From 8b5c2901c011d2195cfcdbc07ca4275b20c0dcd3 Mon Sep 17 00:00:00 2001 From: Ansuel Smith Date: Fri, 31 Jan 2020 23:06:46 +0100 Subject: [PATCH] nginx: backport master changes to 19.07 Currently luci is broken in 19.07. Changes done to fix this problem didn't merge in the 19.07 release. Signed-off-by: Ansuel Smith --- net/nginx/Config.in | 7 ++ net/nginx/Config_ssl.in | 7 ++ net/nginx/Makefile | 90 ++++++++++++------- .../files-luci-support/60_nginx-luci-support | 13 +++ net/nginx/files-luci-support/luci_nginx.conf | 9 +- .../files-luci-support/luci_nginx_ssl.conf | 11 +-- net/nginx/files-luci-support/luci_uwsgi.conf | 26 +++--- .../100-drop-libxslt-dep.patch | 14 +++ .../patches/201-ignore-invalid-options.patch | 2 +- 9 files changed, 122 insertions(+), 57 deletions(-) create mode 100644 net/nginx/patches-dav-nginx/100-drop-libxslt-dep.patch diff --git a/net/nginx/Config.in b/net/nginx/Config.in index 55c24ea7a..ccb5e240f 100644 --- a/net/nginx/Config.in +++ b/net/nginx/Config.in @@ -22,6 +22,13 @@ config NGINX_DAV Enable the HTTP and WebDAV methods PUT, DELETE, MKCOL, COPY and MOVE. default n +config NGINX_UBUS + bool + prompt "Enable UBUS module" + help + Enable UBUS api support directly from the server. + default y + config NGINX_FLV bool prompt "Enable FLV module" diff --git a/net/nginx/Config_ssl.in b/net/nginx/Config_ssl.in index f889cc3ec..050d71fe3 100644 --- a/net/nginx/Config_ssl.in +++ b/net/nginx/Config_ssl.in @@ -15,6 +15,13 @@ config NGINX_DAV Enable the HTTP and WebDAV methods PUT, DELETE, MKCOL, COPY and MOVE. default n +config NGINX_UBUS + bool + prompt "Enable UBUS module" + help + Enable UBUS api support directly from the server. + default y + config NGINX_FLV bool prompt "Enable FLV module" diff --git a/net/nginx/Makefile b/net/nginx/Makefile index 80a2eadb0..ff9624cbe 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -8,20 +8,18 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx -PKG_VERSION:=1.16.1 -PKG_RELEASE:=1 +PKG_VERSION:=1.17.7 +PKG_RELEASE:=2 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nginx.org/download/ -PKG_HASH:=f11c2a6dd1d3515736f0324857957db2de98be862461b5a542a3ac6188dbe32b +PKG_HASH:=b62756842807e5693b794e5d0ae289bd8ae5b098e66538b2a91eb80f25c591ff PKG_MAINTAINER:=Thomas Heil \ Ansuel Smith PKG_LICENSE:=2-clause BSD-like license PKG_CPE_ID:=cpe:/a:nginx:nginx -PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) - PKG_FIXUP:=autoreconf PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 @@ -30,6 +28,7 @@ PKG_CONFIG_DEPENDS := \ CONFIG_NGINX_SSL \ CONFIG_NGINX_DAV \ CONFIG_NGINX_FLV \ + CONFIG_NGINX_UBUS \ CONFIG_NGINX_STUB_STATUS \ CONFIG_NGINX_HTTP_CHARSET \ CONFIG_NGINX_HTTP_GZIP \ @@ -84,7 +83,8 @@ define Package/nginx/default TITLE:=Nginx web server URL:=http://nginx.org/ DEPENDS:=+NGINX_PCRE:libpcre +NGINX_SSL:libopenssl \ - +NGINX_HTTP_GZIP:zlib +NGINX_LUA:liblua +libpthread +NGINX_DAV:libexpat + +NGINX_HTTP_GZIP:zlib +NGINX_LUA:liblua +libpthread +NGINX_DAV:libxml2 \ + +NGINX_UBUS:libubus +NGINX_UBUS:libblobmsg-json +NGINX_UBUS:libjson-c endef define Package/nginx/description @@ -113,7 +113,8 @@ Package/nginx-ssl/description = $(Package/nginx/description) \ define Package/nginx-all-module $(Package/nginx/default) TITLE += with ALL module selected - DEPENDS:=+libpcre +libopenssl +zlib +liblua +libpthread +libexpat + DEPENDS:=+libpcre +libopenssl +zlib +liblua +libpthread +libxml2 \ + +libubus +libblobmsg-json +libjson-c VARIANT:=all-module PROVIDES:=nginx endef @@ -196,6 +197,8 @@ ifneq ($(BUILD_VARIANT),all-module) endif ifneq ($(CONFIG_NGINX_HTTP_UWSGI),y) ADDITIONAL_MODULES += --without-http_uwsgi_module + else + config_files += uwsgi_params endif ifneq ($(CONFIG_NGINX_HTTP_SCGI),y) ADDITIONAL_MODULES += --without-http_scgi_module @@ -255,6 +258,9 @@ ifneq ($(BUILD_VARIANT),all-module) ifeq ($(CONFIG_NGINX_DAV),y) ADDITIONAL_MODULES += --with-http_dav_module --add-module=$(PKG_BUILD_DIR)/nginx-dav-ext-module endif + ifeq ($(CONFIG_NGINX_UBUS),y) + ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-ubus-module + endif ifeq ($(CONFIG_NGINX_HTTP_AUTH_REQUEST),y) ADDITIONAL_MODULES += --with-http_auth_request_module endif @@ -299,6 +305,7 @@ else CONFIG_NGINX_NAXSI:=y CONFIG_NGINX_LUA:=y CONFIG_NGINX_DAV:=y + CONFIG_NGINX_UBUS:=y ADDITIONAL_MODULES += --with-http_ssl_module --add-module=$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_src \ --add-module=$(PKG_BUILD_DIR)/lua-nginx --with-ipv6 --with-http_stub_status_module --with-http_flv_module \ --with-http_dav_module --add-module=$(PKG_BUILD_DIR)/nginx-dav-ext-module \ @@ -306,7 +313,7 @@ else --with-http_secure_link_module --with-http_sub_module --add-module=$(PKG_BUILD_DIR)/nginx-headers-more \ --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module \ --add-module=$(PKG_BUILD_DIR)/nginx-brotli --add-module=$(PKG_BUILD_DIR)/nginx-rtmp \ - --add-module=$(PKG_BUILD_DIR)/nginx-ts + --add-module=$(PKG_BUILD_DIR)/nginx-ts --add-module=$(PKG_BUILD_DIR)/nginx-ubus-module config_files += koi-utf koi-win win-utf fastcgi_params endif @@ -317,7 +324,7 @@ define Package/nginx-mod-luci/default SUBMENU:=Web Servers/Proxies TITLE:=Support file for Nginx URL:=http://nginx.org/ - DEPENDS:=+uwsgi-cgi +uwsgi-cgi-luci-support + DEPENDS:=+uwsgi +uwsgi-luci-support endef define Package/nginx-mod-luci @@ -407,6 +414,7 @@ define Build/Prepare $(Prepare/nginx-rtmp) $(Prepare/nginx-ts) $(Prepare/nginx-dav-ext-module) + $(Prepare/nginx-ubus-module) endef @@ -414,34 +422,34 @@ ifeq ($(CONFIG_NGINX_HEADERS_MORE),y) define Download/nginx-headers-more VERSION:=a9f7c7e86cc7441d04e2f11f01c2e3a9c4b0301d SUBDIR:=nginx-headers-more - FILE:=headers-more-nginx-module-$$(VERSION).tar.gz + FILE:=headers-more-nginx-module-$$(VERSION).tar.xz URL:=https://github.com/openresty/headers-more-nginx-module.git - MIRROR_HASH:=432609015719aaa7241e5166c7cda427acbe004f725887f78ef629d51bd9cb3f + MIRROR_HASH:=ce0b9996ecb2cff790831644d6ab1adc087aa2771d77d3931c06246d11bc59fd PROTO:=git endef $(eval $(call Download,nginx-headers-more)) define Prepare/nginx-headers-more $(eval $(Download/nginx-headers-more)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) endef endif ifeq ($(CONFIG_NGINX_HTTP_BROTLI),y) define Download/nginx-brotli - VERSION:=e26248ee361c04e25f581b92b85d95681bdffb39 + VERSION:=dc37f658ccb5a51d090dc09d1a2aca2f24309869 