mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-03-09 15:40:03 +00:00
Code Issues Releases Wiki Activity

fix

Browse source
This commit is contained in:
suyuan 2022-10-11 22:40:25 +08:00
parent eb2ebbed0b
commit 61fd57ddb5
14 changed files with 3534 additions and 73 deletions
Download patch file Download diff file Expand all files Collapse all files

25
nginx/Config.in
View file

@ -22,6 +22,13 @@ config NGINX_DAV
Enable the HTTP and WebDAV methods PUT, DELETE, MKCOL, COPY and MOVE. Enable the HTTP and WebDAV methods PUT, DELETE, MKCOL, COPY and MOVE.
default n default n
config NGINX_UBUS
bool
prompt "Enable UBUS module"
help
Enable UBUS api support directly from the server.
default y
config NGINX_FLV config NGINX_FLV
bool bool
prompt "Enable FLV module" prompt "Enable FLV module"
@ -226,7 +233,23 @@ config NGINX_STREAM_CORE_MODULE
prompt "Enable stream support" prompt "Enable stream support"
help help
Add support for NGINX request streaming. Add support for NGINX request streaming.
default y default n
config NGINX_STREAM_SSL_MODULE
bool
prompt "Enable stream support with SSL/TLS termination"
depends on NGINX_STREAM_CORE_MODULE
help
Add support for NGINX request streaming with SSL/TLS termination.
default n
config NGINX_STREAM_SSL_PREREAD_MODULE
bool
prompt "Enable stream support with SSL/TLS pre-read"
depends on NGINX_STREAM_CORE_MODULE
help
Add support for NGINX request streaming using information from the ClientHello message without terminating SSL/TLS.
default n
config NGINX_RTMP_MODULE config NGINX_RTMP_MODULE
bool bool

23
nginx/Config_ssl.in
View file

@ -15,6 +15,13 @@ config NGINX_DAV
Enable the HTTP and WebDAV methods PUT, DELETE, MKCOL, COPY and MOVE. Enable the HTTP and WebDAV methods PUT, DELETE, MKCOL, COPY and MOVE.
default n default n
config NGINX_UBUS
bool
prompt "Enable UBUS module"
help
Enable UBUS api support directly from the server.
default y
config NGINX_FLV config NGINX_FLV
bool bool
prompt "Enable FLV module" prompt "Enable FLV module"
@ -221,6 +228,22 @@ config NGINX_STREAM_CORE_MODULE
Add support for NGINX request streaming. Add support for NGINX request streaming.
default n default n
config NGINX_STREAM_SSL_MODULE
bool
prompt "Enable stream support with SSL/TLS termination"
depends on NGINX_STREAM_CORE_MODULE
help
Add support for NGINX request streaming with SSL/TLS termination.
default n
config NGINX_STREAM_SSL_PREREAD_MODULE
bool
prompt "Enable stream support with SSL/TLS pre-read"
depends on NGINX_STREAM_CORE_MODULE
help
Add support for NGINX request streaming using information from the ClientHello message without terminating SSL/TLS.
default n
config NGINX_RTMP_MODULE config NGINX_RTMP_MODULE
bool bool
prompt "Enable RTMP module" prompt "Enable RTMP module"

