Closed ZeeCoder closed 4 years ago
ZeeCoder
commented
4 years ago For the record, I've also tried to use different container image versions, like 6.0 and 6.3, which seem to have dedicated branches here, but those came with their own set of errors.
ZeeCoder
commented
4 years ago For anyone looking to add JWT support with digest, I recommend this: https://github.com/opositatest/varnish-jwt/blob/master/Dockerfile
Then with digest something like this is possible: https://feryn.eu/blog/validating-json-web-tokens-in-varnish/
I didn't manage to add the cookies vmod for some reason, regardless of which hash I'm trying to use it fails, which I think is due to the fact that it supposedly was moved to varnish-modules, but I couldn't find it there.
Seems to me that all effort are now around Varnish Plus, and not the free OS version.
gquintard
commented
4 years ago Hi,
So, there are a few things to unpack here.
First is that 6.4 should have been a branch and not a tag, I've now fixed it.
Second, while posting a Dockerfile is useful, doing so as an image prevents copy-pasting, making it harder to reproduce. With time being a precious resource, it doesn't help us jump onto a ticket.
This Dockerfile works:
FROM varnish:6.4
RUN apt-get update && apt-get install -y --no-install-recommends \
automake \
autotools-dev \
build-essential \
ca-certificates \
curl \
git \
libedit-dev \
libjemalloc-dev \
libmhash-dev \
libncurses-dev \
libpcre3-dev \
libtool \
pkg-config \
python3 \
python3-docutils \
python3-sphinx \
varnish-dev \
libssl-dev \
&& apt-get clean \
&& apt-get autoremove -y \
&& rm -rf /var/lib/apt/lists/*
RUN cd /usr/local/src/ && \
git clone -b 6.4 https://github.com/varnish/libvmod-digest.git && \
cd libvmod-digest && \
./autogen.sh && \
./configure && \
make install && \
make check && \
cd /usr/local/src && \
rm -rf libvmod-digest && \
ldconfig
RUN echo 'vcl 4.0; backend d none; import digest;' > /etc/varnish/default.vclWhen using
docker run --rm -it vmod_digest varnishd -F -f /etc/varnish/default.vcl -a :80So I'd be curious if you could reproduce your issue with this, and possibly share your own set of instructions to help identify the problem.
You didn't find vmod_cookie in the repository you mentioned because as the README says, the code location changed 5 years ago. And then, it got integrated into varnish core, as explained here: https://github.com/varnish/varnish-modules#moved-or-replaced-vmods
The last jab in you last comment is upsetting because:
vmod_cookie in the open-source coreI'm closing this ticket now as I think all concerns have been addressed. If you have a reproducer, please reopen it.
ZeeCoder
commented
4 years ago @gquintard I'm so sorry to have upset you, I sincerely apologise. Reading back my comments here I was not my best, most patient or sympathetic self.
Again, I'm really sorry, and thank you for being as patient as you were despite my attitude presented here.
Please do tell me if I can make up for it in any way, I'd be happy to "buy you a beer" or something like that to support the OS efforts of Varnish in some way.
On the Dockerfile I'm honestly not sure why I posted a picture only, seems silly in retrospect, and I totally agree that it does not help to reproduce the issue. I think my thinking was that I must be doing something horribly wrong, which must be apparent from a even a screenshot of my Dockerfile, but again, not really useful in retrospect.
I've done some experiments again now having working Dockerfiles to try and triangulate what was specifically wrong with my original approach. What is obvious immediately, is that I didn't call "ldconfig", which seems to be a must after each new VMOD is built. This was the reason I got this error message:
ABI mismatch, expected <Varnish 6.4.0 13f137934ec1cf14af66baf7896311115ee35598>, got <���@>I was also getting an error with libvmod digest I didn't understand:
vmod_digest.Tpo -c vmod_digest.c -fPIC -DPIC -o .libs/vmod_digest.o
vmod_digest.c: In function 'vmod_base64_generic':
vmod_digest.c:351:6: error: implicit declaration of function 'WS_ReserveAll'; did you mean 'WS_Reserve'? [-Werror=implicit-function-declaration]
u = WS_ReserveAll(ctx->ws);
^~~~~~~~~~~~~
WS_Reserve
cc1: all warnings being treated as errors
make[1]: *** [Makefile:468: vmod_digest.lo] Error 1
make[1]: Leaving directory '/tmp/libvmod-digest/src'
make: *** [Makefile:516: install-recursive] Error 1Here too, I jumped to the conclusion that vmod digest was outdated, where as I just found out I just didn't have the right dependencies installed.