SUBDIR:=nginx-brotli - FILE:=ngx-brotli-module-$$(VERSION).tar.gz + FILE:=ngx-brotli-module-$$(VERSION).tar.xz URL:=https://github.com/eustas/ngx_brotli.git - MIRROR_HASH:=76b891ba49f82f0cfbc9cba875646e26ee986b522373e0aa2698a9923a4adcdb + MIRROR_HASH:=6bc0c40ff24f6e0ac616dfddc803bdc7fcf54764ba9dc4f9cecb3a68beedcdaf PROTO:=git endef $(eval $(call Download,nginx-brotli)) define Prepare/nginx-brotli $(eval $(Download/nginx-brotli)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) endef endif @@ -450,16 +458,16 @@ ifeq ($(CONFIG_NGINX_RTMP_MODULE),y) define Download/nginx-rtmp VERSION:=f0ea62342a4eca504b311cd5df910d026c3ea4cf SUBDIR:=nginx-rtmp - FILE:=ngx-rtmp-module-$$(VERSION).tar.gz + FILE:=ngx-rtmp-module-$$(VERSION).tar.xz URL:=https://github.com/ut0mt8/nginx-rtmp-module.git - MIRROR_HASH:=9ba7625718d21f658c4878729271832a07bd989165f1d1c720b3a9b54cf738cc + MIRROR_HASH:=d3f58066f0f858ed79f7f2b0c9b89de2ccc512c94ab3d0625f6dcff3df0b72c1 PROTO:=git endef $(eval $(call Download,nginx-rtmp)) define Prepare/nginx-rtmp $(eval $(Download/nginx-rtmp)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) endef endif @@ -468,16 +476,16 @@ ifeq ($(CONFIG_NGINX_TS_MODULE),y) define Download/nginx-ts VERSION:=ef2f874d95cc75747eb625a292524a702aefb0fd SUBDIR:=nginx-ts - FILE:=ngx-ts-module-$$(VERSION).tar.gz + FILE:=ngx-ts-module-$$(VERSION).tar.xz URL:=https://github.com/arut/nginx-ts-module.git - MIRROR_HASH:=31ecc9968b928886b54884138eafe2fa747648bca5094d4c3132e8ae9509d1d3 + MIRROR_HASH:=73938950bb286d40d9e54b0994d1a63827340c1156c72eb04d7041b25b20ec18 PROTO:=git endef $(eval $(call Download,nginx-ts)) define Prepare/nginx-ts $(eval $(Download/nginx-ts)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) endef endif @@ -486,16 +494,16 @@ ifeq ($(CONFIG_NGINX_NAXSI),y) define Download/nginx-naxsi VERSION:=951123ad456bdf5ac94e8d8819342fe3d49bc002 SUBDIR:=nginx-naxsi - FILE:=nginx-naxsi-module-$$(VERSION).tar.gz + FILE:=nginx-naxsi-module-$$(VERSION).tar.xz URL:=https://github.com/nbs-system/naxsi.git - MIRROR_HASH:=7ab791f2ff38096f48013141bbfe20ba213d5e04dcac08ca82e0cac07d5c30f0 + MIRROR_HASH:=c734cae19a596affadd62a2df1b58d3df8d1364093a4e80a7cd1ab4555963535 PROTO:=git endef $(eval $(call Download,nginx-naxsi)) define Prepare/nginx-naxsi $(eval $(Download/nginx-naxsi)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) endef endif @@ -504,16 +512,16 @@ ifeq ($(CONFIG_NGINX_LUA),y) define Download/lua-nginx VERSION:=e94f2e5d64daa45ff396e262d8dab8e56f5f10e0 SUBDIR:=lua-nginx - FILE:=lua-nginx-module-$$(VERSION).tar.gz + FILE:=lua-nginx-module-$$(VERSION).tar.xz URL:=https://github.com/openresty/lua-nginx-module.git - MIRROR_HASH:=ae439f9a8b3c34d7240735b844db72ee721af4791bbaff5692bca20e6785f541 + MIRROR_HASH:=27729921964f066d97e99c263da153b34622a2f4b811114e4c3ee61c6fc71395 PROTO:=git endef $(eval $(call Download,lua-nginx)) define Prepare/lua-nginx $(eval $(Download/lua-nginx)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) $(call PatchDir,$(PKG_BUILD_DIR),./patches-lua-nginx) endef endif @@ -521,18 +529,36 @@ endif ifeq ($(CONFIG_NGINX_DAV),y) define Download/nginx-dav-ext-module - VERSION:=430fd774fe838a04f1a5defbf1dd571d42300cf9 + VERSION:=f5e30888a256136d9c550bf1ada77d6ea78a48af SUBDIR:=nginx-dav-ext-module - FILE:=nginx-dav-ext-module-$$(VERSION).tar.gz + FILE:=nginx-dav-ext-module-$$(VERSION).tar.xz URL:=https://github.com/arut/nginx-dav-ext-module.git - MIRROR_HASH:=0566053a8756423ecab455fd9d218cec1e017598fcbb3d6415a06f816851611e + MIRROR_HASH:=70bb4c3907f4b783605500ba494e907aede11f8505702e370012abb3c177dc5b PROTO:=git endef $(eval $(call Download,nginx-dav-ext-module)) define Prepare/nginx-dav-ext-module $(eval $(Download/nginx-dav-ext-module)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + $(call PatchDir,$(PKG_BUILD_DIR),./patches-dav-nginx) + endef +endif + +ifeq ($(CONFIG_NGINX_UBUS),y) + define Download/nginx-ubus-module + VERSION:=f30b0167a2cdb40f23bd90928d601bdb0c1b8fad + SUBDIR:=nginx-ubus-module + FILE:=nginx-ubus-module-$$(VERSION).tar.xz + URL:=https://github.com/Ansuel/nginx-ubus-module.git + MIRROR_HASH:=02c7d4b0df7f4b69605e71b0fefdc99b5a9470c68cad7ccfb31ebefe4e7e0704 + PROTO:=git + endef + $(eval $(call Download,nginx-ubus-module)) + + define Prepare/nginx-ubus-module + $(eval $(Download/nginx-ubus-module)) + xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) endef endif diff --git a/net/nginx/files-luci-support/60_nginx-luci-support b/net/nginx/files-luci-support/60_nginx-luci-support index dd076d260..b682a832e 100644 --- a/net/nginx/files-luci-support/60_nginx-luci-support +++ b/net/nginx/files-luci-support/60_nginx-luci-support @@ -25,4 +25,17 @@ if [ -f "/etc/nginx/luci_nginx.conf" ] && [ -f "/etc/nginx/nginx.conf" ]; then fi fi +if nginx -V 2>&1 | grep -q ubus; then + if [ -z "$(cat /etc/nginx/luci_uwsgi.conf | grep ubus)" ]; then + cat <> /etc/nginx/luci_uwsgi.conf + +location /ubus { + ubus_interpreter; + ubus_socket_path /var/run/ubus.sock; + ubus_parallel_req 2; +} +EOT + fi +fi + exit 0 diff --git a/net/nginx/files-luci-support/luci_nginx.conf b/net/nginx/files-luci-support/luci_nginx.conf index 31af664a2..75f0f78a6 100644 --- a/net/nginx/files-luci-support/luci_nginx.conf +++ b/net/nginx/files-luci-support/luci_nginx.conf @@ -1,5 +1,5 @@ -user nobody nogroup; +user root; worker_processes 1; #error_log logs/error.log; @@ -20,7 +20,7 @@ http { sendfile on; keepalive_timeout 0; - + client_body_buffer_size 10K; client_header_buffer_size 1k; client_max_body_size 1G; @@ -31,14 +31,15 @@ http { gzip_vary on; gzip_comp_level 1; gzip_proxied any; - + gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml; + root /www; server { listen 80 default_server; listen [::]:80 default_server; server_name localhost; - + location ~* .(jpg|jpeg|png|gif|ico|css|js)$ { expires 365d; } diff --git a/net/nginx/files-luci-support/luci_nginx_ssl.conf b/net/nginx/files-luci-support/luci_nginx_ssl.conf index 318453b54..db33e554c 100644 --- a/net/nginx/files-luci-support/luci_nginx_ssl.conf +++ b/net/nginx/files-luci-support/luci_nginx_ssl.conf @@ -20,7 +20,7 @@ http { sendfile on; keepalive_timeout 0; - + client_body_buffer_size 10K; client_header_buffer_size 1k; client_max_body_size 1G; @@ -31,9 +31,10 @@ http { gzip_vary on; gzip_comp_level 1; gzip_proxied any; - + gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml; + root /www; - + server { listen 80 default_server; listen [::]:80 default_server; @@ -45,7 +46,7 @@ http { listen 443 ssl default_server; listen [::]:443 ssl default_server; server_name localhost; - + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:DHE+AESGCM:DHE:!RSA!