Closed katsar0v closed 4 years ago
Compiled modules using:
RUN wget https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz && tar zxvf nginx-$NGINX_VERSION.tar.gz && \
cd nginx-$NGINX_VERSION && \
./configure \
--with-compat --add-dynamic-module=../ngx-http-auth-jwt-module --with-cc-opt='-std=gnu99' && \
make modules
in Ubuntu. Now I am getting:
ngx_http_auth_jwt_module.so" failed (/usr/local/lib/libjwt.so.0: undefined symbol: json_integer) in /etc/nginx/nginx.conf:5
I succeeded building the module and nginx together with it with this Dockerfile:
FROM ubuntu
RUN apt update && apt upgrade -y && \
apt install -y \
gcc \
wget \
libtool \
openssl \
check \
build-essential \
libperl-dev \
libgeoip-dev \
autoconf \
unzip \
libgd-dev \
libssl-dev \
libpcre3 \
libpcre3-dev \
libxslt-dev \
libgeoip-dev \
libgoogle-perftools-dev \
libjansson-dev \
zlib1g-dev \
supervisor
RUN mkdir -p /root/dl/
WORKDIR /root/dl/
ENV LD_LIBRARY_PATH=/usr/local/lib
##############
# Build libjwt
##############
ARG LIBJWT_VERSION=1.9.0
RUN wget https://github.com/benmcollins/libjwt/archive/v$LIBJWT_VERSION.zip && \
unzip v$LIBJWT_VERSION.zip && \
rm v$LIBJWT_VERSION.zip && \
ln -sf libjwt-$LIBJWT_VERSION libjwt && \
cd /root/dl/libjwt && \
autoreconf -fi && \
./configure && \
make all && \
make check && \
make install
#############
# Download and install nginx dependencies
#############
RUN wget https://ftp.pcre.org/pub/pcre/pcre-8.40.tar.gz && tar xzvf pcre-8.40.tar.gz && \
wget http://www.zlib.net/zlib-1.2.11.tar.gz && tar xzvf zlib-1.2.11.tar.gz && \
wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz && tar xzvf openssl-1.1.0f.tar.gz && \
rm -rf *.tar.gz
#############
# Download and install nginx
#############
ARG NGINX_VERSION=1.14.0
ADD ngx-http-auth-jwt-module/ /root/dl/ngx-http-auth-jwt-module
RUN wget https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz && tar zxvf nginx-$NGINX_VERSION.tar.gz && \
cd nginx-$NGINX_VERSION && \
./configure \
--prefix=/etc/nginx/ \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/run/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--user=www-data \
--group=www-data \
--with-openssl=../openssl-1.1.0f \
--with-openssl-opt=enable-ec_nistp_64_gcc_128 \
--with-openssl-opt=no-nextprotoneg \
--with-openssl-opt=no-weak-ssl-ciphers \
--with-openssl-opt=no-ssl3 \
--with-pcre=../pcre-8.40 \
--with-pcre-jit \
--with-zlib=../zlib-1.2.11 \
--with-compat \
--with-file-aio \
--with-threads \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_mp4_module \
--with-http_random_index_module \
--with-http_realip_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_sub_module \
--with-http_stub_status_module \
--with-http_v2_module \
--with-http_secure_link_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-debug && \
make && \
make install
RUN cd nginx-$NGINX_VERSION && \
./configure \
--with-compat \
--add-dynamic-module=../ngx-http-auth-jwt-module && \
make modules
RUN mkdir -p /etc/nginx/modules && \
mkdir /etc/nginx/sites-enabled/ && \
cp nginx-$NGINX_VERSION/objs/ngx_http_auth_jwt_module.so /etc/nginx/modules/ngx_http_auth_jwt_module.so
# create self signed certificate and make the www-data user the owner of the files
COPY cert.crt /etc/nginx/
COPY cert.key /etc/nginx/
COPY dhparam.pem /etc/nginx/
COPY nginx.conf /etc/nginx/
COPY mimes.types /etc/nginx/
RUN chown www-data:www-data /etc/nginx --recursive
RUN echo 1 > /tmp/index.html
# Install confd
ADD https://github.com/kelseyhightower/confd/releases/download/v0.12.0-alpha3/confd-0.12.0-alpha3-linux-amd64 /usr/local/bin/confd
RUN chmod +x /usr/local/bin/confd
# Add confd meta and template files
ADD confd /etc/confd
# basic authentication htaccess file
COPY htpasswd /etc/nginx/.htpasswd
COPY signature/ /var/www/html/signature/
COPY robots.txt /var/www/html/robots.txt
# Finalize build
WORKDIR /
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
RUN nginx -t
ENTRYPOINT ["/entrypoint.sh"]
CMD ["/usr/bin/supervisord","-c","/etc/supervisor/conf.d/supervisord.conf"]
Unfortunately, now I get:
2019/01/04 13:38:39 [error] 17#17: *1 failed to parse jwt, client: 172.18.0.1, server: localhost, request: "GET /secret-page HTTP/2.0", host: "localhost"
though my token (cookie) is valid, checked with jwt.io.
nginx config:
location /secret-page {
###
# JWT Authenticator default settings
###
auth_jwt_key "....";
auth_jwt_algorithm HS256;
auth_jwt_loginurl "https://localhost/";
auth_jwt_redirect on;
auth_jwt_enabled on;
auth_jwt_validation_type COOKIE=sfjwt;
root /tmp/;
index index.html;
}
I tried to run with the Dockerfile you posted, but I encountered an error:
Step 10/33 : ADD ngx-http-auth-jwt-module/ /root/dl/ngx-http-auth-jwt-module ADD failed: stat /var/lib/docker/tmp/docker-builder709413189/ngx-http-auth-jwt-module: no such file or directory
If I change that failing line to:
ADD . /root/dl/ngx-http-auth-jwt-module
I get further... but still there are a lot of differences in your Dockerfile that are not necessarily related to Ubuntu, but your particular deployment and I don't have the files that go along with it. If you post a Dockerfile that I could run I'll see if I can give it a shot.
ngx-http-auth-jwt-module
is the repository. The other files are not necessary, like confd and supervisor, you can remove them and replace with nginx entrypoint, just don't forget the nginx.conf which is also in the repo.
I succeeded compiling it, somehow the jwt tokens are invalid: https://github.com/benmcollins/libjwt/issues/79
Trying to make a docker container in ubuntu, I get:
Any idea why?