search

TeslaGov / ngx-http-auth-jwt-module

Secure your NGINX locations with JWT
MIT License
309 stars 118 forks source link

Build issue under ubuntu #48

Closed katsar0v closed 4 years ago

katsar0v commented 5 years ago

Trying to make a docker container in ubuntu, I get:

/usr/bin/ld: objs/addon/src/ngx_http_auth_jwt_module.o: relocation R_X86_64_PC32 against undefined symbol `ngx_http_core_module' can not be used when making a shared object; recompile with -fPIC

Any idea why?

katsar0v commented 5 years ago

Compiled modules using: 

RUN wget https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz && tar zxvf nginx-$NGINX_VERSION.tar.gz && \
    cd nginx-$NGINX_VERSION && \
    ./configure \
      --with-compat --add-dynamic-module=../ngx-http-auth-jwt-module --with-cc-opt='-std=gnu99' && \
    make modules

in Ubuntu. Now I am getting: ngx_http_auth_jwt_module.so" failed (/usr/local/lib/libjwt.so.0: undefined symbol: json_integer) in /etc/nginx/nginx.conf:5

katsar0v commented 5 years ago

I succeeded building the module and nginx together with it with this Dockerfile:

FROM ubuntu

RUN apt update && apt upgrade -y && \
    apt install -y \
    gcc \
    wget \
    libtool \
    openssl \
    check \
    build-essential \
    libperl-dev \
    libgeoip-dev \
    autoconf \
    unzip \
    libgd-dev \
    libssl-dev \
    libpcre3 \
    libpcre3-dev \
    libxslt-dev \
    libgeoip-dev \
    libgoogle-perftools-dev \
    libjansson-dev \
    zlib1g-dev \
    supervisor

RUN mkdir -p /root/dl/
WORKDIR /root/dl/

ENV LD_LIBRARY_PATH=/usr/local/lib

##############
# Build libjwt
##############
ARG LIBJWT_VERSION=1.9.0
RUN wget https://github.com/benmcollins/libjwt/archive/v$LIBJWT_VERSION.zip && \
    unzip v$LIBJWT_VERSION.zip && \
    rm v$LIBJWT_VERSION.zip && \
    ln -sf libjwt-$LIBJWT_VERSION libjwt && \
    cd /root/dl/libjwt && \
    autoreconf -fi && \
    ./configure && \
    make all && \
    make check && \
    make install

#############
# Download and install nginx dependencies
#############
RUN wget https://ftp.pcre.org/pub/pcre/pcre-8.40.tar.gz && tar xzvf pcre-8.40.tar.gz && \
    wget http://www.zlib.net/zlib-1.2.11.tar.gz && tar xzvf zlib-1.2.11.tar.gz && \
    wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz && tar xzvf openssl-1.1.0f.tar.gz && \
    rm -rf *.tar.gz

#############
# Download and install nginx
#############
ARG NGINX_VERSION=1.14.0
ADD ngx-http-auth-jwt-module/ /root/dl/ngx-http-auth-jwt-module
RUN wget https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz && tar zxvf nginx-$NGINX_VERSION.tar.gz && \
    cd nginx-$NGINX_VERSION && \
    ./configure \
      --prefix=/etc/nginx/ \
      --sbin-path=/usr/sbin/nginx \
      --conf-path=/etc/nginx/nginx.conf \
      --error-log-path=/var/log/nginx/error.log \
      --http-log-path=/var/log/nginx/access.log \
      --pid-path=/run/nginx.pid \
      --lock-path=/var/lock/nginx.lock \
      --user=www-data \
      --group=www-data \
      --with-openssl=../openssl-1.1.0f \
      --with-openssl-opt=enable-ec_nistp_64_gcc_128 \
      --with-openssl-opt=no-nextprotoneg \
      --with-openssl-opt=no-weak-ssl-ciphers \
      --with-openssl-opt=no-ssl3 \
      --with-pcre=../pcre-8.40 \
      --with-pcre-jit \
      --with-zlib=../zlib-1.2.11 \
      --with-compat \
      --with-file-aio \
      --with-threads \
      --with-http_addition_module \
      --with-http_auth_request_module \
      --with-http_dav_module \
      --with-http_flv_module \
      --with-http_gunzip_module \
      --with-http_gzip_static_module \
      --with-http_mp4_module \
      --with-http_random_index_module \
      --with-http_realip_module \
      --with-http_slice_module \
      --with-http_ssl_module \
      --with-http_sub_module \
      --with-http_stub_status_module \
      --with-http_v2_module \
      --with-http_secure_link_module \
      --with-mail \
      --with-mail_ssl_module \
      --with-stream \
      --with-stream_realip_module \
      --with-stream_ssl_module \
      --with-stream_ssl_preread_module \
      --with-debug && \
      make && \
      make install