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!SEED"; @@ -53,7 +54,7 @@ http { ssl_certificate /etc/nginx/nginx.cer; ssl_certificate_key /etc/nginx/nginx.key; - + location ~* .(jpg|jpeg|png|gif|ico|css|js)$ { expires 365d; } diff --git a/net/nginx/files-luci-support/luci_uwsgi.conf b/net/nginx/files-luci-support/luci_uwsgi.conf index 6211db74a..3ea3de914 100644 --- a/net/nginx/files-luci-support/luci_uwsgi.conf +++ b/net/nginx/files-luci-support/luci_uwsgi.conf @@ -1,19 +1,15 @@ location /cgi-bin/luci { - index index.html; - uwsgi_param QUERY_STRING $query_string; - uwsgi_param REQUEST_METHOD $request_method; - uwsgi_param CONTENT_TYPE $content_type; - uwsgi_param CONTENT_LENGTH $content_length if_not_empty; - uwsgi_param REQUEST_URI $request_uri; - uwsgi_param PATH_INFO $document_uri; - uwsgi_param SERVER_PROTOCOL $server_protocol; - uwsgi_param REMOTE_ADDR $remote_addr; - uwsgi_param REMOTE_PORT $remote_port; - uwsgi_param SERVER_ADDR $server_addr; - uwsgi_param SERVER_PORT $server_port; - uwsgi_param SERVER_NAME $server_name; - uwsgi_modifier1 9; - uwsgi_pass unix:////var/run/uwsgi.sock; + index index.html; + include uwsgi_params; + uwsgi_param SERVER_ADDR $server_addr; + uwsgi_modifier1 9; + uwsgi_pass unix:////var/run/luci-webui.socket; +} +location ~ /cgi-bin/cgi-(backup|download|upload|exec) { + include uwsgi_params; + uwsgi_param SERVER_ADDR $server_addr; + uwsgi_modifier1 9; + uwsgi_pass unix:////var/run/luci-cgi_io.socket; } location /luci-static { diff --git a/net/nginx/patches-dav-nginx/100-drop-libxslt-dep.patch b/net/nginx/patches-dav-nginx/100-drop-libxslt-dep.patch new file mode 100644 index 000000000..c5941f422 --- /dev/null +++ b/net/nginx/patches-dav-nginx/100-drop-libxslt-dep.patch @@ -0,0 +1,14 @@ +--- a/nginx-dav-ext-module/config 2018-12-17 08:45:12.000000000 +0000 ++++ b/nginx-dav-ext-module/config 2019-10-11 13:49:41.446919258 +0000 +@@ -8,9 +8,8 @@ ngx_module_name=ngx_http_dav_ext_module + # building nginx with the xslt module, in which case libxslt will + # be linked anyway. In other cases libxslt is just redundant. + # If that's a big deal, libxml2 can be linked directly: +-# ngx_module_libs=-lxml2 ++ngx_module_libs=-lxml2 ++ngx_module_incs=$(pkg-config --cflags-only-I libxml-2.0 | sed 's/^-I//') + +-ngx_module_libs=LIBXSLT +- + ngx_module_srcs="$ngx_addon_dir/ngx_http_dav_ext_module.c" + diff --git a/net/nginx/patches/201-ignore-invalid-options.patch b/net/nginx/patches/201-ignore-invalid-options.patch index 28be2fb71..88b521353 100644 --- a/net/nginx/patches/201-ignore-invalid-options.patch +++ b/net/nginx/patches/201-ignore-invalid-options.patch @@ -1,6 +1,6 @@ --- a/auto/options +++ b/auto/options -@@ -397,8 +397,7 @@ $0: warning: the \"--with-sha1-asm\" opt +@@ -396,8 +396,7 @@ $0: warning: the \"--with-sha1-asm\" opt --test-build-solaris-sendfilev) NGX_TEST_BUILD_SOLARIS_SENDFILEV=YES ;; *)