Open alex9434 opened 2 years ago
Yes adding support for dynamic loading has always been my dream but tons of work and some module can't be compiled that way...
The first thing i would do would be find the module that can't be compiled dynamically and create a list. In theory converting all of this to dynamic module should not be hard but we first need to understand the module that we can't compile
Hi @ansuel, I am happy to go for you through the current list of all modules and identify the ones that cannot be compiled dynamically. Would that help and would you then be willing to modify the makefile so that the rest are compiled dynamically? Would you also consider my suggestions under 1 and 2?
@alex9434 sure make the pr but i would give priority to dynamic module honestly. the list would make the introduction of dynamic module much easier.
@Ansuel, fully agree with your priorities! I have looked at the modules that Debian provides as dynamic modules. Theoretically, it would be possible to try to convert additional modules to dynamic but Debian has probably already excluded the cases where that does not make sense.
The following modules from your Makefile in Master are loaded dynamically in Debian:
--with-stream=dynamic
--add-dynamic-module=/build/nginx-UdHF0z/nginx-1.18.0/debian/modules/http-headers-more-filter
--add-dynamic-module=/build/nginx-UdHF0z/nginx-1.18.0/debian/modules/http-dav-ext
--add-dynamic-module=/build/nginx-UdHF0z/nginx-1.18.0/debian/modules/http-lua
--add-dynamic-module=/build/nginx-UdHF0z/nginx-1.18.0/debian/modules/rtmp
The blog that I linked in my earlier post also describes how to compile NAXSI dynamically which is also included in your makefile.
NGINX on Debian also has the following additional dynamic modules
--with-http_geoip_module=dynamic
--with-http_image_filter_module=dynamic
--with-http_perl_module=dynamic
--with-http_xslt_module=dynamic
--with-mail=dynamic
--with-stream_geoip_module=dynamic
--add-dynamic-module=/build/nginx-UdHF0z/nginx-1.18.0/debian/modules/http-auth-pam
--add-dynamic-module=/build/nginx-UdHF0z/nginx-1.18.0/debian/modules/http-cache-purge
--add-dynamic-module=/build/nginx-UdHF0z/nginx-1.18.0/debian/modules/http-ndk
--add-dynamic-module=/build/nginx-UdHF0z/nginx-1.18.0/debian/modules/http-echo
--add-dynamic-module=/build/nginx-UdHF0z/nginx-1.18.0/debian/modules/http-fancyindex
--add-dynamic-module=/build/nginx-UdHF0z/nginx-1.18.0/debian/modules/http-geoip2
--add-dynamic-module=/build/nginx-UdHF0z/nginx-1.18.0/debian/modules/nchan
--add-dynamic-module=/build/nginx-UdHF0z/nginx-1.18.0/debian/modules/http-uploadprogress
--add-dynamic-module=/build/nginx-UdHF0z/nginx-1.18.0/debian/modules/http-upstream-fair
--add-dynamic-module=/build/nginx-UdHF0z/nginx-1.18.0/debian/modules/http-subs-filter
Can we start with the 5+1 modules from the first list? I am happy to experiment whether further modules from the Makefile can be converted to dynamic once we have the five dynamic modules. OK for you? Any other way I can support you?
This night i will check the required changes for the makefile and post here a pof...
anyway in theory most of the standard module are in the nginx wiki and everyone is listed if can be loaded dynamically or not.
@alex9434 i made a first version of this. Can you test it?
The idea is to test the pr... merge that and with the current framework, you can add all the package you need hoping they are dynamic.
@alex9434 i made a first version of this. Can you test it?
The idea is to test the pr... merge that and with the current framework, you can add all the package you need hoping they are dynamic.
Will test it tonight. Thank you!
@Ansuel, compiling went through on arm64 and x64. However, I get the following error when starting NGINX:
nginx -T -c '/etc/nginx/uci.conf'
2021/10/10 06:51:40 [emerg] 6210#0: "load_module" directive is not allowed here in /etc/nginx/conf.d/luci.locations:19
nginx: configuration file /etc/nginx/uci.conf test failed
The error is that load_module is in the wrong context. The line:
load_module /usr/modules/ngx_http_ubus_module.so;
needs to go into uci.conf.template instead of conf.d/luci.locations because.
After moving it to uci.conf.template, I get the following error.