It turns out that I needed varnish-dev instead of libvarnishapi1 and libvarnishapi-dev, and then the master version of this repo compiles properly.
On vmod_cookie I did not realise this was built in. I went to varnish-modules, where it says that modules there are "...not in active development...", which I thought was a bad sign already, then I searched the repo for the "cookie" keyword, and since I couldn't find anything I thought it must've been removed at some point, leaving me with no choice but to try and compile with the 5 year old version. I basically completely missed the section where it says it was moved in core, and simply thought that it was an abandoned vmod, not even present in the varnish-modules repo anymore.
Summary: I'm not sure if there are better guides out there when it comes to building varnish for yourself with a given VMOD, but the blog posts I tried to follow were old (for example compiling cookies from source and the like) and caused made the whole experience a lot more painful than it really should be.
My original Dockerfile:
FROM varnish:6.4
RUN set -eux; \
apt-get update;\
apt-get install -y \
git \
autotools-dev \
automake \
autoconf \
libvarnishapi1 \
libvarnishapi-dev \
pkg-config \
libtool \
make \
libmhash-dev \
python-docutils;
ENV VMOD_DIGEST_VERSION=master
RUN set -eux; \
git clone https://github.com/varnish/libvmod-digest.git /tmp/libvmod-digest; \
cd /tmp/libvmod-digest; \
git checkout 2b7f74b8897765372f2c7d7c760229bd8740fea2; \
./autogen.sh; \
./configure; \
make; \
make install; \
rm -rf /tmp/libvmod-digest; \
cp /usr/lib/x86_64-linux-gnu/varnish/vmods/* /usr/lib/varnish/vmods/. ;Fixed Dockerfile:
FROM varnish:6.4
RUN set -eux; \
apt-get update;\
apt-get install -y \
git \
autotools-dev \
automake \
autoconf \
varnish-dev \
pkg-config \
libtool \
make \
libmhash-dev \
python-docutils;
ENV VMOD_DIGEST_VERSION=master
RUN set -eux; \
git clone https://github.com/varnish/libvmod-digest.git /tmp/libvmod-digest; \
cd /tmp/libvmod-digest; \
git checkout master; \
./autogen.sh; \
./configure; \
make; \
make install; \
rm -rf /tmp/libvmod-digest; \
ldconfigMaybe the installation section of vmods could be updated with what dependencies are necessary for the builds? In any case, I have a working build and I think I'll manage from now.
Again, sorry for the trouble.
gquintard
commented
4 years ago Hi @ZeeCoder,
Thank you for coming back and clearing the air, that's greatly appreciated. Rereading my message, I could have used a better tone, so I must apologize for that too.
it looks like you problem here really gravitates around offering better documentation. Would you be okay with leveraging your experience here and offer a PR to https://github.com/varnish/docker-varnish and maybe https://github.com/docker-library/docs to explain this bit?
ZeeCoder
commented
4 years ago Yep, I'll take a look. :+1:
Really glad that we could resolve this!
I feel like I'm missing a last step. The build goes through, but Varnish wouldn't start up complaining about a version mismatch:
For context, I'm using the official varnish docker image, specifically 6.4:
My goal is simply to add this VMOD to it, as I need to parse JWT tokens.
To do so, I've set the following up:
Note that I'm checking out "2b7f74b8897765372f2c7d7c760229bd8740fea2" of this repo, because the latest commit which replaces the WS_Reserve() call to WS_ReserveAll() fails the build.
This builds fine, but when I try to start varnish, I get the above error:
Any help would be much appreciated. I feel like I'm really close to getting this to work. :)