search

karljohns0n / nginx-more

Development repository for nginx-more package
MIT License
120 stars 29 forks source link

el9 support #32

Closed karljohns0n closed 1 year ago

karljohns0n commented 2 years ago

I started working on el9 support for nginx-more. There's only issues so far with two modules: PageSpeed and VTS.

I will keep this issue for tracking el9 release.

skrlance commented 2 years ago

For modules like PageSpeed and VTS that hasn't been updated from years, please compile one without them so we can use nginx-more on El9 for now! After the issues get fixed, then please compile new one including them!! Besides, for me VTS and PageSpeed work can be performed using analytics and WP plugin until they are available!! Thanks

oncena commented 2 years ago

Hi Karl. I would really appreciate it if you just happen to be able to release a working version for EL9 without all the bells and whistles that currently have issues. Thank you.

aabiskar1 commented 2 years ago

I also agree Karl, please compile one with those thats working. Let's not stop because of Pagespeed and VTS. We are already on El9 and waiting to install nginx-more for it. You can compile including those after the issues gets fixed.

karljohns0n commented 2 years ago

A new version of module VTS has been released today. I will keep an eye on it.

Meanwhile, I built packages for el9 for testing purpose. Everything seems fine so far, only need to remove PageSpeed/VTS config to start nginx.

[root@7e215c48dc3f ~]# dnf -y -q install https://repo.aerisnetwork.com/pub/aeris-release-9.rpm
Installed:
  aeris-release-1.0-9.el9.noarch                                       dbus-libs-1:1.12.20-5.el9.x86_64                      
  dnf-plugins-core-4.0.24-4.el9_0.noarch                               epel-release-9-4.el9.noarch                           
  python3-dateutil-1:2.8.1-6.el9.noarch                                python3-dbus-1.2.18-2.el9.x86_64                      
  python3-dnf-plugins-core-4.0.24-4.el9_0.noarch                       python3-six-1.15.0-9.el9.noarch                       

[root@7e215c48dc3f ~]# dnf -y -q --enablerepo=aeris-testing install nginx-more nginx-more-module-modsecurity
Installed:
  fontconfig-2.13.94-2.el9.x86_64     freetype-2.10.4-6.el9.x86_64        gd-2.3.2-3.el9.x86_64                              
  graphite2-1.3.14-9.el9.x86_64       harfbuzz-2.7.4-5.el9.x86_64         jbigkit-libs-2.1-23.el9.x86_64                     
  libX11-1.7.0-7.el9.x86_64           libX11-common-1.7.0-7.el9.noarch    libXau-1.0.9-8.el9.x86_64                          
  libXpm-3.5.13-7.el9.x86_64          libjpeg-turbo-2.0.90-5.el9.x86_64   libmaxminddb-1.6.0-2.el9.x86_64                    
  libmodsecurity-3.0.7-2.el9.x86_64   libpng-2:1.6.37-12.el9.x86_64       libtiff-4.2.0-3.el9.x86_64                         
  libwebp-1.2.0-3.el9.x86_64          libxcb-1.13.1-9.el9.x86_64          libxslt-1.1.34-9.el9.x86_64                        
  lmdb-libs-0.9.29-3.el9.x86_64       nginx-more-1.22.0-4.el9.x86_64      nginx-more-module-modsecurity-1.22.0-4.el9.x86_64  
  ssdeep-libs-2.14.1-11.el9.x86_64    xml-common-0.6.3-58.el9.noarch      yajl-2.1.0-21.el9_0.x86_64                         

[root@7e215c48dc3f ~]# nginx &

[root@7e215c48dc3f ~]# nginx -V
nginx version: nginx/1.22.0
custom build maintained on github.com/karljohns0n/nginx-more
built by gcc 11.2.1 20220127 (Red Hat 11.2.1-9) (GCC) 
built with OpenSSL 3.0.5 5 Jul 2022
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/cache/client_body --http-proxy-temp-path=/var/lib/nginx/cache/proxy --http-fastcgi-temp-path=/var/lib/nginx/cache/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/cache/uwsgi --http-scgi-temp-path=/var/lib/nginx/cache/scgi --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=nginx --group=nginx --with-compat --with-file-aio --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_image_filter_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-threads --with-stream --with-stream_ssl_module --with-stream_realip_module --with-http_slice_module --with-stream_ssl_preread_module --with-debug --with-cc-opt='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64-v2 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -DTCP_FASTOPEN=23' --with-openssl=modules/openssl-3.0.5 --with-openssl-opt=enable-ktls --with-http_v2_hpack_enc --add-dynamic-module=modules/ngx_modsecurity-1.0.3 --add-module=modules/ngx_headers_more-0.34 --add-module=modules/ngx_cache_purge-2.3 --add-module=modules/ngx_brotli-snap20220505 --add-module=modules/ngx_http_geoip2_module-3.4 --add-module=modules/ngx_echo-0.62

