENABLE_SYSLOG) -+ if (name != NULL) { -+#endif - #if (NGX_ZLIB) - buffer = log->file->data; - -@@ -367,7 +388,11 @@ ngx_http_log_write(ngx_http_request_t *r - #else - n = ngx_write_fd(log->file->fd, buf, len); - #endif -- -+#if (NGX_ENABLE_SYSLOG) -+ } else { -+ n = len; -+ } -+#endif - } else { - name = NULL; - n = ngx_http_log_script_write(r, log->script, &name, buf, len); -@@ -1068,6 +1093,10 @@ ngx_http_log_merge_loc_conf(ngx_conf_t * - log->script = NULL; - log->disk_full_time = 0; - log->error_log_time = 0; -+#if (NGX_ENABLE_SYSLOG) -+ log->priority = HTTP_SYSLOG_PRIORITY; -+ log->syslog_on = 0; -+#endif - - lmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_log_module); - fmt = lmcf->formats.elts; -@@ -1096,6 +1125,13 @@ ngx_http_log_set_log(ngx_conf_t *cf, ngx - ngx_http_log_main_conf_t *lmcf; - ngx_http_script_compile_t sc; - -+#if (NGX_ENABLE_SYSLOG) -+ u_char *off; -+ ngx_str_t priority; -+ ngx_uint_t syslog_on = 0; -+ name = priority = (ngx_str_t)ngx_null_string; -+#endif -+ - value = cf->args->elts; - - if (ngx_strcmp(value[1].data, "off") == 0) { -@@ -1108,6 +1144,38 @@ ngx_http_log_set_log(ngx_conf_t *cf, ngx - "invalid parameter \"%V\"", &value[2]); - return NGX_CONF_ERROR; - } -+#if (NGX_ENABLE_SYSLOG) -+ else if (ngx_strncmp(value[1].data, "syslog", sizeof("syslog") - 1) == 0) { -+ if (!cf->cycle->new_log.syslog_set) { -+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -+ "You must set the syslog directive and enable it first."); -+ return NGX_CONF_ERROR; -+ } -+ -+ syslog_on = 1; -+ if (value[1].data[sizeof("syslog") - 1] == ':') { -+ priority.len = value[1].len - sizeof("syslog"); -+ priority.data = value[1].data + sizeof("syslog"); -+ -+ off = (u_char*) ngx_strchr(priority.data, '|'); -+ if (off != NULL) { -+ priority.len = off - priority.data; -+ -+ off++; -+ name.len = value[1].data + value[1].len - off; -+ name.data = off; -+ } -+ } -+ else { -+ if (value[1].len > sizeof("syslog")) { -+ name.len = value[1].len - sizeof("syslog"); -+ name.data = value[1].data + sizeof("syslog"); -+ } -+ } -+ } else { -+ name = value[1]; -+ } -+#endif - - if (llcf->logs == NULL) { - llcf->logs = ngx_array_create(cf->pool, 2, sizeof(ngx_http_log_t)); -@@ -1125,6 +1193,52 @@ ngx_http_log_set_log(ngx_conf_t *cf, ngx - - ngx_memzero(log, sizeof(ngx_http_log_t)); - -+#if (NGX_ENABLE_SYSLOG) -+ log->syslog_on = syslog_on; -+ -+ if (priority.len == 0) { -+ log->priority = HTTP_SYSLOG_PRIORITY; -+ } -+ else { -+ log->priority = ngx_log_get_priority(cf, &priority); -+ } -+ -+ if (name.len != 0) { -+ n = ngx_http_script_variables_count(&name); -+ -+ if (n == 0) { -+ log->file = ngx_conf_open_file(cf->cycle, &name); -+ if (log->file == NULL) { -+ return NGX_CONF_ERROR; -+ } -+ } else { -+ if (ngx_conf_full_name(cf->cycle, &name, 0) != NGX_OK) { -+ return NGX_CONF_ERROR; -+ } -+ log->script = ngx_pcalloc(cf->pool, sizeof(ngx_http_log_script_t)); -+ if (log->script == NULL) { -+ return NGX_CONF_ERROR; -+ } -+ ngx_memzero(&sc, sizeof(ngx_http_script_compile_t)); -+ sc.cf = cf; -+ sc.source = &name; -+ sc.lengths = &log->script->lengths; -+ sc.values = &log->script->values; -+ sc.variables = n; -+ sc.complete_lengths = 1; -+ sc.complete_values = 1; -+ if (ngx_http_script_compile(&sc) != NGX_OK) { -+ return NGX_CONF_ERROR; -+ } -+ } -+ } -+ else { -+ log->file = ngx_conf_open_file(cf->cycle, &name); -+ if (log->file == NULL) { -+ return NGX_CONF_ERROR; -+ } -+ } -+#else - n = ngx_http_script_variables_count(&value[1]); - - if (n == 0) { -@@ -1157,6 +1271,7 @@ ngx_http_log_set_log(ngx_conf_t *cf, ngx - return NGX_CONF_ERROR; - } - } -+#endif - - if (cf->args->nelts >= 3) { - name = value[2]; -Index: nginx-1.4.7/src/http/ngx_http_core_module.c -=================================================================== ---- nginx-1.4.7.orig/src/http/ngx_http_core_module.c -+++ nginx-1.4.7/src/http/ngx_http_core_module.c -@@ -1462,6 +1462,9 @@ ngx_http_update_location_config(ngx_http - - if (r == r->main) { - ngx_http_set_connection_log(r->connection, clcf->error_log); -+#if (NGX_ENABLE_SYSLOG) -+ r->connection->log->priority = clcf->error_log->priority; -+#endif - } - - if ((ngx_io.flags & NGX_IO_SENDFILE) && clcf->sendfile) { -@@ -4901,6 +4904,15 @@ ngx_http_core_error_log(ngx_conf_t *cf, - - ngx_str_t *value, name; - -+#if (NGX_ENABLE_SYSLOG) -+ u_char *off = NULL; -+ ngx_int_t syslog_on = 0; -+ ngx_str_t priority; -+ -+ name = priority = (ngx_str_t) ngx_null_string; -+#endif -+ -+ - if (clcf->error_log) { - return "is duplicate"; - } -@@ -4910,6 +4922,36 @@ ngx_http_core_error_log(ngx_conf_t *cf, - if (ngx_strcmp(value[1].data, "stderr") == 0) { - ngx_str_null(&name); - -+#if (NGX_ENABLE_SYSLOG) -+ } else if (ngx_strncmp(value[1].data, "syslog", sizeof("syslog") - 1) == 0) { -+ if (!cf->cycle->new_log.syslog_set) { -+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -+ "You must set the syslog directive and enable it first."); -+ return NGX_CONF_ERROR; -+ } -+ -+ syslog_on = 1; -+ -+ if (value[1].data[sizeof("syslog") - 1] == ':') { -+ priority.len = value[1].len - sizeof("syslog"); -+ priority.data = value[1].data + sizeof("syslog"); -+ -+ off = (u_char*) ngx_strchr(priority.data, '|'); -+ if (off != NULL) { -+ priority.len = off - priority.data; -+ -+ off++; -+ name.len = value[1].data + value[1].len - off; -+ name.data = off; -+ } -+ } -+ else { -+ if (value[1].len > sizeof("syslog")) { -+ name.len = value[1].len - sizeof("syslog"); -+ name.data = value[1].data + sizeof("syslog"); -+ } -+ } -+#endif - } else { - name = value[1]; - } -@@ -4919,6 +4961,17 @@ ngx_http_core_error_log(ngx_conf_t *cf, - return NGX_CONF_ERROR; - } - -+#if (NGX_ENABLE_SYSLOG) -+ if (syslog_on) { -+ clcf->error_log->syslog_on = 1; -+ if (ngx_log_set_priority(cf, &priority, clcf->error_log) == NGX_CONF_ERROR) { -+ return NGX_CONF_ERROR; -+ } -+ } -+ -+ clcf->error_log->log_level = 0; -+#endif -+ - if (cf->args->nelts == 2) { - clcf->error_log->log_level = NGX_LOG_ERR; - return NGX_CONF_OK; -Index: nginx-1.4.7/src/http/ngx_http_request.c -=================================================================== ---- nginx-1.4.7.orig/src/http/ngx_http_request.c -+++ nginx-1.4.7/src/http/ngx_http_request.c -@@ -533,6 +533,9 @@ ngx_http_create_request(ngx_connection_t - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); - - ngx_http_set_connection_log(r->connection, clcf->error_log); -+#if (NGX_ENABLE_SYSLOG) -+ c->log->priority = clcf->error_log->priority; -+#endif - - r->header_in = hc->nbusy ? hc->busy[0] : c->buffer; - -@@ -872,6 +875,9 @@ ngx_http_ssl_servername(ngx_ssl_conn_t * - clcf = ngx_http_get_module_loc_conf(hc->conf_ctx, ngx_http_core_module); - - ngx_http_set_connection_log(c, clcf->error_log); -+#if (NGX_ENABLE_SYSLOG) -+ c->log->priority = clcf->error_log->priority; -+#endif - - sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); - -@@ -2077,6 +2083,9 @@ ngx_http_set_virtual_server(ngx_http_req - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); - - ngx_http_set_connection_log(r->connection, clcf->error_log); -+#if (NGX_ENABLE_SYSLOG) -+ r->connection->log->priority = clcf->error_log->priority; -+#endif - - return NGX_OK; - } From 