117
nginx/Makefile
View file

@ -8,18 +8,17 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=nginx PKG_NAME:=nginx
PKG_VERSION:=1.16.1 PKG_VERSION:=1.17.7
PKG_RELEASE:=2 PKG_RELEASE:=2
PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://nginx.org/download/ PKG_SOURCE_URL:=https://nginx.org/download/
PKG_HASH:=f11c2a6dd1d3515736f0324857957db2de98be862461b5a542a3ac6188dbe32b PKG_HASH:=b62756842807e5693b794e5d0ae289bd8ae5b098e66538b2a91eb80f25c591ff
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de> \ PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de> \
Ansuel Smith <ansuelsmth@gmail.com> Ansuel Smith <ansuelsmth@gmail.com>
PKG_LICENSE:=2-clause BSD-like license PKG_LICENSE:=2-clause BSD-like license
PKG_CPE_ID:=cpe:/a:nginx:nginx
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
PKG_FIXUP:=autoreconf PKG_FIXUP:=autoreconf
PKG_BUILD_PARALLEL:=1 PKG_BUILD_PARALLEL:=1
@ -29,6 +28,7 @@ PKG_CONFIG_DEPENDS := \
CONFIG_NGINX_SSL \ CONFIG_NGINX_SSL \
CONFIG_NGINX_DAV \ CONFIG_NGINX_DAV \
CONFIG_NGINX_FLV \ CONFIG_NGINX_FLV \
CONFIG_NGINX_UBUS \
CONFIG_NGINX_STUB_STATUS \ CONFIG_NGINX_STUB_STATUS \
CONFIG_NGINX_HTTP_CHARSET \ CONFIG_NGINX_HTTP_CHARSET \
CONFIG_NGINX_HTTP_GZIP \ CONFIG_NGINX_HTTP_GZIP \
@ -67,8 +67,12 @@ PKG_CONFIG_DEPENDS := \
CONFIG_NGINX_HTTP_BROTLI \ CONFIG_NGINX_HTTP_BROTLI \
CONFIG_NGINX_HEADERS_MORE \ CONFIG_NGINX_HEADERS_MORE \
CONFIG_NGINX_STREAM_CORE_MODULE \ CONFIG_NGINX_STREAM_CORE_MODULE \
CONFIG_NGINX_STREAM_SSL_MODULE \
CONFIG_NGINX_STREAM_SSL_PREREAD_MODULE \
CONFIG_NGINX_RTMP_MODULE \ CONFIG_NGINX_RTMP_MODULE \
CONFIG_NGINX_TS_MODULE \ CONFIG_NGINX_TS_MODULE \
CONFIG_OPENSSL_ENGINE \
CONFIG_OPENSSL_WITH_NPN
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk
@ -78,8 +82,9 @@ define Package/nginx/default
SUBMENU:=Web Servers/Proxies SUBMENU:=Web Servers/Proxies
TITLE:=Nginx web server TITLE:=Nginx web server
URL:=http://nginx.org/ URL:=http://nginx.org/
DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl \ DEPENDS:=+NGINX_PCRE:libpcre +NGINX_SSL:libopenssl \
+NGINX_HTTP_GZIP:zlib +NGINX_LUA:liblua +libpthread +NGINX_DAV:libexpat +NGINX_HTTP_GZIP:zlib +NGINX_LUA:liblua +libpthread +NGINX_DAV:libxml2 \
+NGINX_UBUS:libubus +NGINX_UBUS:libblobmsg-json +NGINX_UBUS:libjson-c
endef endef
define Package/nginx/description define Package/nginx/description
@ -102,19 +107,20 @@ define Package/nginx-ssl
endef endef
Package/nginx-ssl/description = $(Package/nginx/description) \ Package/nginx-ssl/description = $(Package/nginx/description) \
This varian is compiled with SSL support enabled. To enable additional module \ This variant is compiled with SSL support enabled. To enable additional module \
select them in the nginx default configuration menu. select them in the nginx default configuration menu.
define Package/nginx-all-module define Package/nginx-all-module
$(Package/nginx/default) $(Package/nginx/default)
TITLE += with ALL module selected TITLE += with ALL module selected
DEPENDS:=+libpcre +libopenssl +zlib +liblua +libpthread +libexpat DEPENDS:=+libpcre +libopenssl +zlib +liblua +libpthread +libxml2 \
+libubus +libblobmsg-json +libjson-c
VARIANT:=all-module VARIANT:=all-module
PROVIDES:=nginx PROVIDES:=nginx
endef endef
Package/nginx-all-module/description = $(Package/nginx/description) \ Package/nginx-all-module/description = $(Package/nginx/description) \
This varian is compiled with ALL module selected. This variant is compiled with ALL module selected.
define Package/nginx/config define Package/nginx/config
source "$(SOURCE)/Config.in" source "$(SOURCE)/Config.in"
@ -134,7 +140,7 @@ Package/nginx-ssl/conffiles = $(Package/nginx/conffiles)
Package/nginx-all-module/conffiles = $(Package/nginx/conffiles) Package/nginx-all-module/conffiles = $(Package/nginx/conffiles)
ADDITIONAL_MODULES:= ADDITIONAL_MODULES:=--with-http_gzip_static_module
ifneq ($(BUILD_VARIANT),all-module) ifneq ($(BUILD_VARIANT),all-module)
ifneq ($(CONFIG_NGINX_HTTP_CACHE),y) ifneq ($(CONFIG_NGINX_HTTP_CACHE),y)
