commit 85c83fb72125671b48a4a4111a32d188f1318053 Author: Nicolas Massé Date: Sun Apr 19 10:35:46 2020 +0200 nginx with tls, lua and stream support diff --git a/nginx-tls/Config.in b/nginx-tls/Config.in new file mode 100644 index 0000000..cb88c67 --- /dev/null +++ b/nginx-tls/Config.in @@ -0,0 +1,212 @@ +# +# Copyright (C) 2010-2016 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +menu "Configuration" + depends on PACKAGE_nginx-tls + +config NGINX_STREAM + bool + prompt "Enable Stream support" + help + Enable Stream support. + default y + +config NGINX_SSL + bool + prompt "Enable SSL module" + help + Enable HTTPS/SSL support. + default y + +config NGINX_DAV + bool + prompt "Enable WebDAV module" + help + Enable the HTTP and WebDAV methods PUT, DELETE, MKCOL, COPY and MOVE. + default n + +config NGINX_FLV + bool + prompt "Enable FLV module" + help + Provides the ability to seek within FLV (Flash) files using time-based offsets. + default n + +config NGINX_STUB_STATUS + bool + prompt "Enable stub status module" + help + Enable the stub status module which gives some status from the server. + default n + +config NGINX_HTTP_CHARSET + bool + prompt "Enable HTTP charset module" + default y + +config NGINX_HTTP_GZIP + bool + prompt "Enable HTTP gzip module" + default y + +config NGINX_HTTP_SSI + bool + prompt "Enable HTTP ssi module" + default y + +config NGINX_HTTP_USERID + bool + prompt "Enable HTTP userid module" + default y + +config NGINX_HTTP_ACCESS + bool + prompt "Enable HTTP access module" + default y + +config NGINX_HTTP_AUTH_BASIC + bool + prompt "Enable HTTP auth basic" + default y + +config NGINX_HTTP_AUTH_REQUEST + bool + prompt "Enable HTTP auth request module" + default n + +config NGINX_HTTP_AUTOINDEX + bool + prompt "Enable HTTP autoindex module" + default y + +config NGINX_HTTP_GEO + bool + prompt "Enable HTTP geo module" + default y + +config NGINX_HTTP_MAP + bool + prompt "Enable HTTP map module" + default y + +config NGINX_HTTP_SPLIT_CLIENTS + bool + prompt "Enable HTTP split clients" + default y + +config NGINX_HTTP_REFERER + bool + prompt "Enable HTTP referer module" + default y + +config NGINX_HTTP_REWRITE + bool + prompt "Enable HTTP rewrite module" + select NGINX_PCRE + default y + +config NGINX_HTTP_PROXY + bool + prompt "Enable HTTP proxy module" + default y + +config NGINX_HTTP_FASTCGI + bool + prompt "Enable HTTP fastcgi module" + default y + +config NGINX_HTTP_UWSGI + bool + prompt "Enable HTTP uwsgi module" + default y + +config NGINX_HTTP_SCGI + bool + prompt "Enable HTTP scgi module" + default y + +config NGINX_HTTP_MEMCACHED + bool + prompt "Enable HTTP memcached module" + default y + +config NGINX_HTTP_LIMIT_CONN + bool + prompt "Enable HTTP limit conn" + default y + +config NGINX_HTTP_LIMIT_REQ + bool + prompt "Enable HTTP limit req" + default y + +config NGINX_HTTP_EMPTY_GIF + bool + prompt "Enable HTTP empty gif" + default y + +config NGINX_HTTP_BROWSER + bool + prompt "Enable HTTP browser module" + default y + +config NGINX_HTTP_UPSTREAM_HASH + bool + prompt "Enable HTTP hash module" + default y + +config NGINX_HTTP_UPSTREAM_IP_HASH + bool + prompt "Enable HTTP IP hash module" + default y + +config