OpenIDC / ngx_openidc_module

OpenID Connect Relying Party module for NGINX
Apache License 2.0
14 stars 4 forks source link

unknown directive "OpenIDCProvider" in nginx Docker container #12

Closed fostermi closed 2 years ago

fostermi commented 3 years ago

Attempting to install the new version 3.2.1 ngx_openidc_module and the version 1.4.3 liboauth2 module in an official nginx Docker container (1.20.1) based on Debian buster. Installation of ngx_openidc gives a warning

/var/lib/dpkg/info/libnginx-mod-openidc.postinst: 22: cd: can't cd to /etc/nginx/modules-enabled

but successfully installs (there is no modules-enabled directory in the Docker version of nginx). However after updating the default.conf file similar to the example on the README and running nginx -t gives the following error:

2021/07/15 21:17:06 [emerg] 496#496: unknown directive "OpenIDCProvider" in /etc/nginx/conf.d/default.conf:13 nginx: [emerg] unknown directive "OpenIDCProvider" in /etc/nginx/conf.d/default.conf:13 nginx: configuration file /etc/nginx/nginx.conf test failed

zandbelt commented 3 years ago

that's most probably because the module does not load since it was built for the stock version of NGINX on Buster which is 1.14.2

fostermi commented 3 years ago

The nginx for Docker maintainers are basing their image on "buster-slim", which as you point out defaults to 1.14. However, they are constantly updating their version of nginx, still using buster by re-compiling the newer code, installing the new version and then publishing a new image.

So, I tried the following:

Pull nginx:1.20.0 docker image, start and enter container Install various build tools Download and build from source prerequisites for building nginx (pcre, zlib, ssl) Download and build from source nginx version 1.20.0 Install prerequisites for liboauth2 (libcjose0 libhiredis0.14 libjansson4 libmemcached11 libmemcachedutil2 libcurl4) Build from source liboauth2, using --with-nginx flag pointing to source of nginx 1.20.0 build. I see it creates artifacts liboauth2.so.0.0.0 and liboauth2_nginx.so.0.0.0. Build from source ngx_openidc_module with --with-nginx flag point to source of nginx 1.20.0. I see it creates artifacts ngx_openidc_module.so. Package all artifacts up and copy into a fresh nginx:1.20.0 container with ngx_openidc_module in /etc/nginx/modules and liboauth2 modules in /usr/lib/x86_64-linux-gnu/. Test nginx with nginx -t.

I get the same output unknown "OpenIDCProvider" directive. Am I missing something in building from source on a newer version of nginx? I sorted out all the missing dependencies and nginx header files so I don't see anything wrong from that standpoint.

BTW, I tried to test installing your released libraries on an nginx 1.14.2 Docker image, but the version of libhiredis in that version is 0.13 and the dependency is libhiredis0.14. So, at this point, there doesn't seem a way to use official nginx images. However, the 'Ubuntu Focal' packages work, although nginx in Focal is 1.18.

zandbelt commented 3 years ago

there's only so much platforms I can maintain a build for so that's it; when compiling yourself you'll also need to make sure that you use the same compilation flags, as recorded in nginx -V

also, the log file should tell you about the module vs. runtime binary mismatch

fostermi commented 3 years ago

I tried re-compiling nginx with the options from the default Docker image and added the missing load_module directive in ngninx.conf since, for whatever reason there is no modules-enabled directory on this image. Unfortunately that didn't work either, so using the official nginx Docker image is a non-starter and I'll have to create one from scratch using the appropriate distro packages.

Thanks for taking a look.