@ -142,6 +148,8 @@ ifneq ($(BUILD_VARIANT),all-module)
endif endif
ifneq ($(CONFIG_NGINX_PCRE),y) ifneq ($(CONFIG_NGINX_PCRE),y)
ADDITIONAL_MODULES += --without-pcre ADDITIONAL_MODULES += --without-pcre
else
ADDITIONAL_MODULES += --with-pcre
endif endif
ifneq ($(CONFIG_NGINX_HTTP_CHARSET),y) ifneq ($(CONFIG_NGINX_HTTP_CHARSET),y)
ADDITIONAL_MODULES += --without-http_charset_module ADDITIONAL_MODULES += --without-http_charset_module
@ -191,6 +199,8 @@ ifneq ($(BUILD_VARIANT),all-module)
endif endif
ifneq ($(CONFIG_NGINX_HTTP_UWSGI),y) ifneq ($(CONFIG_NGINX_HTTP_UWSGI),y)
ADDITIONAL_MODULES += --without-http_uwsgi_module ADDITIONAL_MODULES += --without-http_uwsgi_module
else
config_files += uwsgi_params
endif endif
ifneq ($(CONFIG_NGINX_HTTP_SCGI),y) ifneq ($(CONFIG_NGINX_HTTP_SCGI),y)
ADDITIONAL_MODULES += --without-http_scgi_module ADDITIONAL_MODULES += --without-http_scgi_module
@ -250,6 +260,9 @@ ifneq ($(BUILD_VARIANT),all-module)
ifeq ($(CONFIG_NGINX_DAV),y) ifeq ($(CONFIG_NGINX_DAV),y)
ADDITIONAL_MODULES += --with-http_dav_module --add-module=$(PKG_BUILD_DIR)/nginx-dav-ext-module ADDITIONAL_MODULES += --with-http_dav_module --add-module=$(PKG_BUILD_DIR)/nginx-dav-ext-module
endif endif
ifeq ($(CONFIG_NGINX_UBUS),y)
ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-ubus-module
endif
ifeq ($(CONFIG_NGINX_HTTP_AUTH_REQUEST),y) ifeq ($(CONFIG_NGINX_HTTP_AUTH_REQUEST),y)
ADDITIONAL_MODULES += --with-http_auth_request_module ADDITIONAL_MODULES += --with-http_auth_request_module
endif endif
@ -268,6 +281,12 @@ ifneq ($(BUILD_VARIANT),all-module)
ifeq ($(CONFIG_NGINX_STREAM_CORE_MODULE),y) ifeq ($(CONFIG_NGINX_STREAM_CORE_MODULE),y)
ADDITIONAL_MODULES += --with-stream ADDITIONAL_MODULES += --with-stream
endif endif
ifeq ($(CONFIG_NGINX_STREAM_SSL_MODULE),y)
ADDITIONAL_MODULES += --with-stream_ssl_module
endif
ifeq ($(CONFIG_NGINX_STREAM_SSL_PREREAD_MODULE),y)
ADDITIONAL_MODULES += --with-stream_ssl_preread_module
endif
ifeq ($(CONFIG_NGINX_HEADERS_MORE),y) ifeq ($(CONFIG_NGINX_HEADERS_MORE),y)
ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-headers-more ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-headers-more
endif endif
@ -288,14 +307,15 @@ else
CONFIG_NGINX_NAXSI:=y CONFIG_NGINX_NAXSI:=y
CONFIG_NGINX_LUA:=y CONFIG_NGINX_LUA:=y
CONFIG_NGINX_DAV:=y CONFIG_NGINX_DAV:=y
CONFIG_NGINX_UBUS:=y
ADDITIONAL_MODULES += --with-http_ssl_module --add-module=$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_src \ ADDITIONAL_MODULES += --with-http_ssl_module --add-module=$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_src \
--add-module=$(PKG_BUILD_DIR)/lua-nginx --with-ipv6 --with-http_stub_status_module --with-http_flv_module \ --add-module=$(PKG_BUILD_DIR)/lua-nginx --with-ipv6 --with-http_stub_status_module --with-http_flv_module \
--with-http_dav_module --add-module=$(PKG_BUILD_DIR)/nginx-dav-ext-module \ --with-http_dav_module --add-module=$(PKG_BUILD_DIR)/nginx-dav-ext-module \
--with-http_auth_request_module --with-http_v2_module --with-http_realip_module \ --with-http_auth_request_module --with-http_v2_module --with-http_realip_module \
--with-http_secure_link_module --with-http_sub_module --add-module=$(PKG_BUILD_DIR)/nginx-headers-more \ --with-http_secure_link_module --with-http_sub_module --add-module=$(PKG_BUILD_DIR)/nginx-headers-more \
--with-stream \ --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module \
--add-module=$(PKG_BUILD_DIR)/nginx-brotli --add-module=$(PKG_BUILD_DIR)/nginx-rtmp \ --add-module=$(PKG_BUILD_DIR)/nginx-brotli --add-module=$(PKG_BUILD_DIR)/nginx-rtmp \
--add-module=$(PKG_BUILD_DIR)/nginx-ts --add-module=$(PKG_BUILD_DIR)/nginx-ts --add-module=$(PKG_BUILD_DIR)/nginx-ubus-module
config_files += koi-utf koi-win win-utf fastcgi_params config_files += koi-utf koi-win win-utf fastcgi_params
endif endif
@ -306,7 +326,7 @@ define Package/nginx-mod-luci/default
SUBMENU:=Web Servers/Proxies SUBMENU:=Web Servers/Proxies
TITLE:=Support file for Nginx TITLE:=Support file for Nginx
URL:=http://nginx.org/ URL:=http://nginx.org/