NGINX_HTTP_UPSTREAM_LEAST_CONN + bool + prompt "Enable HTTP least conn module" + default y + +config NGINX_HTTP_UPSTREAM_KEEPALIVE + bool + prompt "Enable HTTP keepalive module" + default y + +config NGINX_HTTP_CACHE + bool + prompt "Enable HTTP cache" + default y + +config NGINX_HTTP_V2 + bool + prompt "Enable HTTP_V2 module" + default y + +config NGINX_PCRE + bool + prompt "Enable PCRE library usage" + default y + +config NGINX_NAXSI + bool + prompt "Enable NAXSI module" + default y + +config NGINX_LUA + bool + prompt "Enable Lua module" + default y + +config NGINX_HTTP_REAL_IP + bool + prompt "Enable HTTP real ip module" + default n + +config NGINX_HTTP_SECURE_LINK + bool + prompt "Enable HTTP secure link module" + default n + +endmenu diff --git a/nginx-tls/Makefile b/nginx-tls/Makefile new file mode 100644 index 0000000..5884986 --- /dev/null +++ b/nginx-tls/Makefile @@ -0,0 +1,294 @@ +# +# Copyright (C) 2012-2016 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=nginx-tls +PKG_VERSION:=1.12.2 +PKG_RELEASE:=1 + +PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=http://nginx.org/download/ +PKG_HASH:=305f379da1d5fb5aefa79e45c829852ca6983c7cd2a79328f8e084a324cf0416 +PKG_MAINTAINER:=Thomas Heil +PKG_LICENSE:=2-clause BSD-like license + +PKG_BUILD_DIR:=$(BUILD_DIR)/nginx-$(PKG_VERSION) + +PKG_BUILD_PARALLEL:=1 +PKG_INSTALL:=1 + +PKG_CONFIG_DEPENDS := \ + CONFIG_NGINX_SSL \ + CONFIG_NGINX_DAV \ + CONFIG_NGINX_FLV \ + CONFIG_NGINX_STUB_STATUS \ + CONFIG_NGINX_HTTP_CHARSET \ + CONFIG_NGINX_HTTP_GZIP \ + CONFIG_NGINX_HTTP_SSI \ + CONFIG_NGINX_HTTP_USERID \ + CONFIG_NGINX_HTTP_ACCESS \ + CONFIG_NGINX_HTTP_AUTH_BASIC \ + CONFIG_NGINX_HTTP_AUTH_REQUEST \ + CONFIG_NGINX_HTTP_AUTOINDEX \ + CONFIG_NGINX_HTTP_GEO \ + CONFIG_NGINX_HTTP_MAP \ + CONFIG_NGINX_HTTP_SPLIT_CLIENTS \ + CONFIG_NGINX_HTTP_REFERER \ + CONFIG_NGINX_HTTP_REWRITE \ + CONFIG_NGINX_HTTP_PROXY \ + CONFIG_NGINX_HTTP_FASTCGI \ + CONFIG_NGINX_HTTP_UWSGI \ + CONFIG_NGINX_HTTP_SCGI \ + CONFIG_NGINX_HTTP_MEMCACHED \ + CONFIG_NGINX_HTTP_LIMIT_CONN \ + CONFIG_NGINX_HTTP_LIMIT_REQ \ + CONFIG_NGINX_HTTP_EMPTY_GIF \ + CONFIG_NGINX_HTTP_BROWSER \ + CONFIG_NGINX_HTTP_UPSTREAM_HASH \ + CONFIG_NGINX_HTTP_UPSTREAM_IP_HASH \ + CONFIG_NGINX_HTTP_UPSTREAM_LEAST_CONN \ + CONFIG_NGINX_HTTP_UPSTREAM_KEEPALIVE \ + CONFIG_NGINX_HTTP_UPSTREAM_ZONE \ + CONFIG_NGINX_HTTP_CACHE \ + CONFIG_NGINX_HTTP_V2 \ + CONFIG_NGINX_PCRE \ + CONFIG_NGINX_NAXSI \ + CONFIG_NGINX_LUA \ + CONFIG_NGINX_HTTP_REAL_IP \ + CONFIG_NGINX_HTTP_SECURE_LINK \ + CONFIG_NGINX_STREAM + +include $(INCLUDE_DIR)/package.mk + +define Package/nginx-tls + SECTION:=net + CATEGORY:=Network + SUBMENU:=Web Servers/Proxies + TITLE:=Nginx web server + URL:=http://nginx.org/ + DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +NGINX_LUA:liblua +libpthread + MENU:=1 +endef + +define Package/nginx-tls/description + nginx is an HTTP and reverse proxy server, as well as a mail proxy server, + written by Igor Sysoev. +endef + +define Package/nginx-tls/config + source "$(SOURCE)/Config.in" +endef + +config_files=nginx.conf mime.types + +define Package/nginx-tls/conffiles +/etc/nginx/ +endef + +ADDITIONAL_MODULES:= +ifeq ($(CONFIG_NGINX_NAXSI),y) + ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_src +endif +ifeq ($(CONFIG_NGINX_LUA),y) + ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/lua-nginx +endif +ifeq ($(CONFIG_IPV6),y) + ADDITIONAL_MODULES += --with-ipv6 +endif +ifeq ($(CONFIG_NGINX_STUB_STATUS),y) + ADDITIONAL_MODULES += --with-http_stub_status_module +endif +ifeq ($(CONFIG_NGINX_FLV),y) + ADDITIONAL_MODULES += --with-http_flv_module +endif +ifeq ($(CONFIG_NGINX_SSL),y) + ADDITIONAL_MODULES += --with-http_ssl_module +endif +ifeq ($(CONFIG_NGINX_DAV),y) + ADDITIONAL_MODULES += --with-http_dav_module +endif +ifneq ($(CONFIG_NGINX_HTTP_CACHE),y) + ADDITIONAL_MODULES += --without-http-cache +endif +ifneq ($(CONFIG_NGINX_PCRE),y) + ADDITIONAL_MODULES += --without-pcre +endif +ifneq ($(CONFIG_NGINX_HTTP_CHARSET),y) + ADDITIONAL_MODULES += --without-http_charset_module +else + config_files += koi-utf koi-win win-utf +endif +ifneq ($(CONFIG_NGINX_HTTP_GZIP),y) + ADDITIONAL_MODULES += --without-http_gzip_module +endif +ifneq ($(CONFIG_NGINX_HTTP_SSI),y) + ADDITIONAL_MODULES += --without-http_ssi_module +endif +ifneq ($(CONFIG_NGINX_HTTP_USERID),y) + ADDITIONAL_MODULES += --without-http_userid_module +endif +ifneq ($(CONFIG_NGINX_HTTP_ACCESS),y) + ADDITIONAL_MODULES += --without-http_access_module +endif +ifneq ($(CONFIG_NGINX_HTTP_AUTH_BASIC),y) + ADDITIONAL_MODULES += --without-http_auth_basic_module +endif +ifeq ($(CONFIG_NGINX_HTTP_AUTH_REQUEST),y) + ADDITIONAL_MODULES += --with-http_auth_request_module +endif +ifneq ($(CONFIG_NGINX_HTTP_AUTOINDEX),y) + ADDITIONAL_MODULES += --without-http_autoindex_module +endif +ifneq ($(CONFIG_NGINX_HTTP_GEO),y) + ADDITIONAL_MODULES += --without-http_geo_module +endif +ifneq ($(CONFIG_NGINX_HTTP_MAP),y) + ADDITIONAL_MODULES += --without-http_map_module +endif +ifneq ($(CONFIG_NGINX_HTTP_SPLIT_CLIENTS),y) + ADDITIONAL_MODULES += --without-http_split_clients_module +endif +ifneq ($(CONFIG_NGINX_HTTP_REFERER),y) + ADDITIONAL_MODULES += --without-http_referer_module +endif +ifneq ($(CONFIG_NGINX_HTTP_REWRITE),y) + ADDITIONAL_MODULES += --without-http_rewrite_module +endif +ifneq ($(CONFIG_NGINX_HTTP_PROXY),y) + ADDITIONAL_MODULES += --without-http_proxy_module +endif +ifneq ($(CONFIG_NGINX_HTTP_FASTCGI),y) + ADDITIONAL_MODULES += --without-http_fastcgi_module +else + config_files += fastcgi_params +endif +ifneq ($(CONFIG_NGINX_HTTP_UWSGI),y) + ADDITIONAL_MODULES += --without-http_uwsgi_module +endif +ifneq ($(CONFIG_NGINX_HTTP_SCGI),y) + ADDITIONAL_MODULES += --without-http_scgi_module +endif +ifneq ($(CONFIG_NGINX_HTTP_MEMCACHED),y) + ADDITIONAL_MODULES += --without-http_memcached_module +endif +ifneq ($(CONFIG_NGINX_HTTP_LIMIT_CONN),y) + ADDITIONAL_MODULES += --without-http_limit_conn_module +endif +ifneq ($(CONFIG_NGINX_HTTP_LIMIT_REQ),y) + ADDITIONAL_MODULES += --without-http_limit_req_module +endif +ifneq ($(CONFIG_NGINX_HTTP_EMPTY_GIF),y) + ADDITIONAL_MODULES += --without-http_empty_gif_module +endif +ifneq ($(CONFIG_NGINX_HTTP_BROWSER),y) + ADDITIONAL_MODULES += --without-http_browser_module +endif +ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_HASH),y) + ADDITIONAL_MODULES += --without-http_upstream_hash_module +endif +ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_IP_HASH),y) + ADDITIONAL_MODULES += --without-http_upstream_ip_hash_module +endif +ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_LEAST_CONN),y) + ADDITIONAL_MODULES += --without-http_upstream_least_conn_module +endif +ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_KEEPALIVE),y) + ADDITIONAL_MODULES += --without-http_upstream_keepalive_module +endif +ifeq ($(CONFIG_NGINX_HTTP_V2),y) + ADDITIONAL_MODULES += --with-http_v2_module +endif +ifeq ($(CONFIG_NGINX_HTTP_REAL_IP),y) + ADDITIONAL_MODULES += --with-http_realip_module +endif +ifeq ($(CONFIG_NGINX_HTTP_SECURE_LINK),y) + ADDITIONAL_MODULES += --with-http_secure_link_module +endif +ifeq ($(CONFIG_NGINX_STREAM),y) + ADDITIONAL_MODULES += --with-stream +ifeq ($(CONFIG_NGINX_SSL),y) + ADDITIONAL_MODULES += --with-stream_ssl_module + ADDITIONAL_MODULES += --with-stream_ssl_preread_module +endif +endif + +TARGET_CFLAGS += -fvisibility=hidden -ffunction-sections -fdata-sections -DNGX_LUA_NO_BY_LUA_BLOCK +TARGET_LDFLAGS += -Wl,--gc-sections + +define Build/Configure + ( cd $(PKG_BUILD_DIR) ; \ + $(if $(CONFIG_NGINX_LUA),LUA_INC=$(STAGING_DIR)/usr/include LUA_LIB=$(STAGING_DIR)/usr/lib) \ + ./configure \ + --crossbuild=Linux::$(ARCH) \ + --prefix=/usr \ + --conf-path=/etc/nginx/nginx.conf \ + $(ADDITIONAL_MODULES) \ + --error-log-path=/var/log/nginx/error.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/lock/nginx.lock \ + --http-log-path=/var/log/nginx/access.log \ + --http-client-body-temp-path=/var/lib/nginx/body \ + --http-proxy-temp-path=/var/lib/nginx/proxy \ + --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ + --with-cc="$(TARGET_CC)" \ + --with-cc-opt="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \ + --with-ld-opt="$(TARGET_LDFLAGS)" \ + --without-http_upstream_zone_module \ + ) +endef + +define Package/nginx-tls/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/nginx $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/etc/nginx + $(INSTALL_DATA) $(addprefix $(PKG_INSTALL_DIR)/etc/nginx/,$(config_files)) $(1)/etc/nginx/ + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/nginx.init $(1)/etc/init.d/nginx +ifeq ($(CONFIG_NGINX_NAXSI),y) + $(INSTALL_DIR) $(1)/etc/nginx + $(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-naxsi/naxsi_config/naxsi_core.rules $(1)/etc/nginx + chmod 0640 $(1)/etc/nginx/naxsi_core.rules +endif + $(if $(CONFIG_NGINX_NAXSI),$($(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-naxsi/naxsi_config/naxsi_core.rules $(1)/etc/nginx)) + $(if $(CONFIG_NGINX_NAXSI),$(chmod 0640 $(1)/etc/nginx/naxsi_core.rules)) +endef + +define Build/Prepare + $(call Build/Prepare/Default) + $(if $(CONFIG_NGINX_NAXSI),$(call Prepare/nginx-naxsi)) + $(if $(CONFIG_NGINX_LUA),$(call Prepare/lua-nginx)) +endef + +define Download/nginx-naxsi + VERSION:=cf73f9c8664127252c2a4958d2e169516d3845a1 + SUBDIR:=nginx-naxsi + FILE:=nginx-naxsi-module-$(PKG_VERSION)-$$(VERSION).tar.gz + URL:=https://github.com/nbs-system/naxsi.git + PROTO:=git +endef + +define Prepare/nginx-naxsi + $(eval $(call Download,nginx-naxsi)) + gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) +endef + +define Download/lua-nginx + VERSION:=cdd2ae921f67bf396c743406493127be496e57ce + SUBDIR:=lua-nginx + FILE:=lua-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz + URL:=https://github.com/openresty/lua-nginx-module.git + PROTO:=git +endef + +define Prepare/lua-nginx + $(eval $(call Download,lua-nginx)) + gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + $(call PatchDir,$(PKG_BUILD_DIR),./patches-lua-nginx) +endef + +$(eval $(call BuildPackage,nginx-tls)) diff --git a/nginx-tls/files/nginx.init b/nginx-tls/files/nginx.init new file mode 100644 index 0000000..40d3897 --- /dev/null +++ b/nginx-tls/files/nginx.init @@ -0,0 +1,17 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2015 OpenWrt.org + +START=80 + +USE_PROCD=1 + +start_service() { + [ -d /var/log/nginx ] || mkdir -p /var/log/nginx + [ -d /var/lib/nginx ] || mkdir -p /var/lib/nginx + + procd_open_instance + procd_set_param command /usr/sbin/nginx -c /etc/nginx/nginx.conf -g 'daemon off;' + procd_set_param file /etc/nginx/nginx.conf + procd_set_param respawn + procd_close_instance +} diff --git a/nginx-tls/patches-lua-nginx/100-no_by_lua_block.patch b/nginx-tls/patches-lua-nginx/100-no_by_lua_block.patch new file mode 100644 index 0000000..fef983f --- /dev/null +++ b/nginx-tls/patches-lua-nginx/100-no_by_lua_block.patch @@ -0,0 +1,195 @@ +--- a/lua-nginx/src/ngx_http_lua_module.c ++++ b/lua-nginx/src/ngx_http_lua_module.c +@@ -157,14 +157,14 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_lua_loc_conf_t, log_socket_errors), + NULL }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + { ngx_string("init_by_lua_block"), + NGX_HTTP_MAIN_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS, + ngx_http_lua_init_by_lua_block, + NGX_HTTP_MAIN_CONF_OFFSET, + 0, + (void *) ngx_http_lua_init_by_inline }, +- ++#endif + { ngx_string("init_by_lua"), + NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1, + ngx_http_lua_init_by_lua, +@@ -178,14 +178,14 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_MAIN_CONF_OFFSET, + 0, + (void *) ngx_http_lua_init_by_file }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + { ngx_string("init_worker_by_lua_block"), + NGX_HTTP_MAIN_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS, + ngx_http_lua_init_worker_by_lua_block, + NGX_HTTP_MAIN_CONF_OFFSET, + 0, + (void *) ngx_http_lua_init_worker_by_inline }, +- ++#endif + { ngx_string("init_worker_by_lua"), + NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1, + ngx_http_lua_init_worker_by_lua, +@@ -201,6 +201,7 @@ static ngx_command_t ngx_http_lua_cmds[] + (void *) ngx_http_lua_init_worker_by_file }, + + #if defined(NDK) && NDK ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + /* set_by_lua $res { inline Lua code } [$arg1 [$arg2 [...]]] */ + { ngx_string("set_by_lua_block"), + NGX_HTTP_SRV_CONF|NGX_HTTP_SIF_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -209,7 +210,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_filter_set_by_lua_inline }, +- ++#endif + /* set_by_lua $res [$arg1 [$arg2 [...]]] */ + { ngx_string("set_by_lua"), + NGX_HTTP_SRV_CONF|NGX_HTTP_SIF_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -237,7 +238,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_rewrite_handler_inline }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + /* rewrite_by_lua_block { } */ + { ngx_string("rewrite_by_lua_block"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -246,7 +247,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_rewrite_handler_inline }, +- ++#endif + /* access_by_lua "" */ + { ngx_string("access_by_lua"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -255,7 +256,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_access_handler_inline }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + /* access_by_lua_block { } */ + { ngx_string("access_by_lua_block"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -264,7 +265,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_access_handler_inline }, +- ++#endif + /* content_by_lua "" */ + { ngx_string("content_by_lua"), + NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF|NGX_CONF_TAKE1, +@@ -272,7 +273,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_content_handler_inline }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + /* content_by_lua_block { } */ + { ngx_string("content_by_lua_block"), + NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS, +@@ -280,7 +281,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_content_handler_inline }, +- ++#endif + /* log_by_lua */ + { ngx_string("log_by_lua"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -289,7 +290,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_log_handler_inline }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + /* log_by_lua_block { } */ + { ngx_string("log_by_lua_block"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -298,7 +299,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_log_handler_inline }, +- ++#endif + { ngx_string("rewrite_by_lua_file"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF + |NGX_CONF_TAKE1, +@@ -353,7 +354,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_header_filter_inline }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + /* header_filter_by_lua_block { } */ + { ngx_string("header_filter_by_lua_block"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -362,7 +363,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_header_filter_inline }, +- ++#endif + { ngx_string("header_filter_by_lua_file"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF + |NGX_CONF_TAKE1, +@@ -378,7 +379,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_body_filter_inline }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + /* body_filter_by_lua_block { } */ + { ngx_string("body_filter_by_lua_block"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF +@@ -387,7 +388,7 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_body_filter_inline }, +- ++#endif + { ngx_string("body_filter_by_lua_file"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF + |NGX_CONF_TAKE1, +@@ -395,14 +396,14 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + 0, + (void *) ngx_http_lua_body_filter_file }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + { ngx_string("balancer_by_lua_block"), + NGX_HTTP_UPS_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS, + ngx_http_lua_balancer_by_lua_block, + NGX_HTTP_SRV_CONF_OFFSET, + 