owasp-modsecurity / ModSecurity-nginx

ModSecurity v3 Nginx Connector
Apache License 2.0
1.59k stars 282 forks source link

Re-add old nginx versions to travis #228

Closed c33s closed 2 years ago

c33s commented 4 years ago

@zimmerle the commit c6fd13807299184acf3719e1deb499fcb14d2ef4 removed nginx version 1.14.2 and 1.15.7 from the travis test matrix.

is this really the right step?

debian ships the following nginx versions:

this means that debian stable which is supported until 2022 and its lts support goes event to 2024 and ships with 1.14.2 is not tested any more. even strech which is lts supported until 2022 has a backported 1.14.1 nginx version.

shouldn't stable and lts operation systems be better supported and the version 1.14.2 be readded to the testmatrix?

reference links:


zimmerle commented 4 years ago

Hi @c33s,

It all depends on your understanding of stable. Nginx considers to be stable the version that we have picked. Debian considers a different thing. At a certain point, Debian community will start to back port fixes and feature from "nginx stable" (the one picked by nginx) to their own package creating something that is not nginx version x.y.z but version x.y.z + Debian patches. Creating something that is very unique for the Debian users.

As ModSecurity meant to work on different distributions and operational systems, our tests are using what Nginx have published and considers to be stable. We could have a new test environment for Debian and what they consider to be stable. Maybe using GitHub automation. Do you want to make that contribution?

c33s commented 4 years ago

thank you for you quick answer, i can understand your arguments. i would really love having a debian specific test but of course i see the problem of the version diff.

still i think "burning" some ci runner minutes for an "old" version is not that bad. if the tests run with 14 & 17 & 18 the will probably also work for 14+deb_patches.

would love to contribute but sadly my workload is quite high and other opensource projects are waiting (like puppet-php module)

what i can contribute is my build setup. currently i am working on building modsecurity for debian stretch & buster (repos with makefiles and packaging )

but i use gitlab and their ci for that.

the repos are currently private but if you have a gitlab account i can add you. as soon as everything is working i plan to make it public.

the installation on debian should be as simple as apt-get install libnginx-mod-http-modsecurity

cilex-ft commented 3 years ago

the installation on debian should be as simple as apt-get install libnginx-mod-http-modsecurity

Same for ubuntu of course.

For the life of me I can't understand why there is not even a ppa to install easily!!

airween commented 3 years ago

the installation on debian should be as simple as apt-get install libnginx-mod-http-modsecurity

Same for ubuntu of course.

For the life of me I can't understand why there is not even a ppa to install easily!!

Guys, you should take a look at this:

https://modsecurity.digitalwave.hu

(Ubuntu packages are a bit behind the Debian, but I would like to align the as soon)

cilex-ft commented 3 years ago

Bless the good people at DigitalWave, we now have a repository and a working ModSecuriy on our servers! Thanks Airween.

martinhsv commented 2 years ago

There would appear to be no practical purpose to keep this item open.

Closing ...