DEPENDS:=+uwsgi-cgi +uwsgi-cgi-luci-support DEPENDS:=+uwsgi +uwsgi-luci-support
endef endef
define Package/nginx-mod-luci define Package/nginx-mod-luci
@ -396,6 +416,7 @@ define Build/Prepare
$(Prepare/nginx-rtmp) $(Prepare/nginx-rtmp)
$(Prepare/nginx-ts) $(Prepare/nginx-ts)
$(Prepare/nginx-dav-ext-module) $(Prepare/nginx-dav-ext-module)
$(Prepare/nginx-ubus-module)
endef endef
@ -403,34 +424,34 @@ ifeq ($(CONFIG_NGINX_HEADERS_MORE),y)
define Download/nginx-headers-more define Download/nginx-headers-more
VERSION:=a9f7c7e86cc7441d04e2f11f01c2e3a9c4b0301d VERSION:=a9f7c7e86cc7441d04e2f11f01c2e3a9c4b0301d
SUBDIR:=nginx-headers-more SUBDIR:=nginx-headers-more
FILE:=headers-more-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz FILE:=headers-more-nginx-module-$$(VERSION).tar.xz
URL:=https://github.com/openresty/headers-more-nginx-module.git URL:=https://github.com/openresty/headers-more-nginx-module.git
MIRROR_HASH:=432609015719aaa7241e5166c7cda427acbe004f725887f78ef629d51bd9cb3f MIRROR_HASH:=ce0b9996ecb2cff790831644d6ab1adc087aa2771d77d3931c06246d11bc59fd
PROTO:=git PROTO:=git
endef endef
$(eval $(call Download,nginx-headers-more)) $(eval $(call Download,nginx-headers-more))
define Prepare/nginx-headers-more define Prepare/nginx-headers-more
$(eval $(Download/nginx-headers-more)) $(eval $(Download/nginx-headers-more))
gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef endef
endif endif
ifeq ($(CONFIG_NGINX_HTTP_BROTLI),y) ifeq ($(CONFIG_NGINX_HTTP_BROTLI),y)
define Download/nginx-brotli define Download/nginx-brotli
VERSION:=e26248ee361c04e25f581b92b85d95681bdffb39 VERSION:=dc37f658ccb5a51d090dc09d1a2aca2f24309869
SUBDIR:=nginx-brotli SUBDIR:=nginx-brotli
FILE:=ngx-brotli-module-$(PKG_VERSION)-$$(VERSION).tar.gz FILE:=ngx-brotli-module-$$(VERSION).tar.xz
URL:=https://github.com/eustas/ngx_brotli.git URL:=https://github.com/eustas/ngx_brotli.git
MIRROR_HASH:=76b891ba49f82f0cfbc9cba875646e26ee986b522373e0aa2698a9923a4adcdb MIRROR_HASH:=6bc0c40ff24f6e0ac616dfddc803bdc7fcf54764ba9dc4f9cecb3a68beedcdaf
PROTO:=git PROTO:=git
endef endef
$(eval $(call Download,nginx-brotli)) $(eval $(call Download,nginx-brotli))
define Prepare/nginx-brotli define Prepare/nginx-brotli
$(eval $(Download/nginx-brotli)) $(eval $(Download/nginx-brotli))
gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef endef
endif endif
@ -439,16 +460,16 @@ ifeq ($(CONFIG_NGINX_RTMP_MODULE),y)
define Download/nginx-rtmp define Download/nginx-rtmp
VERSION:=f0ea62342a4eca504b311cd5df910d026c3ea4cf VERSION:=f0ea62342a4eca504b311cd5df910d026c3ea4cf
SUBDIR:=nginx-rtmp SUBDIR:=nginx-rtmp
FILE:=ngx-rtmp-module-$(PKG_VERSION)-$$(VERSION).tar.gz FILE:=ngx-rtmp-module-$$(VERSION).tar.xz
URL:=https://github.com/ut0mt8/nginx-rtmp-module.git URL:=https://github.com/ut0mt8/nginx-rtmp-module.git
MIRROR_HASH:=9ba7625718d21f658c4878729271832a07bd989165f1d1c720b3a9b54cf738cc MIRROR_HASH:=d3f58066f0f858ed79f7f2b0c9b89de2ccc512c94ab3d0625f6dcff3df0b72c1
PROTO:=git PROTO:=git
endef endef
$(eval $(call Download,nginx-rtmp)) $(eval $(call Download,nginx-rtmp))
define Prepare/nginx-rtmp define Prepare/nginx-rtmp
$(eval $(Download/nginx-rtmp)) $(eval $(Download/nginx-rtmp))
gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef endef
endif endif
@ -457,16 +478,16 @@ ifeq ($(CONFIG_NGINX_TS_MODULE),y)
define Download/nginx-ts define Download/nginx-ts
VERSION:=ef2f874d95cc75747eb625a292524a702aefb0fd VERSION:=ef2f874d95cc75747eb625a292524a702aefb0fd
SUBDIR:=nginx-ts SUBDIR:=nginx-ts
FILE:=ngx-ts-module-$(PKG_VERSION)-$$(VERSION).tar.gz FILE:=ngx-ts-module-$$(VERSION).tar.xz
URL:=https://github.com/arut/nginx-ts-module.git URL:=https://github.com/arut/nginx-ts-module.git
MIRROR_HASH:=31ecc9968b928886b54884138eafe2fa747648bca5094d4c3132e8ae9509d1d3 MIRROR_HASH:=73938950bb286d40d9e54b0994d1a63827340c1156c72eb04d7041b25b20ec18
PROTO:=git PROTO:=git
endef endef
$(eval $(call Download,nginx-ts)) $(eval $(call Download,nginx-ts))
define Prepare/nginx-ts define Prepare/nginx-ts
$(eval $(Download/nginx-ts)) $(eval $(Download/nginx-ts))
gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef endef
endif endif
@ -475,16 +496,16 @@ ifeq ($(CONFIG_NGINX_NAXSI),y)
define Download/nginx-naxsi define Download/nginx-naxsi
VERSION:=951123ad456bdf5ac94e8d8819342fe3d49bc002 VERSION:=951123ad456bdf5ac94e8d8819342fe3d49bc002
SUBDIR:=nginx-naxsi SUBDIR:=nginx-naxsi
FILE:=nginx-naxsi-module-$(PKG_VERSION)-$$(VERSION).tar.gz FILE:=nginx-naxsi-module-$$(VERSION).tar.xz
URL:=https://github.com/nbs-system/naxsi.git URL:=https://github.com/nbs-system/naxsi.git
MIRROR_HASH:=7ab791f2ff38096f48013141bbfe20ba213d5e04dcac08ca82e0cac07d5c30f0 MIRROR_HASH:=c734cae19a596affadd62a2df1b58d3df8d1364093a4e80a7cd1ab4555963535
PROTO:=git PROTO:=git
endef endef
$(eval $(call Download,nginx-naxsi)) $(eval $(call Download,nginx-naxsi))
define Prepare/nginx-naxsi define Prepare/nginx-naxsi
$(eval $(Download/nginx-naxsi)) $(eval $(Download/nginx-naxsi))
gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef endef
endif endif
@ -493,16 +514,16 @@ ifeq ($(CONFIG_NGINX_LUA),y)
define Download/lua-nginx define Download/lua-nginx
VERSION:=e94f2e5d64daa45ff396e262d8dab8e56f5f10e0 VERSION:=e94f2e5d64daa45ff396e262d8dab8e56f5f10e0
SUBDIR:=lua-nginx SUBDIR:=lua-nginx
FILE:=lua-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz FILE:=lua-nginx-module-$$(VERSION).tar.xz
URL:=https://github.com/openresty/lua-nginx-module.git URL:=https://github.com/openresty/lua-nginx-module.git
MIRROR_HASH:=ae439f9a8b3c34d7240735b844db72ee721af4791bbaff5692bca20e6785f541 MIRROR_HASH:=27729921964f066d97e99c263da153b34622a2f4b811114e4c3ee61c6fc71395
PROTO:=git PROTO:=git
endef endef
$(eval $(call Download,lua-nginx)) $(eval $(call Download,lua-nginx))
define Prepare/lua-nginx define Prepare/lua-nginx
$(eval $(Download/lua-nginx)) $(eval $(Download/lua-nginx))
gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
$(call PatchDir,$(PKG_BUILD_DIR),./patches-lua-nginx) $(call PatchDir,$(PKG_BUILD_DIR),./patches-lua-nginx)
endef endef
endif endif
@ -510,23 +531,41 @@ endif
ifeq ($(CONFIG_NGINX_DAV),y) ifeq ($(CONFIG_NGINX_DAV),y)
define Download/nginx-dav-ext-module define Download/nginx-dav-ext-module
VERSION:=430fd774fe838a04f1a5defbf1dd571d42300cf9 VERSION:=f5e30888a256136d9c550bf1ada77d6ea78a48af
SUBDIR:=nginx-dav-ext-module SUBDIR:=nginx-dav-ext-module
FILE:=nginx-dav-ext-module-$(PKG_VERSION)-$$(VERSION).tar.gz FILE:=nginx-dav-ext-module-$$(VERSION).tar.xz
URL:=https://github.com/arut/nginx-dav-ext-module.git URL:=https://github.com/arut/nginx-dav-ext-module.git
MIRROR_HASH:=0566053a8756423ecab455fd9d218cec1e017598fcbb3d6415a06f816851611e MIRROR_HASH:=70bb4c3907f4b783605500ba494e907aede11f8505702e370012abb3c177dc5b
PROTO:=git PROTO:=git
endef endef
$(eval $(call Download,nginx-dav-ext-module)) $(eval $(call Download,nginx-dav-ext-module))
define Prepare/nginx-dav-ext-module define Prepare/nginx-dav-ext-module
$(eval $(Download/nginx-dav-ext-module)) $(eval $(Download/nginx-dav-ext-module))
gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
$(call PatchDir,$(PKG_BUILD_DIR),./patches-dav-nginx)
endef
endif
ifeq ($(CONFIG_NGINX_UBUS),y)
define Download/nginx-ubus-module
VERSION:=f30b0167a2cdb40f23bd90928d601bdb0c1b8fad
SUBDIR:=nginx-ubus-module
FILE:=nginx-ubus-module-$$(VERSION).tar.xz
URL:=https://github.com/Ansuel/nginx-ubus-module.git
MIRROR_HASH:=02c7d4b0df7f4b69605e71b0fefdc99b5a9470c68cad7ccfb31ebefe4e7e0704
PROTO:=git
endef
$(eval $(call Download,nginx-ubus-module))
define Prepare/nginx-ubus-module
$(eval $(Download/nginx-ubus-module))
xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef endef
endif endif
$(eval $(call BuildPackage,nginx)) $(eval $(call BuildPackage,nginx))
$(eval $(call BuildPackage,nginx-ssl)) $(eval $(call BuildPackage,nginx-ssl))
$(eval $(call BuildPackage,nginx-all-module)) $(eval $(call BuildPackage,nginx-all-module))
#$(eval $(call BuildPackage,nginx-mod-luci)) $(eval $(call BuildPackage,nginx-mod-luci))
#$(eval $(call BuildPackage,nginx-mod-luci-ssl)) $(eval $(call BuildPackage,nginx-mod-luci-ssl))