0, + (void *) ngx_http_lua_balancer_handler_inline }, +- ++#endif + { ngx_string("balancer_by_lua_file"), + NGX_HTTP_UPS_CONF|NGX_CONF_TAKE1, + ngx_http_lua_balancer_by_lua, +@@ -509,14 +510,14 @@ static ngx_command_t ngx_http_lua_cmds[] + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_lua_loc_conf_t, ssl_ciphers), + NULL }, +- ++#ifndef NGX_LUA_NO_BY_LUA_BLOCK + { ngx_string("ssl_certificate_by_lua_block"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS, + ngx_http_lua_ssl_cert_by_lua_block, + NGX_HTTP_SRV_CONF_OFFSET, + 0, + (void *) ngx_http_lua_ssl_cert_handler_inline }, +- ++#endif + { ngx_string("ssl_certificate_by_lua_file"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, + ngx_http_lua_ssl_cert_by_lua, diff --git a/nginx-tls/patches/101-feature_test_fix.patch b/nginx-tls/patches/101-feature_test_fix.patch new file mode 100644 index 0000000..2c692bc --- /dev/null +++ b/nginx-tls/patches/101-feature_test_fix.patch @@ -0,0 +1,107 @@ +--- a/auto/cc/name ++++ b/auto/cc/name +@@ -7,7 +7,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then + + ngx_feature="C compiler" + ngx_feature_name= +- ngx_feature_run=yes ++ ngx_feature_run= + ngx_feature_incs= + ngx_feature_path= + ngx_feature_libs= +--- a/auto/cc/conf ++++ b/auto/cc/conf +@@ -200,7 +200,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then + else + ngx_feature="C99 variadic macros" + ngx_feature_name="NGX_HAVE_C99_VARIADIC_MACROS" +- ngx_feature_run=yes ++ ngx_feature_run=no + ngx_feature_incs="#include + #define var(dummy, ...) sprintf(__VA_ARGS__)" + ngx_feature_path= +@@ -214,7 +214,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then + + ngx_feature="gcc variadic macros" + ngx_feature_name="NGX_HAVE_GCC_VARIADIC_MACROS" +- ngx_feature_run=yes ++ ngx_feature_run=no + ngx_feature_incs="#include + #define var(dummy, args...) sprintf(args)" + ngx_feature_path= +--- a/auto/os/linux ++++ b/auto/os/linux +@@ -36,7 +36,7 @@ fi + + ngx_feature="epoll" + ngx_feature_name="NGX_HAVE_EPOLL" +-ngx_feature_run=yes ++ngx_feature_run=no + ngx_feature_incs="#include " + ngx_feature_path= + ngx_feature_libs= +@@ -93,7 +93,7 @@ ngx_feature_test="int fd; struct stat sb + CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE" + ngx_feature="sendfile()" + ngx_feature_name="NGX_HAVE_SENDFILE" +-ngx_feature_run=yes ++ngx_feature_run=no + ngx_feature_incs="#include + #include " + ngx_feature_path= +@@ -114,7 +114,7 @@ fi + CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64" + ngx_feature="sendfile64()" + ngx_feature_name="NGX_HAVE_SENDFILE64" +-ngx_feature_run=yes ++ngx_feature_run=no + ngx_feature_incs="#include + #include " + ngx_feature_path= +@@ -132,7 +132,7 @@ ngx_include="sys/prctl.h"; . auto/includ + + ngx_feature="prctl(PR_SET_DUMPABLE)" + ngx_feature_name="NGX_HAVE_PR_SET_DUMPABLE" +-ngx_feature_run=yes ++ngx_feature_run=no + ngx_feature_incs="#include " + ngx_feature_path= + ngx_feature_libs= +--- a/auto/unix ++++ b/auto/unix +@@ -735,7 +735,7 @@ ngx_feature_test="void *p; p = memalign( + + ngx_feature="mmap(MAP_ANON|MAP_SHARED)" + ngx_feature_name="NGX_HAVE_MAP_ANON" +-ngx_feature_run=yes ++ngx_feature_run=no + ngx_feature_incs="#include " + ngx_feature_path= + ngx_feature_libs= +@@ -748,7 +748,7 @@ ngx_feature_test="void *p; + + ngx_feature='mmap("/dev/zero", MAP_SHARED)' + ngx_feature_name="NGX_HAVE_MAP_DEVZERO" +-ngx_feature_run=yes ++ngx_feature_run=no + ngx_feature_incs="#include + #include + #include " +@@ -763,7 +763,7 @@ ngx_feature_test='void *p; int fd; + + ngx_feature="System V shared memory" + ngx_feature_name="NGX_HAVE_SYSVSHM" +-ngx_feature_run=yes ++ngx_feature_run=no + ngx_feature_incs="#include + #include " + ngx_feature_path= +@@ -777,7 +777,7 @@ ngx_feature_test="int id; + + ngx_feature="POSIX semaphores" + ngx_feature_name="NGX_HAVE_POSIX_SEM" +-ngx_feature_run=yes ++ngx_feature_run=no + ngx_feature_incs="#include " + ngx_feature_path= + ngx_feature_libs= diff --git a/nginx-tls/patches/102-sizeof_test_fix.patch b/nginx-tls/patches/102-sizeof_test_fix.patch new file mode 100644 index 0000000..8a0e882 --- /dev/null +++ b/nginx-tls/patches/102-sizeof_test_fix.patch @@ -0,0 +1,27 @@ +--- a/auto/types/sizeof ++++ b/auto/types/sizeof +@@ -25,8 +25,14 @@ $NGX_INCLUDE_UNISTD_H + $NGX_INCLUDE_INTTYPES_H + $NGX_INCLUDE_AUTO_CONFIG_H + ++char object_code_block[] = { ++ '\n', 'e', '4', 'V', 'A', ++ '0', 'x', ('0' + sizeof($ngx_type)), ++ 'Y', '3', 'p', 'M', '\n' ++}; ++ + int main(void) { +- printf("%d", (int) sizeof($ngx_type)); ++ printf("dummy use of object_code_block to avoid gc-section: %c", object_code_block[0]); + return 0; + } + +@@ -40,7 +45,7 @@ eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>& + + + if [ -x $NGX_AUTOTEST ]; then +- ngx_size=`$NGX_AUTOTEST` ++ ngx_size=`sed -ne 's/^e4VA0x\(.\)Y3pM$/\1/p' < $NGX_AUTOTEST` + echo " $ngx_size bytes" + fi + diff --git a/nginx-tls/patches/103-sys_nerr.patch b/nginx-tls/patches/103-sys_nerr.patch new file mode 100644 index 0000000..5f5d106 --- /dev/null +++ b/nginx-tls/patches/103-sys_nerr.patch @@ -0,0 +1,12 @@ +--- a/src/os/unix/ngx_errno.c ++++ b/src/os/unix/ngx_errno.c +@@ -8,6 +8,9 @@ + #include + #include + ++#ifndef NGX_SYS_NERR ++#define NGX_SYS_NERR 128 ++#endif + + /* + * The strerror() messages are copied because: diff --git a/nginx-tls/patches/200-config.patch b/nginx-tls/patches/200-config.patch new file mode 100644 index 0000000..f350095 --- /dev/null +++ b/nginx-tls/patches/200-config.patch @@ -0,0 +1,18 @@ +--- a/conf/nginx.conf ++++ b/conf/nginx.conf +@@ -1,5 +1,5 @@ + +-#user nobody; ++user nobody nogroup; + worker_processes 1; + + #error_log logs/error.log; +@@ -16,7 +16,7 @@ events { + + http { + include mime.types; +- default_type application/octet-stream; ++ #default_type application/octet-stream; + + #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' diff --git a/nginx-tls/patches/300-max-processes.patch b/nginx-tls/patches/300-max-processes.patch new file mode 100644 index 0000000..f7465d4 --- /dev/null +++ b/nginx-tls/patches/300-max-processes.patch @@ -0,0 +1,11 @@ +--- a/src/os/unix/ngx_process.h ++++ b/src/os/unix/ngx_process.h +@@ -44,7 +44,7 @@ typedef struct { + } ngx_exec_ctx_t; + + +-#define NGX_MAX_PROCESSES 1024 ++#define NGX_MAX_PROCESSES 8 + + #define NGX_PROCESS_NORESPAWN -1 + #define NGX_PROCESS_JUST_SPAWN -2