13021781b4cf5033e84fc1ede102a5992fc389c4 Mon Sep 17 00:00:00 2001 From: Dirk Feytons Date: Thu, 10 Dec 2015 16:24:00 +0100 Subject: [PATCH 04/17] nginx: upstep to 1.9.9 Signed-off-by: Dirk Feytons --- net/nginx/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/nginx/Makefile b/net/nginx/Makefile index cc5971577..6486f5ebb 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx -PKG_VERSION:=1.9.6 +PKG_VERSION:=1.9.9 PKG_RELEASE:=1 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://nginx.org/download/ -PKG_MD5SUM:=f6899825e7a8deadba4948ff84515ad6 +PKG_MD5SUM:=50fdfa08e93ead7a111cba5a5f5735af PKG_MAINTAINER:=Thomas Heil PKG_LICENSE:=2-clause BSD-like license From 67a9f67cc43c573eeaf80c167f8e280358d64192 Mon Sep 17 00:00:00 2001 From: heil Date: Mon, 25 Jan 2016 16:57:07 +0100 Subject: [PATCH 05/17] nginx: add naxsi module - this brings back naxsi support aka WAF for nginx Signed-off-by: heil --- net/nginx/Config.in | 5 +++++ net/nginx/Makefile | 32 +++++++++++++++++++++++++++++++- 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/net/nginx/Config.in b/net/nginx/Config.in index a4cc4c8c8..6482d9d28 100644 --- a/net/nginx/Config.in +++ b/net/nginx/Config.in @@ -172,4 +172,9 @@ config NGINX_PCRE prompt "Enable PCRE library usage" default y +config NGINX_NAXSI + bool + prompt "Enable NAXSI module" + default y + endmenu diff --git a/net/nginx/Makefile b/net/nginx/Makefile index 6486f5ebb..6bce6a2a1 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx PKG_VERSION:=1.9.9 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://nginx.org/download/ @@ -83,6 +83,11 @@ define Package/nginx/conffiles /etc/nginx/ endef +ADDITIONAL_MODULES:= +ifeq ($(CONFIG_NGINX_NAXSI),y) + ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_src +endif + ADDITIONAL_MODULES:= ifeq ($(CONFIG_IPV6),y) ADDITIONAL_MODULES += --with-ipv6 @@ -209,6 +214,31 @@ define Package/nginx/install $(INSTALL_DATA) $(addprefix $(PKG_INSTALL_DIR)/etc/nginx/,$(config_files)) $(1)/etc/nginx/ $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/nginx.init $(1)/etc/init.d/nginx +ifeq ($(CONFIG_NGINX_NAXSI),y) + $(INSTALL_DIR) $(1)/etc/nginx + $(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-naxsi/naxsi_config/naxsi_core.rules $(1)/etc/nginx + chmod 0640 $(1)/etc/nginx/naxsi_core.rules +endif + $(if $(CONFIG_NGINX_NAXSI),$($(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-naxsi/naxsi_config/naxsi_core.rules $(1)/etc/nginx)) + $(if $(CONFIG_NGINX_NAXSI),$(chmod 0640 $(1)/etc/nginx/naxsi_core.rules)) +endef + +define Build/Prepare + $(call Build/Prepare/Default) + $(if $(CONFIG_NGINX_NAXSI),$(call Prepare/nginx-naxsi)) +endef + +define Download/nginx-naxsi + VERSION:=6358c3d2e68a0c9e3ad11661c2a1f63fadc9b4f2 + SUBDIR:=nginx-naxsi + FILE:=nginx-naxsi-module-$(PKG_VERSION)-$$(VERSION).tar.gz + URL:=https://github.com/nbs-system/naxsi.git + PROTO:=git +endef + +define Prepare/nginx-naxsi + $(eval $(call Download,nginx-naxsi)) + gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) endef $(eval $(call BuildPackage,nginx)) From a387117a2a807e7d180e0dfc6e24d7eb61e1abdc Mon Sep 17 00:00:00 2001 From: heil Date: Wed, 30 Mar 2016 14:28:40 +0200 Subject: [PATCH 06/17] nginx: bump to version 1.9.13 Signed-off-by: heil --- net/nginx/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/nginx/Makefile b/net/nginx/Makefile index 6bce6a2a1..09479227c 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx -PKG_VERSION:=1.9.9 -PKG_RELEASE:=2 +PKG_VERSION:=1.9.13 +PKG_RELEASE:=1 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://nginx.org/download/ -PKG_MD5SUM:=50fdfa08e93ead7a111cba5a5f5735af +PKG_MD5SUM:=e7502dc170277597ca73eb53c359c771 PKG_MAINTAINER:=Thomas Heil PKG_LICENSE:=2-clause BSD-like license From 0912175ec17d40dc7a8c65585c72229b1f119fb8 Mon Sep 17 00:00:00 2001 From: Dirk Feytons Date: Fri, 29 Apr 2016 16:00:50 +0200 Subject: [PATCH 07/17] nginx: upstep to 1.10.0, add Lua module, footprint optimizations Signed-off-by: Dirk Feytons --- net/nginx/Config.in | 7 +- net/nginx/Makefile | 42 +++- .../patches-lua-nginx/100-by-lua-block.patch | 195 ++++++++++++++++++ net/nginx/patches/101-feature_test_fix.patch | 12 +- net/nginx/patches/102-sizeof_test_fix.patch | 3 +- net/nginx/patches/300-max-processes.patch | 11 + 6 files changed, 254 insertions(+), 16 deletions(-) create mode 100644 net/nginx/patches-lua-nginx/100-by-lua-block.patch create mode 100644 net/nginx/patches/300-max-processes.patch diff --git a/net/nginx/Config.in b/net/nginx/Config.in index 6482d9d28..bf6b834c2 100644 --- a/net/nginx/Config.in +++ b/net/nginx/Config.in @@ -1,5 +1,5 @@ # -# Copyright (C) 2010-2012 OpenWrt.org +# Copyright (C) 2010-2016 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -177,4 +177,9 @@ config NGINX_NAXSI prompt "Enable NAXSI module" default y +config NGINX_LUA + bool + prompt "Enable Lua module" + default n + endmenu diff --git a/net/nginx/Makefile b/net/nginx/Makefile index 09479227c..fa26de80f 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2012-2015 OpenWrt.org +# Copyright (C) 2012-2016 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx -PKG_VERSION:=1.9.13 +PKG_VERSION:=1.10.0 PKG_RELEASE:=1 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://nginx.org/download/ -PKG_MD5SUM:=e7502dc170277597ca73eb53c359c771 +PKG_MD5SUM:=c184c873d2798c5ba92be95ed1209c02 PKG_MAINTAINER:=Thomas Heil PKG_LICENSE:=2-clause BSD-like license @@ -54,7 +54,9 @@ PKG_CONFIG_DEPENDS := \ CONFIG_NGINX_HTTP_UPSTREAM_KEEPALIVE \ CONFIG_NGINX_HTTP_UPSTREAM_ZONE \ CONFIG_NGINX_HTTP_CACHE \ - CONFIG_NGINX_PCRE + CONFIG_NGINX_PCRE \ + CONFIG_NGINX_NAXSI \ + CONFIG_NGINX_LUA include $(INCLUDE_DIR)/package.mk @@ -64,7 +66,7 @@ define Package/nginx SUBMENU:=Web Servers/Proxies TITLE:=Nginx web server URL:=http://nginx.org/ - DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +libpthread + DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +NGINX_LUA:liblua +libpthread MENU:=1 endef @@ -77,7 +79,7 @@ define Package/nginx/config source "$(SOURCE)/Config.in" endef -config_files=nginx.conf mime.types fastcgi_params koi-utf koi-win win-utf +config_files=nginx.conf mime.types define Package/nginx/conffiles /etc/nginx/ @@ -87,8 +89,9 @@ ADDITIONAL_MODULES:= ifeq ($(CONFIG_NGINX_NAXSI),y) ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_src endif - -ADDITIONAL_MODULES:= +ifeq ($(CONFIG_NGINX_LUA),y) + ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/lua-nginx +endif ifeq ($(CONFIG_IPV6),y) ADDITIONAL_MODULES += --with-ipv6 endif @@ -112,6 +115,8 @@ ifneq ($(CONFIG_NGINX_PCRE),y) endif ifneq ($(CONFIG_NGINX_HTTP_CHARSET),y) ADDITIONAL_MODULES += --without-http_charset_module +else + config_files += koi-utf koi-win win-utf endif ifneq ($(CONFIG_NGINX_HTTP_GZIP),y) ADDITIONAL_MODULES += --without-http_gzip_module @@ -151,6 +156,8 @@ ifneq ($(CONFIG_NGINX_HTTP_PROXY),y) endif ifneq ($(CONFIG_NGINX_HTTP_FASTCGI),y) ADDITIONAL_MODULES += --without-http_fastcgi_module +else + config_files += fastcgi_params endif ifneq ($(CONFIG_NGINX_HTTP_UWSGI),y) ADDITIONAL_MODULES += --without-http_uwsgi_module @@ -186,8 +193,12 @@ ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_KEEPALIVE),y) ADDITIONAL_MODULES += --without-http_upstream_keepalive_module endif +TARGET_CFLAGS += -fvisibility=hidden -ffunction-sections -fdata-sections -DNGX_LUA_NO_BY_LUA_BLOCK +TARGET_LDFLAGS += -Wl,--gc-sections + define Build/Configure ( cd $(PKG_BUILD_DIR) ; \ + $(if $(CONFIG_NGINX_LUA),LUA_INC=$(STAGING_DIR)/usr/include LUA_LIB=$(STAGING_DIR)/usr/lib) \ ./configure \ --crossbuild=Linux::$(ARCH) \ --prefix=/usr \ @@ -226,6 +237,7 @@ endef define Build/Prepare $(call Build/Prepare/Default) $(if $(CONFIG_NGINX_NAXSI),$(call Prepare/nginx-naxsi)) + $(if $(CONFIG_NGINX_LUA),$(call Prepare/lua-nginx)) endef define Download/nginx-naxsi @@ -241,4 +253,18 @@ define Prepare/nginx-naxsi gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) endef +define Download/lua-nginx + VERSION:=df5bf1d6242eb5c11adf0dccb8e830dc6672e14b + SUBDIR:=lua-nginx + FILE:=lua-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz + URL:=https://github.com/openresty/lua-nginx-module.git + PROTO:=git +endef + +define Prepare/lua-nginx + $(eval $(call Download,lua-nginx)) + gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + $(call PatchDir,$(PKG_BUILD_DIR),./patches-lua-nginx) +endef + $(eval $(call BuildPackage,nginx)) diff --git a/net/nginx/patches-lua-nginx/100-by-lua-block.patch b/net/nginx/patches-lua-nginx/100-by-lua-block.patch new file mode 100644 index 000000000..cf9fa0993 --- /dev/null +++ b/net/nginx/patches-lua-nginx/100-by-lua-block.patch @@ -0,0 +1,195 @@ +--- a/lua-nginx/src/ngx_http_lua_module.c ++++ b/lua-nginx/src/ngx_http_lua_module.c +@@ -150,14 +150,14 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_lua_loc_conf_t, log_socket_errors), + NULL }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + { ngx_string("init_by_lua_block"), + NGX_HTTP_MAIN_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS, + ngx_http_lua_init_by_lua_block, + NGX_HTTP_MAIN_CONF_OFFSET, + 0, + (void *) ngx_http_lua_init_by_inline }, +- ++#endif + { ngx_string("init_by_lua"), + NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1, + ngx_http_lua_init_by_lua, +@@ -171,14 +171,14 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_MAIN_CONF_OFFSET, + 0, + (void *) ngx_http_lua_init_by_file }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + { ngx_string("init_worker_by_lua_block"), + NGX_HTTP_MAIN_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS, + ngx_http_lua_init_worker_by_lua_block, + NGX_HTTP_MAIN_CONF_OFFSET, + 0, + (void *) ngx_http_lua_init_worker_by_inline }, +- ++#endif + { ngx_string("init_worker_by_lua"), + NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1, + ngx_http_lua_init_worker_by_lua, +@@ -194,6 +194,7 @@ static ngx_command_t ngx_http_lua_cmds[] + (void *) ngx_http_lua_init_worker_by_file }, + + #if defined(NDK) && NDK ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + /* set_by_lua $res { inline Lua code } [$arg1 [$arg2 [...]]] */ + { ngx_string("set_by_lua_block"), + NGX_HTTP_SRV_CONF|NGX_HTTP_SIF_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -202,7 +203,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_filter_set_by_lua_inline }, +- ++#endif + /* set_by_lua $res [$arg1 [$arg2 [...]]] */ + { ngx_string("set_by_lua"), + NGX_HTTP_SRV_CONF|NGX_HTTP_SIF_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -230,7 +231,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_rewrite_handler_inline }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + /* rewrite_by_lua_block { } */ + { ngx_string("rewrite_by_lua_block"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -239,7 +240,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_rewrite_handler_inline }, +- ++#endif + /* access_by_lua "" */ + { ngx_string("access_by_lua"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -248,7 +249,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_access_handler_inline }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + /* access_by_lua_block { } */ + { ngx_string("access_by_lua_block"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -257,7 +258,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_access_handler_inline }, +- ++#endif + /* content_by_lua "" */ + { ngx_string("content_by_lua"), + NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF|NGX_CONF_TAKE1, +@@ -265,7 +266,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_content_handler_inline }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + /* content_by_lua_block { } */ + { ngx_string("content_by_lua_block"), + NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS, +@@ -273,7 +274,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_content_handler_inline }, +- ++#endif + /* log_by_lua */ + { ngx_string("log_by_lua"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -282,7 +283,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_log_handler_inline }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + /* log_by_lua_block { } */ + { ngx_string("log_by_lua_block"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -291,7 +292,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_log_handler_inline }, +- ++#endif + { ngx_string("rewrite_by_lua_file"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF + |NGX_CONF_TAKE1, +@@ -346,7 +347,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_header_filter_inline }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + /* header_filter_by_lua_block { } */ + { ngx_string("header_filter_by_lua_block"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -355,7 +356,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_header_filter_inline }, +- ++#endif + { ngx_string("header_filter_by_lua_file"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF + |NGX_CONF_TAKE1, +@@ -371,7 +372,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_body_filter_inline }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + /* body_filter_by_lua_block { } */ + { ngx_string("body_filter_by_lua_block"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -380,7 +381,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_body_filter_inline }, +- ++#endif + { ngx_string("body_filter_by_lua_file"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF + |NGX_CONF_TAKE1, +@@ -388,14 +389,14 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_body_filter_file }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + { ngx_string("balancer_by_lua_block"), + NGX_HTTP_UPS_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS, + ngx_http_lua_balancer_by_lua_block, + NGX_HTTP_SRV_CONF_OFFSET, + 0, + (void *) ngx_http_lua_balancer_handler_inline }, +- ++#endif + { ngx_string("balancer_by_lua_file"), + NGX_HTTP_UPS_CONF|NGX_CONF_TAKE1, + ngx_http_lua_balancer_by_lua, +@@ -502,14 +503,14 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_lua_loc_conf_t, ssl_ciphers), + NULL }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + { ngx_string("ssl_certificate_by_lua_block"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS, + ngx_http_lua_ssl_cert_by_lua_block, + NGX_HTTP_SRV_CONF_OFFSET, + 0, + (void *) ngx_http_lua_ssl_cert_handler_inline }, +- ++#endif + { ngx_string("ssl_certificate_by_lua_file"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, + ngx_http_lua_ssl_cert_by_lua, diff --git a/net/nginx/patches/101-feature_test_fix.patch b/net/nginx/patches/101-feature_test_fix.patch index a345c0e3c..2c692bc79 100644 --- a/net/nginx/patches/101-feature_test_fix.patch +++ b/net/nginx/patches/101-feature_test_fix.patch @@ -11,7 +11,7 @@ ngx_feature_libs= --- a/auto/cc/conf +++ b/auto/cc/conf -@@ -178,7 +178,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then +@@ -200,7 +200,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then else ngx_feature="C99 variadic macros" ngx_feature_name="NGX_HAVE_C99_VARIADIC_MACROS" @@ -20,7 +20,7 @@ ngx_feature_incs="#include #define var(dummy, ...) sprintf(__VA_ARGS__)" ngx_feature_path= -@@ -192,7 +192,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then +@@ -214,7 +214,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then ngx_feature="gcc variadic macros" ngx_feature_name="NGX_HAVE_GCC_VARIADIC_MACROS" @@ -69,7 +69,7 @@ ngx_feature_libs= --- a/auto/unix +++ b/auto/unix -@@ -678,7 +678,7 @@ ngx_feature_test="void *p; p = memalign( +@@ -735,7 +735,7 @@ ngx_feature_test="void *p; p = memalign( ngx_feature="mmap(MAP_ANON|MAP_SHARED)" ngx_feature_name="NGX_HAVE_MAP_ANON" @@ -78,7 +78,7 @@ ngx_feature_incs="#include " ngx_feature_path= ngx_feature_libs= -@@ -691,7 +691,7 @@ ngx_feature_test="void *p; +@@ -748,7 +748,7 @@ ngx_feature_test="void *p; ngx_feature='mmap("/dev/zero", MAP_SHARED)' ngx_feature_name="NGX_HAVE_MAP_DEVZERO" @@ -87,7 +87,7 @@ ngx_feature_incs="#include #include #include " -@@ -706,7 +706,7 @@ ngx_feature_test='void *p; int fd; +@@ -763,7 +763,7 @@ ngx_feature_test='void *p; int fd; ngx_feature="System V shared memory" ngx_feature_name="NGX_HAVE_SYSVSHM" @@ -96,7 +96,7 @@ ngx_feature_incs="#include #include " ngx_feature_path= -@@ -720,7 +720,7 @@ ngx_feature_test="int id; +@@ -777,7 +777,7 @@ ngx_feature_test="int id; ngx_feature="POSIX semaphores" ngx_feature_name="NGX_HAVE_POSIX_SEM" diff --git a/net/nginx/patches/102-sizeof_test_fix.patch b/net/nginx/patches/102-sizeof_test_fix.patch index 0cd93cc4e..36d7aaff4 100644 --- a/net/nginx/patches/102-sizeof_test_fix.patch +++ b/net/nginx/patches/102-sizeof_test_fix.patch @@ -1,6 +1,6 @@ --- a/auto/types/sizeof +++ b/auto/types/sizeof -@@ -25,8 +25,13 @@ $NGX_INCLUDE_UNISTD_H +@@ -25,8 +25,14 @@ $NGX_INCLUDE_UNISTD_H $NGX_INCLUDE_INTTYPES_H $NGX_INCLUDE_AUTO_CONFIG_H @@ -12,6 +12,7 @@ + int main() { - printf("%d", (int) sizeof($ngx_type)); ++ printf("dummy use of object_code_block to avoid gc-section: %c", object_code_block[0]); return 0; } diff --git a/net/nginx/patches/300-max-processes.patch b/net/nginx/patches/300-max-processes.patch new file mode 100644 index 000000000..f7465d434 --- /dev/null +++ b/net/nginx/patches/300-max-processes.patch @@ -0,0 +1,11 @@ +--- a/src/os/unix/ngx_process.h ++++ b/src/os/unix/ngx_process.h +@@ -44,7 +44,7 @@ typedef struct { + } ngx_exec_ctx_t; + + +-#define NGX_MAX_PROCESSES 1024 ++#define NGX_MAX_PROCESSES 8 + + #define NGX_PROCESS_NORESPAWN -1 + #define NGX_PROCESS_JUST_SPAWN -2 From a529b679a3edce0e9c6d628a7fd2424c84c268dc Mon Sep 17 00:00:00 2001 From: heil Date: Mon, 9 May 2016 14:25:18 +0200 Subject: [PATCH 08/17] nginx: correct errors from previous merge Signed-off-by: heil --- net/nginx/Config.in | 2 +- net/nginx/Makefile | 32 +++++++- .../100-dont_export_symbols.patch | 65 +++++++++++++++ ...-block.patch => 101-no_by_lua_block.patch} | 79 ++++--------------- 4 files changed, 109 insertions(+), 69 deletions(-) create mode 100644 net/nginx/patches-lua-nginx/100-dont_export_symbols.patch rename net/nginx/patches-lua-nginx/{100-by-lua-block.patch => 101-no_by_lua_block.patch} (62%) diff --git a/net/nginx/Config.in b/net/nginx/Config.in index bf6b834c2..349f69315 100644 --- a/net/nginx/Config.in +++ b/net/nginx/Config.in @@ -177,7 +177,7 @@ config NGINX_NAXSI prompt "Enable NAXSI module" default y -config NGINX_LUA +config NGINX_MODULE_LUA bool prompt "Enable Lua module" default n diff --git a/net/nginx/Makefile b/net/nginx/Makefile index fa26de80f..c4e9f0b56 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -56,7 +56,7 @@ PKG_CONFIG_DEPENDS := \ CONFIG_NGINX_HTTP_CACHE \ CONFIG_NGINX_PCRE \ CONFIG_NGINX_NAXSI \ - CONFIG_NGINX_LUA + CONFIG_NGINX_MODULE_LUA include $(INCLUDE_DIR)/package.mk @@ -66,7 +66,7 @@ define Package/nginx SUBMENU:=Web Servers/Proxies TITLE:=Nginx web server URL:=http://nginx.org/ - DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +NGINX_LUA:liblua +libpthread + DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +NGINX_MODULE_LUA:liblua +libpthread MENU:=1 endef @@ -192,6 +192,12 @@ endif ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_KEEPALIVE),y) ADDITIONAL_MODULES += --without-http_upstream_keepalive_module endif +ifeq ($(CONFIG_NGINX_MODULE_LUA),y) + ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/lua-nginx +endif + +TARGET_CFLAGS += -ffunction-sections -fdata-sections -DNGX_LUA_NO_BY_LUA_BLOCK +TARGET_LDFLAGS += -Wl,--gc-sections TARGET_CFLAGS += -fvisibility=hidden -ffunction-sections -fdata-sections -DNGX_LUA_NO_BY_LUA_BLOCK TARGET_LDFLAGS += -Wl,--gc-sections @@ -241,7 +247,7 @@ define Build/Prepare endef define Download/nginx-naxsi - VERSION:=6358c3d2e68a0c9e3ad11661c2a1f63fadc9b4f2 + VERSION:=5ab2309f0dc93d33e1443a15db519f8bfed8b455 SUBDIR:=nginx-naxsi FILE:=nginx-naxsi-module-$(PKG_VERSION)-$$(VERSION).tar.gz URL:=https://github.com/nbs-system/naxsi.git @@ -267,4 +273,24 @@ define Prepare/lua-nginx $(call PatchDir,$(PKG_BUILD_DIR),./patches-lua-nginx) endef +define Build/Prepare + $(call Build/Prepare/Default) + $(if $(CONFIG_NGINX_NAXSI),$(call Prepare/nginx-naxsi)) + $(if $(CONFIG_NGINX_MODULE_LUA),$(call Prepare/lua-nginx)) +endef + +define Download/lua-nginx + VERSION:=1967998b0eedab1ff51bff8fafa5fc3db47976aa + SUBDIR:=lua-nginx + FILE:=lua-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz + URL:=git://github.com/openresty/lua-nginx-module.git + PROTO:=git +endef + +define Prepare/lua-nginx + $(eval $(call Download,lua-nginx)) + gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + $(call PatchDir,$(PKG_BUILD_DIR),./patches-lua-nginx) +endef + $(eval $(call BuildPackage,nginx)) diff --git a/net/nginx/patches-lua-nginx/100-dont_export_symbols.patch b/net/nginx/patches-lua-nginx/100-dont_export_symbols.patch new file mode 100644 index 000000000..8011069ad --- /dev/null +++ b/net/nginx/patches-lua-nginx/100-dont_export_symbols.patch @@ -0,0 +1,65 @@ +--- a/lua-nginx/config ++++ b/lua-nginx/config +@@ -409,35 +409,35 @@ NGX_ADDON_DEPS="$NGX_ADDON_DEPS \ + + CFLAGS="$CFLAGS -DNDK_SET_VAR" + +-ngx_feature="export symbols by default (-E)" +-ngx_feature_libs="-Wl,-E" +-ngx_feature_name= +-ngx_feature_run=no +-ngx_feature_incs="#include " +-ngx_feature_path= +-ngx_feature_test='printf("hello");' +- +-. auto/feature +- +-if [ $ngx_found = yes ]; then +- CORE_LIBS="-Wl,-E $CORE_LIBS" +-fi ++#ngx_feature="export symbols by default (-E)" ++#ngx_feature_libs="-Wl,-E" ++#ngx_feature_name= ++#ngx_feature_run=no ++#ngx_feature_incs="#include " ++#ngx_feature_path= ++#ngx_feature_test='printf("hello");' ++# ++#. auto/feature ++# ++#if [ $ngx_found = yes ]; then ++# CORE_LIBS="-Wl,-E $CORE_LIBS" ++#fi + + # for Cygwin +-ngx_feature="export symbols by default (--export-all-symbols)" +-ngx_feature_libs="-Wl,--export-all-symbols" +-ngx_feature_name= +-ngx_feature_run=no +-ngx_feature_incs="#include " +-ngx_feature_path= +-ngx_feature_test='printf("hello");' +- +-. auto/feature +- +-if [ $ngx_found = yes ]; then +- CORE_LIBS="-Wl,--export-all-symbols $CORE_LIBS" +-fi +- ++#ngx_feature="export symbols by default (--export-all-symbols)" ++#ngx_feature_libs="-Wl,--export-all-symbols" ++#ngx_feature_name= ++#ngx_feature_run=no ++#ngx_feature_incs="#include " ++#ngx_feature_path= ++#ngx_feature_test='printf("hello");' ++# ++#. auto/feature ++# ++#if [ $ngx_found = yes ]; then ++# CORE_LIBS="-Wl,--export-all-symbols $CORE_LIBS" ++#fi ++# + NGX_DTRACE_PROVIDERS="$NGX_DTRACE_PROVIDERS $ngx_addon_dir/dtrace/ngx_lua_provider.d" + NGX_TAPSET_SRCS="$NGX_TAPSET_SRCS $ngx_addon_dir/tapset/ngx_lua.stp" + diff --git a/net/nginx/patches-lua-nginx/100-by-lua-block.patch b/net/nginx/patches-lua-nginx/101-no_by_lua_block.patch similarity index 62% rename from net/nginx/patches-lua-nginx/100-by-lua-block.patch rename to net/nginx/patches-lua-nginx/101-no_by_lua_block.patch index cf9fa0993..72d0d9182 100644 --- a/net/nginx/patches-lua-nginx/100-by-lua-block.patch +++ b/net/nginx/patches-lua-nginx/101-no_by_lua_block.patch @@ -1,6 +1,6 @@ --- a/lua-nginx/src/ngx_http_lua_module.c +++ b/lua-nginx/src/ngx_http_lua_module.c -@@ -150,14 +150,14 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -148,14 +148,14 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, offsetof(ngx_http_lua_loc_conf_t, log_socket_errors), NULL }, @@ -17,7 +17,7 @@ { ngx_string("init_by_lua"), NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1, ngx_http_lua_init_by_lua, -@@ -171,14 +171,14 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -169,14 +169,14 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_MAIN_CONF_OFFSET, 0, (void *) ngx_http_lua_init_by_file }, @@ -34,24 +34,7 @@ { ngx_string("init_worker_by_lua"), NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1, ngx_http_lua_init_worker_by_lua, -@@ -194,6 +194,7 @@ static ngx_command_t ngx_http_lua_cmds[] - (void *) ngx_http_lua_init_worker_by_file }, - - #if defined(NDK) && NDK -+#ifndef NGX_LUA_NO_BY_LUA_BLOCK - /* set_by_lua $res { inline Lua code } [$arg1 [$arg2 [...]]] */ - { ngx_string("set_by_lua_block"), - NGX_HTTP_SRV_CONF|NGX_HTTP_SIF_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF -@@ -202,7 +203,7 @@ static ngx_command_t ngx_http_lua_cmds[] - NGX_HTTP_LOC_CONF_OFFSET, - 0, - (void *) ngx_http_lua_filter_set_by_lua_inline }, -- -+#endif - /* set_by_lua $res [$arg1 [$arg2 [...]]] */ - { ngx_string("set_by_lua"), - NGX_HTTP_SRV_CONF|NGX_HTTP_SIF_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF -@@ -230,7 +231,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -228,7 +228,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_rewrite_handler_inline }, @@ -60,7 +43,7 @@ /* rewrite_by_lua_block { } */ { ngx_string("rewrite_by_lua_block"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF -@@ -239,7 +240,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -237,7 +237,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_rewrite_handler_inline }, @@ -69,7 +52,7 @@ /* access_by_lua "" */ { ngx_string("access_by_lua"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF -@@ -248,7 +249,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -246,7 +246,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_access_handler_inline }, @@ -78,7 +61,7 @@ /* access_by_lua_block { } */ { ngx_string("access_by_lua_block"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF -@@ -257,7 +258,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -255,7 +255,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_access_handler_inline }, @@ -87,7 +70,7 @@ /* content_by_lua "" */ { ngx_string("content_by_lua"), NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF|NGX_CONF_TAKE1, -@@ -265,7 +266,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -263,7 +263,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_content_handler_inline }, @@ -96,7 +79,7 @@ /* content_by_lua_block { } */ { ngx_string("content_by_lua_block"), NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS, -@@ -273,7 +274,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -271,7 +271,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_content_handler_inline }, @@ -105,7 +88,7 @@ /* log_by_lua */ { ngx_string("log_by_lua"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF -@@ -282,7 +283,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -280,7 +280,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_log_handler_inline }, @@ -114,7 +97,7 @@ /* log_by_lua_block { } */ { ngx_string("log_by_lua_block"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF -@@ -291,7 +292,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -289,7 +289,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_log_handler_inline }, @@ -123,7 +106,7 @@ { ngx_string("rewrite_by_lua_file"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF |NGX_CONF_TAKE1, -@@ -346,7 +347,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -337,7 +337,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_header_filter_inline }, @@ -132,7 +115,7 @@ /* header_filter_by_lua_block { } */ { ngx_string("header_filter_by_lua_block"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF -@@ -355,7 +356,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -346,7 +346,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_header_filter_inline }, @@ -141,7 +124,7 @@ { ngx_string("header_filter_by_lua_file"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF |NGX_CONF_TAKE1, -@@ -371,7 +372,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -362,7 +362,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_body_filter_inline }, @@ -150,7 +133,7 @@ /* body_filter_by_lua_block { } */ { ngx_string("body_filter_by_lua_block"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF -@@ -380,7 +381,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -371,7 +371,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_body_filter_inline }, @@ -159,37 +142,3 @@ { ngx_string("body_filter_by_lua_file"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF |NGX_CONF_TAKE1, -@@ -388,14 +389,14 @@ static ngx_command_t ngx_http_lua_cmds[] - NGX_HTTP_LOC_CONF_OFFSET, - 0, - (void *) ngx_http_lua_body_filter_file }, -- -+#ifndef NGX_LUA_NO_BY_LUA_BLOCK - { ngx_string("balancer_by_lua_block"), - NGX_HTTP_UPS_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS, - ngx_http_lua_balancer_by_lua_block, - NGX_HTTP_SRV_CONF_OFFSET, - 0, - (void *) ngx_http_lua_balancer_handler_inline }, -- -+#endif - { ngx_string("balancer_by_lua_file"), - NGX_HTTP_UPS_CONF|NGX_CONF_TAKE1, - ngx_http_lua_balancer_by_lua, -@@ -502,14 +503,14 @@ static ngx_command_t ngx_http_lua_cmds[] - NGX_HTTP_LOC_CONF_OFFSET, - offsetof(ngx_http_lua_loc_conf_t, ssl_ciphers), - NULL }, -- -+#ifndef NGX_LUA_NO_BY_LUA_BLOCK - { ngx_string("ssl_certificate_by_lua_block"), - NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS, - ngx_http_lua_ssl_cert_by_lua_block, - NGX_HTTP_SRV_CONF_OFFSET, - 0, - (void *) ngx_http_lua_ssl_cert_handler_inline }, -- -+#endif - { ngx_string("ssl_certificate_by_lua_file"), - NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, - ngx_http_lua_ssl_cert_by_lua, From 8fdd1db9d30c82b61fe7b2f03cbaedde1cfa8a49 Mon Sep 17 00:00:00 2001 From: Dirk Feytons Date: Mon, 9 May 2016 18:09:41 +0200 Subject: [PATCH 09/17] nginx: correct f3c7cc6 Signed-off-by: Dirk Feytons --- net/nginx/Config.in | 2 +- net/nginx/Makefile | 32 +------- .../100-dont_export_symbols.patch | 65 --------------- ..._block.patch => 100-no_by_lua_block.patch} | 79 +++++++++++++++---- 4 files changed, 69 insertions(+), 109 deletions(-) delete mode 100644 net/nginx/patches-lua-nginx/100-dont_export_symbols.patch rename net/nginx/patches-lua-nginx/{101-no_by_lua_block.patch => 100-no_by_lua_block.patch} (62%) diff --git a/net/nginx/Config.in b/net/nginx/Config.in index 349f69315..bf6b834c2 100644 --- a/net/nginx/Config.in +++ b/net/nginx/Config.in @@ -177,7 +177,7 @@ config NGINX_NAXSI prompt "Enable NAXSI module" default y -config NGINX_MODULE_LUA +config NGINX_LUA bool prompt "Enable Lua module" default n diff --git a/net/nginx/Makefile b/net/nginx/Makefile index c4e9f0b56..af0747636 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -56,7 +56,7 @@ PKG_CONFIG_DEPENDS := \ CONFIG_NGINX_HTTP_CACHE \ CONFIG_NGINX_PCRE \ CONFIG_NGINX_NAXSI \ - CONFIG_NGINX_MODULE_LUA + CONFIG_NGINX_LUA include $(INCLUDE_DIR)/package.mk @@ -66,7 +66,7 @@ define Package/nginx SUBMENU:=Web Servers/Proxies TITLE:=Nginx web server URL:=http://nginx.org/ - DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +NGINX_MODULE_LUA:liblua +libpthread + DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +NGINX_LUA:liblua +libpthread MENU:=1 endef @@ -192,12 +192,6 @@ endif ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_KEEPALIVE),y) ADDITIONAL_MODULES += --without-http_upstream_keepalive_module endif -ifeq ($(CONFIG_NGINX_MODULE_LUA),y) - ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/lua-nginx -endif - -TARGET_CFLAGS += -ffunction-sections -fdata-sections -DNGX_LUA_NO_BY_LUA_BLOCK -TARGET_LDFLAGS += -Wl,--gc-sections TARGET_CFLAGS += -fvisibility=hidden -ffunction-sections -fdata-sections -DNGX_LUA_NO_BY_LUA_BLOCK TARGET_LDFLAGS += -Wl,--gc-sections @@ -260,7 +254,7 @@ define Prepare/nginx-naxsi endef define Download/lua-nginx - VERSION:=df5bf1d6242eb5c11adf0dccb8e830dc6672e14b + VERSION:=1967998b0eedab1ff51bff8fafa5fc3db47976aa SUBDIR:=lua-nginx FILE:=lua-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz URL:=https://github.com/openresty/lua-nginx-module.git @@ -273,24 +267,4 @@ define Prepare/lua-nginx $(call PatchDir,$(PKG_BUILD_DIR),./patches-lua-nginx) endef -define Build/Prepare - $(call Build/Prepare/Default) - $(if $(CONFIG_NGINX_NAXSI),$(call Prepare/nginx-naxsi)) - $(if $(CONFIG_NGINX_MODULE_LUA),$(call Prepare/lua-nginx)) -endef - -define Download/lua-nginx - VERSION:=1967998b0eedab1ff51bff8fafa5fc3db47976aa - SUBDIR:=lua-nginx - FILE:=lua-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz - URL:=git://github.com/openresty/lua-nginx-module.git - PROTO:=git -endef - -define Prepare/lua-nginx - $(eval $(call Download,lua-nginx)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) - $(call PatchDir,$(PKG_BUILD_DIR),./patches-lua-nginx) -endef - $(eval $(call BuildPackage,nginx)) diff --git a/net/nginx/patches-lua-nginx/100-dont_export_symbols.patch b/net/nginx/patches-lua-nginx/100-dont_export_symbols.patch deleted file mode 100644 index 8011069ad..000000000 --- a/net/nginx/patches-lua-nginx/100-dont_export_symbols.patch +++ /dev/null @@ -1,65 +0,0 @@ ---- a/lua-nginx/config -+++ b/lua-nginx/config -@@ -409,35 +409,35 @@ NGX_ADDON_DEPS="$NGX_ADDON_DEPS \ - - CFLAGS="$CFLAGS -DNDK_SET_VAR" - --ngx_feature="export symbols by default (-E)" --ngx_feature_libs="-Wl,-E" --ngx_feature_name= --ngx_feature_run=no --ngx_feature_incs="#include " --ngx_feature_path= --ngx_feature_test='printf("hello");' -- --. auto/feature -- --if [ $ngx_found = yes ]; then -- CORE_LIBS="-Wl,-E $CORE_LIBS" --fi -+#ngx_feature="export symbols by default (-E)" -+#ngx_feature_libs="-Wl,-E" -+#ngx_feature_name= -+#ngx_feature_run=no -+#ngx_feature_incs="#include " -+#ngx_feature_path= -+#ngx_feature_test='printf("hello");' -+# -+#. auto/feature -+# -+#if [ $ngx_found = yes ]; then -+# CORE_LIBS="-Wl,-E $CORE_LIBS" -+#fi - - # for Cygwin --ngx_feature="export symbols by default (--export-all-symbols)" --ngx_feature_libs="-Wl,--export-all-symbols" --ngx_feature_name= --ngx_feature_run=no --ngx_feature_incs="#include " --ngx_feature_path= --ngx_feature_test='printf("hello");' -- --. auto/feature -- --if [ $ngx_found = yes ]; then -- CORE_LIBS="-Wl,--export-all-symbols $CORE_LIBS" --fi -- -+#ngx_feature="export symbols by default (--export-all-symbols)" -+#ngx_feature_libs="-Wl,--export-all-symbols" -+#ngx_feature_name= -+#ngx_feature_run=no -+#ngx_feature_incs="#include " -+#ngx_feature_path= -+#ngx_feature_test='printf("hello");' -+# -+#. auto/feature -+# -+#if [ $ngx_found = yes ]; then -+# CORE_LIBS="-Wl,--export-all-symbols $CORE_LIBS" -+#fi -+# - NGX_DTRACE_PROVIDERS="$NGX_DTRACE_PROVIDERS $ngx_addon_dir/dtrace/ngx_lua_provider.d" - NGX_TAPSET_SRCS="$NGX_TAPSET_SRCS $ngx_addon_dir/tapset/ngx_lua.stp" - diff --git a/net/nginx/patches-lua-nginx/101-no_by_lua_block.patch b/net/nginx/patches-lua-nginx/100-no_by_lua_block.patch similarity index 62% rename from net/nginx/patches-lua-nginx/101-no_by_lua_block.patch rename to net/nginx/patches-lua-nginx/100-no_by_lua_block.patch index 72d0d9182..fef983fa7 100644 --- a/net/nginx/patches-lua-nginx/101-no_by_lua_block.patch +++ b/net/nginx/patches-lua-nginx/100-no_by_lua_block.patch @@ -1,6 +1,6 @@ --- a/lua-nginx/src/ngx_http_lua_module.c +++ b/lua-nginx/src/ngx_http_lua_module.c -@@ -148,14 +148,14 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -157,14 +157,14 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, offsetof(ngx_http_lua_loc_conf_t, log_socket_errors), NULL }, @@ -17,7 +17,7 @@ { ngx_string("init_by_lua"), NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1, ngx_http_lua_init_by_lua, -@@ -169,14 +169,14 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -178,14 +178,14 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_MAIN_CONF_OFFSET, 0, (void *) ngx_http_lua_init_by_file }, @@ -34,7 +34,24 @@ { ngx_string("init_worker_by_lua"), NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1, ngx_http_lua_init_worker_by_lua, -@@ -228,7 +228,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -201,6 +201,7 @@ static ngx_command_t ngx_http_lua_cmds[] + (void *) ngx_http_lua_init_worker_by_file }, + + #if defined(NDK) && NDK ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + /* set_by_lua $res { inline Lua code } [$arg1 [$arg2 [...]]] */ + { ngx_string("set_by_lua_block"), + NGX_HTTP_SRV_CONF|NGX_HTTP_SIF_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -209,7 +210,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_filter_set_by_lua_inline }, +- ++#endif + /* set_by_lua $res [$arg1 [$arg2 [...]]] */ + { ngx_string("set_by_lua"), + NGX_HTTP_SRV_CONF|NGX_HTTP_SIF_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -237,7 +238,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_rewrite_handler_inline }, @@ -43,7 +60,7 @@ /* rewrite_by_lua_block { } */ { ngx_string("rewrite_by_lua_block"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF -@@ -237,7 +237,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -246,7 +247,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_rewrite_handler_inline }, @@ -52,7 +69,7 @@ /* access_by_lua "" */ { ngx_string("access_by_lua"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF -@@ -246,7 +246,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -255,7 +256,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_access_handler_inline }, @@ -61,7 +78,7 @@ /* access_by_lua_block { } */ { ngx_string("access_by_lua_block"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF -@@ -255,7 +255,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -264,7 +265,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_access_handler_inline }, @@ -70,7 +87,7 @@ /* content_by_lua "" */ { ngx_string("content_by_lua"), NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF|NGX_CONF_TAKE1, -@@ -263,7 +263,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -272,7 +273,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_content_handler_inline }, @@ -79,7 +96,7 @@ /* content_by_lua_block { } */ { ngx_string("content_by_lua_block"), NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS, -@@ -271,7 +271,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -280,7 +281,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_content_handler_inline }, @@ -88,7 +105,7 @@ /* log_by_lua */ { ngx_string("log_by_lua"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF -@@ -280,7 +280,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -289,7 +290,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_log_handler_inline }, @@ -97,7 +114,7 @@ /* log_by_lua_block { } */ { ngx_string("log_by_lua_block"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF -@@ -289,7 +289,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -298,7 +299,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_log_handler_inline }, @@ -106,7 +123,7 @@ { ngx_string("rewrite_by_lua_file"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF |NGX_CONF_TAKE1, -@@ -337,7 +337,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -353,7 +354,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_header_filter_inline }, @@ -115,7 +132,7 @@ /* header_filter_by_lua_block { } */ { ngx_string("header_filter_by_lua_block"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF -@@ -346,7 +346,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -362,7 +363,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_header_filter_inline }, @@ -124,7 +141,7 @@ { ngx_string("header_filter_by_lua_file"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF |NGX_CONF_TAKE1, -@@ -362,7 +362,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -378,7 +379,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_body_filter_inline }, @@ -133,7 +150,7 @@ /* body_filter_by_lua_block { } */ { ngx_string("body_filter_by_lua_block"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF -@@ -371,7 +371,7 @@ static ngx_command_t ngx_http_lua_cmds[] +@@ -387,7 +388,7 @@ static ngx_command_t ngx_http_lua_cmds[] NGX_HTTP_LOC_CONF_OFFSET, 0, (void *) ngx_http_lua_body_filter_inline }, @@ -142,3 +159,37 @@ { ngx_string("body_filter_by_lua_file"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF |NGX_CONF_TAKE1, +@@ -395,14 +396,14 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_body_filter_file }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + { ngx_string("balancer_by_lua_block"), + NGX_HTTP_UPS_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS, + ngx_http_lua_balancer_by_lua_block, + NGX_HTTP_SRV_CONF_OFFSET, + 0, + (void *) ngx_http_lua_balancer_handler_inline }, +- ++#endif + { ngx_string("balancer_by_lua_file"), + NGX_HTTP_UPS_CONF|NGX_CONF_TAKE1, + ngx_http_lua_balancer_by_lua, +@@ -509,14 +510,14 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_lua_loc_conf_t, ssl_ciphers), + NULL }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + { ngx_string("ssl_certificate_by_lua_block"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS, + ngx_http_lua_ssl_cert_by_lua_block, + NGX_HTTP_SRV_CONF_OFFSET, + 0, + (void *) ngx_http_lua_ssl_cert_handler_inline }, +- ++#endif + { ngx_string("ssl_certificate_by_lua_file"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, + ngx_http_lua_ssl_cert_by_lua, From 63037f9ae47ba942d21957312ce9e4009ccb513e Mon Sep 17 00:00:00 2001 From: Dirk Feytons Date: Tue, 10 May 2016 15:54:27 +0200 Subject: [PATCH 10/17] nginx: change start level to 80 Signed-off-by: Dirk Feytons --- net/nginx/files/nginx.init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/nginx/files/nginx.init b/net/nginx/files/nginx.init index d47d46f89..40d389719 100644 --- a/net/nginx/files/nginx.init +++ b/net/nginx/files/nginx.init @@ -1,7 +1,7 @@ #!/bin/sh /etc/rc.common # Copyright (C) 2015 OpenWrt.org -START=50 +START=80 USE_PROCD=1 From 15c041ac253094c215ffeeae7e478772433d8d9a Mon Sep 17 00:00:00 2001 From: Xotic750 Date: Tue, 31 May 2016 22:54:26 +0200 Subject: [PATCH 11/17] nginx: Bumped to v1.10.1 fixes NULL pointer dereference while writing client request body vulnerability (CVE-2016-4450). Signed-off-by: Graham Fairweather --- net/nginx/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/nginx/Makefile b/net/nginx/Makefile index af0747636..d27ee6412 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx -PKG_VERSION:=1.10.0 +PKG_VERSION:=1.10.1 PKG_RELEASE:=1 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://nginx.org/download/ -PKG_MD5SUM:=c184c873d2798c5ba92be95ed1209c02 +PKG_MD5SUM:=088292d9caf6059ef328aa7dda332e44 PKG_MAINTAINER:=Thomas Heil PKG_LICENSE:=2-clause BSD-like license From 055ac44d0befbbf349e8117f961a7c40d8b5fdac Mon Sep 17 00:00:00 2001 From: Xotic750 Date: Wed, 1 Jun 2016 01:36:50 +0200 Subject: [PATCH 12/17] nginx: Bumped nginx-naxsi to v0.54 Signed-off-by: Graham Fairweather --- net/nginx/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/nginx/Makefile b/net/nginx/Makefile index d27ee6412..fa1e87391 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx PKG_VERSION:=1.10.