13
nginx/files-luci-support/60_nginx-luci-support
View file

@ -25,4 +25,17 @@ if [ -f "/etc/nginx/luci_nginx.conf" ] && [ -f "/etc/nginx/nginx.conf" ]; then
fi fi
fi fi
if nginx -V 2>&1 | grep -q ubus; then
if [ -z "$(cat /etc/nginx/luci_uwsgi.conf | grep ubus)" ]; then
cat <<EOT >> /etc/nginx/luci_uwsgi.conf
location /ubus {
ubus_interpreter;
ubus_socket_path /var/run/ubus.sock;
ubus_parallel_req 2;
}
EOT
fi
fi
exit 0 exit 0

14
nginx/files-luci-support/luci_nginx.conf
View file

@ -1,5 +1,5 @@
user nobody nogroup; user root;
worker_processes 1; worker_processes 1;
#error_log logs/error.log; #error_log logs/error.log;
@ -20,7 +20,7 @@ http {
sendfile on; sendfile on;
keepalive_timeout 0; keepalive_timeout 0;
client_body_buffer_size 10K; client_body_buffer_size 10K;
client_header_buffer_size 1k; client_header_buffer_size 1k;
client_max_body_size 1G; client_max_body_size 1G;
@ -31,15 +31,15 @@ http {
gzip_vary on; gzip_vary on;
gzip_comp_level 1; gzip_comp_level 1;
gzip_proxied any; gzip_proxied any;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
index login.html;
root /www; root /www;
server { server {
listen 88 default_server; listen 80 default_server;
listen [::]:88 default_server; listen [::]:80 default_server;
server_name localhost; server_name localhost;
location ~* .(jpg|jpeg|png|gif|ico|css|js)$ { location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d; expires 365d;
} }

20
nginx/files-luci-support/luci_nginx_ssl.conf
View file

@ -20,7 +20,7 @@ http {
sendfile on; sendfile on;
keepalive_timeout 0; keepalive_timeout 0;
client_body_buffer_size 10K; client_body_buffer_size 10K;
client_header_buffer_size 1k; client_header_buffer_size 1k;
client_max_body_size 1G; client_max_body_size 1G;
@ -31,22 +31,22 @@ http {
gzip_vary on; gzip_vary on;
gzip_comp_level 1; gzip_comp_level 1;
gzip_proxied any; gzip_proxied any;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
index login.html;
root /www; root /www;
server { server {
listen 88 default_server; listen 80 default_server;
listen [::]:88 default_server; listen [::]:80 default_server;
server_name _; server_name _;
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
server { server {
listen 433 ssl default_server; listen 443 ssl default_server;
listen [::]:433 ssl default_server; listen [::]:443 ssl default_server;
server_name localhost; server_name localhost;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:DHE+AESGCM:DHE:!RSA!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!SEED"; ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:DHE+AESGCM:DHE:!RSA!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!SEED";
@ -54,7 +54,7 @@ http {
ssl_certificate /etc/nginx/nginx.cer; ssl_certificate /etc/nginx/nginx.cer;
ssl_certificate_key /etc/nginx/nginx.key; ssl_certificate_key /etc/nginx/nginx.key;
location ~* .(jpg|jpeg|png|gif|ico|css|js)$ { location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d; expires 365d;
} }

26
nginx/files-luci-support/luci_uwsgi.conf
View file

@ -1,19 +1,15 @@
location /cgi-bin/luci { location /cgi-bin/luci {
index index.html; index index.html;
uwsgi_param QUERY_STRING $query_string; include uwsgi_params;
uwsgi_param REQUEST_METHOD $request_method; uwsgi_param SERVER_ADDR $server_addr;
uwsgi_param CONTENT_TYPE $content_type; uwsgi_modifier1 9;
uwsgi_param CONTENT_LENGTH $content_length if_not_empty; uwsgi_pass unix:////var/run/luci-webui.socket;
uwsgi_param REQUEST_URI $request_uri; }
uwsgi_param PATH_INFO $document_uri; location ~ /cgi-bin/cgi-(backup|download|upload|exec) {
uwsgi_param SERVER_PROTOCOL $server_protocol; include uwsgi_params;
uwsgi_param REMOTE_ADDR $remote_addr; uwsgi_param SERVER_ADDR $server_addr;
uwsgi_param REMOTE_PORT $remote_port; uwsgi_modifier1 9;
uwsgi_param SERVER_ADDR $server_addr; uwsgi_pass unix:////var/run/luci-cgi_io.socket;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;
uwsgi_modifier1 9;
uwsgi_pass unix:////var/run/uwsgi.sock;
} }
location /luci-static { location /luci-static {