2021/10/10 07:08:11 [emerg] 5928#0: dlsym() "/usr/modules/ngx_http_ubus_module.so", "ngx_modules" failed (Symbol not found: ngx_modules) in /etc/nginx/uci.conf:7
nginx: configuration file /etc/nginx/uci.conf test failed
I then looked at the directory /usr/modules:
root@OpenWrt:/usr/modules# ls -l
-rwxr-xr-x 1 root root 4099 Aug 31 22:20 ngx_http_brotli_filter_module.so
-rwxr-xr-x 1 root root 4099 Aug 31 22:20 ngx_http_brotli_static_module.so
-rwxr-xr-x 1 root root 4099 Aug 31 22:20 ngx_http_dav_ext_module.so
-rwxr-xr-x 1 root root 4099 Aug 31 22:20 ngx_http_headers_more_filter_module.so
-rwxr-xr-x 1 root root 4099 Aug 31 22:20 ngx_http_lua_module.so
-rwxr-xr-x 1 root root 4099 Aug 31 22:20 ngx_http_naxsi_module.so
-rwxr-xr-x 1 root root 4099 Aug 31 22:20 ngx_http_ts_module.so
-rwxr-xr-x 1 root root 4099 Aug 31 22:20 ngx_http_ubus_module.so
-rwxr-xr-x 1 root root 4099 Aug 31 22:20 ngx_rtmp_module.so
-rwxr-xr-x 1 root root 4099 Aug 31 22:20 ngx_stream_module.so
All modules have the exact size of 4099. Do you have any idea what went wrong?
Regarding MP4 could you kindly add the following to the Makefile?
...
CONFIG_NGINX_MP4 \
...
ifeq ($(CONFIG_NGINX_MP4),y)
ADDITIONAL_MODULES += --with-http_mp4_module
endif
...
ADDITIONAL_MODULES += --with-ipv6 --with-http_stub_status_module --with-http_flv_module --with-http_mp4_module
and to Config_ssl.in
config NGINX_MP4
bool
prompt "Enable MP4 module"
help
Provides the ability to seek within MP4 files using time-based offsets.
default n
Regarding digest authentication, could you add the following to the Makefile?
...
CONFIG_NGINX_HTTP_AUTH_DIGEST \
...
ifeq ($(CONFIG_NGINX_HTTP_AUTH_DIGEST),y)
ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-auth-digest
endif
...
define Download/nginx-auth-digest
VERSION:=b3073ef3624ec0e590671399e7b8f31458218d2a
SUBDIR:=nginx-auth-digest
FILE:=nginx-http-auth-digest-$$(VERSION).tar.xz
URL:=https://github.com/atomx/nginx-http-auth-digest.git
MIRROR_HASH:=24511f8c0867ce3e0961766f33d2a4020aeeda19325ab4400c8abf545c999b93
PROTO:=git
endef
define Prepare/nginx-auth-digest
$(eval $(Download/nginx-auth-digest))
xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef
And to Config_ssl.in
config NGINX_HTTP_AUTH_DIGEST
bool
prompt "Enable HTTP auth digest"
default n
That would be very helpful!
Maintainer: @Ansuel @mhei Environment: all
Description: Suggested changes to NGINX Makefile for OpenWRT.
Dear all,
Can I suggest the following 3 changes to the NGINX makefile:
1. Add MP4 pseudo-streaming: The makefile already contains the option
--with-http_flv_module
to add FLV pseudo streaming. NGINX has the comparable functionality to add MP4 pseudo streaming--with-http_mp4_module
. The code for the module is included in the NGINX source code. Given the more widespread use of MP4 compared to FLV today that module might be very useful.2. Add Digest authentication Because some routers/boards do not have hardware encryption support it might be helpful to be able to stream media over HTTP instead of HTTPS. Digest Authentication offers better protection than Basic Authentication over HTTP because the password is not transmitted in cleartext. https://www.nginx.com/resources/wiki/modules/auth_digest/
3. Compile Dynamic Modules instead of Static Modules In NGINX 1.9.11 onwards selected modules can be loaded into NGINX at runtime based on configuration files. This can help to reduce memory requirements by only loading modules that are needed. Currently, all modules are statically compiled into NGINX. Can we change this to dynamic loading? https://www.nginx.com/blog/compiling-dynamic-modules-nginx-plus/
Next steps? I have already made the changes for 1 and 2 by myself to the Makefile and Config-ssl.in (they are actually trivial). If you agree with these suggestions, I am happy to work on a pull request (have never done this before). On point 3 it would be good to get your view and the suggested approach.
Thank you for your kind consideration!