RUN cd nginx-$NGINX_VERSION && \
    ./configure \
      --with-compat \
      --add-dynamic-module=../ngx-http-auth-jwt-module && \
    make modules

RUN mkdir -p /etc/nginx/modules && \
    mkdir /etc/nginx/sites-enabled/ && \
    cp nginx-$NGINX_VERSION/objs/ngx_http_auth_jwt_module.so /etc/nginx/modules/ngx_http_auth_jwt_module.so

# create self signed certificate and make the www-data user the owner of the files
COPY cert.crt /etc/nginx/
COPY cert.key /etc/nginx/
COPY dhparam.pem /etc/nginx/
COPY nginx.conf /etc/nginx/
COPY mimes.types /etc/nginx/
RUN chown www-data:www-data /etc/nginx --recursive

RUN echo 1 > /tmp/index.html

# Install confd
ADD https://github.com/kelseyhightower/confd/releases/download/v0.12.0-alpha3/confd-0.12.0-alpha3-linux-amd64 /usr/local/bin/confd
RUN chmod +x /usr/local/bin/confd

# Add confd meta and template files
ADD confd /etc/confd

# basic authentication htaccess file
COPY htpasswd /etc/nginx/.htpasswd

COPY signature/ /var/www/html/signature/
COPY robots.txt /var/www/html/robots.txt

# Finalize build
WORKDIR /
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
RUN nginx -t
ENTRYPOINT ["/entrypoint.sh"]
CMD ["/usr/bin/supervisord","-c","/etc/supervisor/conf.d/supervisord.conf"]

Unfortunately, now I get:

2019/01/04 13:38:39 [error] 17#17: *1 failed to parse jwt, client: 172.18.0.1, server: localhost, request: "GET /secret-page HTTP/2.0", host: "localhost"

though my token (cookie) is valid, checked with jwt.io.

nginx config:

    location /secret-page {
      ###
      # JWT Authenticator default settings
      ###

      auth_jwt_key               "....";
      auth_jwt_algorithm         HS256;
      auth_jwt_loginurl          "https://localhost/";
      auth_jwt_redirect          on;
      auth_jwt_enabled           on;
      auth_jwt_validation_type   COOKIE=sfjwt;
      root /tmp/;
      index index.html;
    }
fitzyjoe commented 5 years ago

I tried to run with the Dockerfile you posted, but I encountered an error:

Step 10/33 : ADD ngx-http-auth-jwt-module/ /root/dl/ngx-http-auth-jwt-module ADD failed: stat /var/lib/docker/tmp/docker-builder709413189/ngx-http-auth-jwt-module: no such file or directory

fitzyjoe commented 5 years ago

If I change that failing line to:

ADD . /root/dl/ngx-http-auth-jwt-module

I get further... but still there are a lot of differences in your Dockerfile that are not necessarily related to Ubuntu, but your particular deployment and I don't have the files that go along with it. If you post a Dockerfile that I could run I'll see if I can give it a shot.

katsar0v commented 5 years ago

ngx-http-auth-jwt-module is the repository. The other files are not necessary, like confd and supervisor, you can remove them and replace with nginx entrypoint, just don't forget the nginx.conf which is also in the repo.

katsar0v commented 5 years ago

I succeeded compiling it, somehow the jwt tokens are invalid: https://github.com/benmcollins/libjwt/issues/79