7
nginx/files/nginx.init
View file

@ -6,6 +6,13 @@ START=80
USE_PROCD=1 USE_PROCD=1
start_service() { start_service() {
[ -f /etc/init.d/uhttpd ] && {
/etc/init.d/uhttpd enabled && {
/etc/init.d/uhttpd stop
/etc/init.d/uhttpd disable
}
}
[ -d /var/log/nginx ] || mkdir -p /var/log/nginx [ -d /var/log/nginx ] || mkdir -p /var/log/nginx
[ -d /var/lib/nginx ] || mkdir -p /var/lib/nginx [ -d /var/lib/nginx ] || mkdir -p /var/lib/nginx

14
nginx/patches-dav-nginx/100-drop-libxslt-dep.patch Normal file
View file

@ -0,0 +1,14 @@
--- a/nginx-dav-ext-module/config 2018-12-17 08:45:12.000000000 +0000
+++ b/nginx-dav-ext-module/config 2019-10-11 13:49:41.446919258 +0000
@@ -8,9 +8,8 @@ ngx_module_name=ngx_http_dav_ext_module
# building nginx with the xslt module, in which case libxslt will
# be linked anyway. In other cases libxslt is just redundant.
# If that's a big deal, libxml2 can be linked directly:
-# ngx_module_libs=-lxml2
+ngx_module_libs=-lxml2
+ngx_module_incs=$(pkg-config --cflags-only-I libxml-2.0 | sed 's/^-I//')
-ngx_module_libs=LIBXSLT
-
ngx_module_srcs="$ngx_addon_dir/ngx_http_dav_ext_module.c"