[root@7e215c48dc3f ~]# cat /var/log/nginx/error.log 
2022/09/05 18:41:21 [notice] 212#212: ModSecurity-nginx v1.0.3 (rules loaded inline/local/remote: 0/0/0)
2022/09/05 18:41:21 [notice] 212#212: using the "epoll" event method
2022/09/05 18:41:21 [notice] 212#212: nginx/1.22.0
2022/09/05 18:41:21 [notice] 212#212: built by gcc 11.2.1 20220127 (Red Hat 11.2.1-9) (GCC) 
2022/09/05 18:41:21 [notice] 212#212: OS: Linux 5.10.124-linuxkit
2022/09/05 18:41:21 [notice] 212#212: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2022/09/05 18:41:21 [notice] 213#213: start worker processes
2022/09/05 18:41:21 [notice] 213#213: start worker process 214
2022/09/05 18:41:21 [notice] 213#213: start worker process 215
2022/09/05 18:41:21 [notice] 213#213: start worker process 216
2022/09/05 18:41:21 [notice] 213#213: start worker process 217
2022/09/05 18:41:21 [notice] 213#213: start worker process 218
2022/09/05 18:41:21 [notice] 213#213: start worker process 219
2022/09/05 18:41:21 [notice] 213#213: start cache manager process 220
2022/09/05 18:41:21 [notice] 213#213: start cache loader process 221
skrlance commented 2 years ago

I just checked, latest dev version has fixed the VTS issue when compiling.

karljohns0n commented 2 years ago

Yes I did a build yesterday, it went fine. Only missing PageSpeed. I'll probably skip this module for el9, at least to start.

karljohns0n commented 2 years ago

I pushed el9 build stable including latest module VTS 0.2.1 but still without PageSpeed (for now).

Package aeris-release should be reinstalled as it uses a new key.

[root@81b6c7c5497f ~]# dnf clean all && dnf reinstall -y aeris-release 
[root@81b6c7c5497f ~]# dnf install nginx-more nginx-more-module-modsecurity
[root@81b6c7c5497f ~]# nginx -V
nginx version: nginx/1.22.0
custom build maintained on github.com/karljohns0n/nginx-more
built by gcc 11.2.1 20220127 (Red Hat 11.2.1-9) (GCC) 
built with OpenSSL 3.0.5 5 Jul 2022
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/cache/client_body --http-proxy-temp-path=/var/lib/nginx/cache/proxy --http-fastcgi-temp-path=/var/lib/nginx/cache/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/cache/uwsgi --http-scgi-temp-path=/var/lib/nginx/cache/scgi --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=nginx --group=nginx --with-compat --with-file-aio --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_image_filter_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-threads --with-stream --with-stream_ssl_module --with-stream_realip_module --with-http_slice_module --with-stream_ssl_preread_module --with-debug --with-cc-opt='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64-v2 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -DTCP_FASTOPEN=23' --with-openssl=modules/openssl-3.0.5 --with-openssl-opt=enable-ktls --with-http_v2_hpack_enc --add-dynamic-module=modules/ngx_modsecurity-1.0.3 --add-module=modules/ngx_headers_more-0.34 --add-module=modules/ngx_cache_purge-2.3 --add-module=modules/ngx_module_vts-0.2.1 --add-module=modules/ngx_brotli-snap20220505 --add-module=modules/ngx_http_geoip2_module-3.4 --add-module=modules/ngx_echo-0.62

Please provide feedback. I only tested with Docker at the moment. Thanks!

oncena commented 2 years ago

Works like a charm on Rocky Linux 9. Thank you.

skrlance commented 2 years ago

The repos are working good and stable so this issue should be marked resolved!!