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://nginx.org/download/ @@ -241,7 +241,7 @@ define Build/Prepare endef define Download/nginx-naxsi - VERSION:=5ab2309f0dc93d33e1443a15db519f8bfed8b455 + VERSION:=7a6ff365f6be736c826b2d69b967a250ac07197d SUBDIR:=nginx-naxsi FILE:=nginx-naxsi-module-$(PKG_VERSION)-$$(VERSION).tar.gz URL:=https://github.com/nbs-system/naxsi.git From a7ee240daa7ee46502fdfe5e4f07a1c7326a6c5d Mon Sep 17 00:00:00 2001 From: heil Date: Tue, 20 Dec 2016 16:37:53 +0100 Subject: [PATCH 13/17] nginx: bump version to latest stable 1.10.2 Signed-off-by: heil --- net/nginx/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/nginx/Makefile b/net/nginx/Makefile index fa1e87391..5ebdaa51d 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx -PKG_VERSION:=1.10.1 -PKG_RELEASE:=2 +PKG_VERSION:=1.10.2 +PKG_RELEASE:=1 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://nginx.org/download/ -PKG_MD5SUM:=088292d9caf6059ef328aa7dda332e44 +PKG_MD5SUM:=e8f5f4beed041e63eb97f9f4f55f3085 PKG_MAINTAINER:=Thomas Heil PKG_LICENSE:=2-clause BSD-like license @@ -241,7 +241,7 @@ define Build/Prepare endef define Download/nginx-naxsi - VERSION:=7a6ff365f6be736c826b2d69b967a250ac07197d + VERSION:=cf73f9c8664127252c2a4958d2e169516d3845a1 SUBDIR:=nginx-naxsi FILE:=nginx-naxsi-module-$(PKG_VERSION)-$$(VERSION).tar.gz URL:=https://github.com/nbs-system/naxsi.git From 066f648fb16c65d40de7c6ff422ba70f9187e548 Mon Sep 17 00:00:00 2001 From: Val Kulkov Date: Wed, 1 Feb 2017 00:25:57 -0500 Subject: [PATCH 14/17] nginx: update to 1.10.3, add new module options Update nginx to version 1.10.3. Add new configuration options to enable the following optional modules (disabled by default): - http_auth_request_module - http_v2_module - http_realip_module - http_secure_link_module Signed-off-by: Val Kulkov --- net/nginx/Config.in | 20 ++++++++++++++++++++ net/nginx/Makefile | 22 +++++++++++++++++++--- 2 files changed, 39 insertions(+), 3 deletions(-) diff --git a/net/nginx/Config.in b/net/nginx/Config.in index bf6b834c2..4cec04026 100644 --- a/net/nginx/Config.in +++ b/net/nginx/Config.in @@ -66,6 +66,11 @@ config NGINX_HTTP_AUTH_BASIC prompt "Enable HTTP auth basic" default y +config NGINX_HTTP_AUTH_REQUEST + bool + prompt "Enable HTTP auth request module" + default n + config NGINX_HTTP_AUTOINDEX bool prompt "Enable HTTP autoindex module" @@ -167,6 +172,11 @@ config NGINX_HTTP_CACHE prompt "Enable HTTP cache" default y +config NGINX_HTTP_V2 + bool + prompt "Enable HTTP_V2 module" + default n + config NGINX_PCRE bool prompt "Enable PCRE library usage" @@ -182,4 +192,14 @@ config NGINX_LUA prompt "Enable Lua module" default n +config NGINX_HTTP_REAL_IP + bool + prompt "Enable HTTP real ip module" + default n + +config NGINX_HTTP_SECURE_LINK + bool + prompt "Enable HTTP secure link module" + default n + endmenu diff --git a/net/nginx/Makefile b/net/nginx/Makefile index 5ebdaa51d..42f831ba0 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx -PKG_VERSION:=1.10.2 +PKG_VERSION:=1.10.3 PKG_RELEASE:=1 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://nginx.org/download/ -PKG_MD5SUM:=e8f5f4beed041e63eb97f9f4f55f3085 +PKG_MD5SUM:=204a20cb4f0b0c9db746c630d89ff4ea PKG_MAINTAINER:=Thomas Heil PKG_LICENSE:=2-clause BSD-like license @@ -33,6 +33,7 @@ PKG_CONFIG_DEPENDS := \ CONFIG_NGINX_HTTP_USERID \ CONFIG_NGINX_HTTP_ACCESS \ CONFIG_NGINX_HTTP_AUTH_BASIC \ + CONFIG_NGINX_HTTP_AUTH_REQUEST \ CONFIG_NGINX_HTTP_AUTOINDEX \ CONFIG_NGINX_HTTP_GEO \ CONFIG_NGINX_HTTP_MAP \ @@ -54,9 +55,12 @@ PKG_CONFIG_DEPENDS := \ CONFIG_NGINX_HTTP_UPSTREAM_KEEPALIVE \ CONFIG_NGINX_HTTP_UPSTREAM_ZONE \ CONFIG_NGINX_HTTP_CACHE \ + CONFIG_NGINX_HTTP_V2 \ CONFIG_NGINX_PCRE \ CONFIG_NGINX_NAXSI \ - CONFIG_NGINX_LUA + CONFIG_NGINX_LUA \ + CONFIG_NGINX_HTTP_REAL_IP \ + CONFIG_NGINX_HTTP_SECURE_LINK include $(INCLUDE_DIR)/package.mk @@ -133,6 +137,9 @@ endif ifneq ($(CONFIG_NGINX_HTTP_AUTH_BASIC),y) ADDITIONAL_MODULES += --without-http_auth_basic_module endif +ifeq ($(CONFIG_NGINX_HTTP_AUTH_REQUEST),y) + ADDITIONAL_MODULES += --with-http_auth_request_module +endif ifneq ($(CONFIG_NGINX_HTTP_AUTOINDEX),y) ADDITIONAL_MODULES += --without-http_autoindex_module endif @@ -192,6 +199,15 @@ endif ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_KEEPALIVE),y) ADDITIONAL_MODULES += --without-http_upstream_keepalive_module endif +ifeq ($(CONFIG_NGINX_HTTP_V2),y) + ADDITIONAL_MODULES += --with-http_v2_module +endif +ifeq ($(CONFIG_NGINX_HTTP_REAL_IP),y) + ADDITIONAL_MODULES += --with-http_realip_module +endif +ifeq ($(CONFIG_NGINX_HTTP_SECURE_LINK),y) + ADDITIONAL_MODULES += --with-http_secure_link_module +endif TARGET_CFLAGS += -fvisibility=hidden -ffunction-sections -fdata-sections -DNGX_LUA_NO_BY_LUA_BLOCK TARGET_LDFLAGS += -Wl,--gc-sections From 90075956d2244304690fe6e3e85eb906b8cc4427 Mon Sep 17 00:00:00 2001 From: Val Kulkov Date: Wed, 24 May 2017 11:48:29 -0400 Subject: [PATCH 15/17] nginx: update to 1.12.0, the latest stable version This is a straightforward update to the latest stable version. Signed-off-by: Val Kulkov --- net/nginx/Makefile | 5 +++-- net/nginx/patches/102-sizeof_test_fix.patch | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/net/nginx/Makefile b/net/nginx/Makefile index 42f831ba0..58096185d 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -8,12 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx -PKG_VERSION:=1.10.3 +PKG_VERSION:=1.12.0 PKG_RELEASE:=1 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://nginx.org/download/ -PKG_MD5SUM:=204a20cb4f0b0c9db746c630d89ff4ea +PKG_HASH:=b4222e26fdb620a8d3c3a3a8b955e08b713672e1bc5198d1e4f462308a795b30 +PKG_MD5SUM:=995eb0a140455cf0cfc497e5bd7f94b3 PKG_MAINTAINER:=Thomas Heil PKG_LICENSE:=2-clause BSD-like license diff --git a/net/nginx/patches/102-sizeof_test_fix.patch b/net/nginx/patches/102-sizeof_test_fix.patch index 36d7aaff4..8a0e88200 100644 --- a/net/nginx/patches/102-sizeof_test_fix.patch +++ b/net/nginx/patches/102-sizeof_test_fix.patch @@ -10,7 +10,7 @@ + 'Y', '3', 'p', 'M', '\n' +}; + - int main() { + int main(void) { - printf("%d", (int) sizeof($ngx_type)); + printf("dummy use of object_code_block to avoid gc-section: %c", object_code_block[0]); return 0; From 5837dfeb11e88fc31cdce51925d5f168196a8adf Mon Sep 17 00:00:00 2001 From: Uwe Arnold Date: Sun, 13 Aug 2017 18:40:38 +0200 Subject: [PATCH 16/17] nginx: update to 1.12.1 Fixes: CVE-2017-7529 remove PKG_MD5SUM as it is deprecated Signed-off-by: Uwe Arnold --- net/nginx/Makefile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/net/nginx/Makefile b/net/nginx/Makefile index 58096185d..4624c1aa1 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -8,13 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx -PKG_VERSION:=1.12.0 +PKG_VERSION:=1.12.1 PKG_RELEASE:=1 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://nginx.org/download/ -PKG_HASH:=b4222e26fdb620a8d3c3a3a8b955e08b713672e1bc5198d1e4f462308a795b30 -PKG_MD5SUM:=995eb0a140455cf0cfc497e5bd7f94b3 +PKG_HASH:=8793bf426485a30f91021b6b945a9fd8a84d87d17b566562c3797aba8fac76fb PKG_MAINTAINER:=Thomas Heil PKG_LICENSE:=2-clause BSD-like license From 5db5399040b23387b70bf5788869e05d01885c4a Mon Sep 17 00:00:00 2001 From: Thomas Heil Date: Thu, 17 Aug 2017 01:05:46 +0200 Subject: [PATCH 17/17] nginx: update lua-nginx to cdd2ae921f67bf396c743406493127be496e57ce - fixes lua compilation issue Signed-off-by: Thomas Heil --- net/nginx/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/nginx/Makefile b/net/nginx/Makefile index 4624c1aa1..6552b4602 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -270,7 +270,7 @@ define Prepare/nginx-naxsi endef define Download/lua-nginx - VERSION:=1967998b0eedab1ff51bff8fafa5fc3db47976aa + VERSION:=cdd2ae921f67bf396c743406493127be496e57ce SUBDIR:=lua-nginx FILE:=lua-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz URL:=https://github.com/openresty/lua-nginx-module.git