579
nginx/patches-lua-nginx/101-add-lua-ngx-pipe.patch Normal file
View file

@ -0,0 +1,579 @@
Index: nginx-1.17.7/lua-nginx/config
===================================================================
--- nginx-1.17.7.orig/lua-nginx/config
+++ nginx-1.17.7/lua-nginx/config
@@ -362,6 +362,7 @@ HTTP_LUA_SRCS=" \
$ngx_addon_dir/src/ngx_http_lua_ssl.c \
$ngx_addon_dir/src/ngx_http_lua_log_ringbuf.c \
$ngx_addon_dir/src/ngx_http_lua_input_filters.c \
+ $ngx_addon_dir/src/ngx_http_lua_pipe.c \
"
HTTP_LUA_DEPS=" \
@@ -424,6 +425,7 @@ HTTP_LUA_DEPS=" \
$ngx_addon_dir/src/ngx_http_lua_ssl.h \
$ngx_addon_dir/src/ngx_http_lua_log_ringbuf.h \
$ngx_addon_dir/src/ngx_http_lua_input_filters.h \
+ $ngx_addon_dir/src/ngx_http_lua_pipe.h \
"
CFLAGS="$CFLAGS -DNDK_SET_VAR"
@@ -508,6 +510,51 @@ ngx_feature_test="int rc = malloc_trim((
SAVED_CC_TEST_FLAGS="$CC_TEST_FLAGS"
CC_TEST_FLAGS="-Werror -Wall $CC_TEST_FLAGS"
+. auto/feature
+
+CC_TEST_FLAGS="$SAVED_CC_TEST_FLAGS"
+
+# ----------------------------------------
+
+ngx_feature="pipe2"
+ngx_feature_libs=
+ngx_feature_name="NGX_HTTP_LUA_HAVE_PIPE2"
+ngx_feature_run=no
+ngx_feature_incs="#include <fcntl.h>"
+ngx_feature_test="int fd[2]; pipe2(fd, O_CLOEXEC|O_NONBLOCK);"
+SAVED_CC_TEST_FLAGS="$CC_TEST_FLAGS"
+CC_TEST_FLAGS="-Werror -Wall $CC_TEST_FLAGS"
+
+. auto/feature
+
+CC_TEST_FLAGS="$SAVED_CC_TEST_FLAGS"
+
+# ----------------------------------------
+
+ngx_feature="signalfd"
+ngx_feature_libs=
+ngx_feature_name="NGX_HTTP_LUA_HAVE_SIGNALFD"
+ngx_feature_run=no
+ngx_feature_incs="#include <sys/signalfd.h>"
+ngx_feature_test="sigset_t set; signalfd(-1, &set, SFD_NONBLOCK|SFD_CLOEXEC);"
+SAVED_CC_TEST_FLAGS="$CC_TEST_FLAGS"
+CC_TEST_FLAGS="-Werror -Wall $CC_TEST_FLAGS"
+
+. auto/feature
+
+CC_TEST_FLAGS="$SAVED_CC_TEST_FLAGS"
+
+# ----------------------------------------
+
+ngx_feature="execvpe"
+ngx_feature_libs=
+ngx_feature_name="NGX_HTTP_LUA_HAVE_EXECVPE"
+ngx_feature_run=no
+ngx_feature_incs=
+ngx_feature_test='char* argv[] = {"/bin/sh"};execvpe("/bin/sh", argv, NULL);'
+SAVED_CC_TEST_FLAGS="$CC_TEST_FLAGS"
+CC_TEST_FLAGS="-Werror -Wall $CC_TEST_FLAGS"
+
. auto/feature
CC_TEST_FLAGS="$SAVED_CC_TEST_FLAGS"
Index: nginx-1.17.7/lua-nginx/src/ngx_http_lua_initworkerby.c
===================================================================
--- nginx-1.17.7.orig/lua-nginx/src/ngx_http_lua_initworkerby.c
+++ nginx-1.17.7/lua-nginx/src/ngx_http_lua_initworkerby.c
@@ -12,6 +12,7 @@
#include "ngx_http_lua_initworkerby.h"
#include "ngx_http_lua_util.h"
+#include "ngx_http_lua_pipe.h"
static u_char *ngx_http_lua_log_init_worker_error(ngx_log_t *log,
@@ -65,6 +66,12 @@ ngx_http_lua_init_worker(ngx_cycle_t *cy
return NGX_OK;
}
+
+#ifdef HAVE_NGX_LUA_PIPE
+ if (ngx_http_lua_pipe_add_signal_handler(cycle) != NGX_OK) {
+ return NGX_ERROR;
+ }
+#endif
#endif /* NGX_WIN32 */
if (lmcf->init_worker_handler == NULL) {
Index: nginx-1.17.7/lua-nginx/src/ngx_http_lua_module.c
===================================================================
--- nginx-1.17.7.orig/lua-nginx/src/ngx_http_lua_module.c
+++ nginx-1.17.7/lua-nginx/src/ngx_http_lua_module.c
@@ -29,6 +29,7 @@
#include "ngx_http_lua_ssl_session_storeby.h"
#include "ngx_http_lua_ssl_session_fetchby.h"
#include "ngx_http_lua_headers.h"
+#include "ngx_http_lua_pipe.h"
static void *ngx_http_lua_create_main_conf(ngx_conf_t *cf);
@@ -734,6 +735,10 @@ ngx_http_lua_init(ngx_conf_t *cf)
cln->handler = ngx_http_lua_sema_mm_cleanup;
#endif
+#ifdef HAVE_NGX_LUA_PIPE
+ ngx_http_lua_pipe_init();
+#endif
+
#if nginx_version >= 1011011
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
Index: nginx-1.17.7/lua-nginx/src/ngx_http_lua_util.h
===================================================================
--- nginx-1.17.7.orig/lua-nginx/src/ngx_http_lua_util.h
+++ nginx-1.17.7/lua-nginx/src/ngx_http_lua_util.h
@@ -30,6 +30,12 @@ typedef struct {
* user code cache table */
extern char ngx_http_lua_code_cache_key;
+#define NGX_HTTP_LUA_CONTEXT_YIELDABLE (NGX_HTTP_LUA_CONTEXT_REWRITE \
+ | NGX_HTTP_LUA_CONTEXT_ACCESS \
+ | NGX_HTTP_LUA_CONTEXT_CONTENT \
+ | NGX_HTTP_LUA_CONTEXT_TIMER \
+ | NGX_HTTP_LUA_CONTEXT_SSL_CERT \
+ | NGX_HTTP_LUA_CONTEXT_SSL_SESS_FETCH)
/* key in Lua vm registry for all the "ngx.ctx" tables */
#define ngx_http_lua_ctx_tables_key "ngx_lua_ctx_tables"
Index: nginx-1.17.7/lua-nginx/src/ngx_http_lua_util.c
===================================================================
--- nginx-1.17.7.orig/lua-nginx/src/ngx_http_lua_util.c
+++ nginx-1.17.7/lua-nginx/src/ngx_http_lua_util.c
@@ -52,6 +52,7 @@
#include "ngx_http_lua_ssl_certby.h"
#include "ngx_http_lua_ssl.h"
#include "ngx_http_lua_log_ringbuf.h"
+#include "ngx_http_lua_pipe.h"
#if 1
@@ -744,6 +745,9 @@ ngx_http_lua_inject_ngx_api(lua_State *L
ngx_http_lua_inject_timer_api(L);
ngx_http_lua_inject_config_api(L);
ngx_http_lua_inject_worker_api(L);
+#ifdef HAVE_NGX_LUA_PIPE
+ ngx_http_lua_inject_pipe_api(L);
+#endif
ngx_http_lua_inject_misc_api(L);
Index: nginx-1.17.7/lua-nginx/src/ngx_http_lua_pipe.c
===================================================================
--- nginx-1.17.7.orig/lua-nginx/src/ngx_http_lua_pipe.c
+++ nginx-1.17.7/lua-nginx/src/ngx_http_lua_pipe.c
@@ -83,6 +83,7 @@ static void ngx_http_lua_pipe_proc_wait_
static ngx_rbtree_t ngx_http_lua_pipe_rbtree;
static ngx_rbtree_node_t ngx_http_lua_pipe_proc_sentinel;
+static char ngx_http_lua_proc_metatable_key;
#if (NGX_HTTP_LUA_HAVE_SIGNALFD)
static int ngx_http_lua_signalfd;
@@ -418,6 +419,8 @@ ngx_http_lua_pipe_sigchld_event_handler(
*/
ngx_post_event((&pipe_node->wait_co_ctx->sleep),
&ngx_posted_events);
+ } else {
+ ngx_http_lua_pipe_proc_finalize(pipe_node->proc);
}
pipe_node->proc->pipe->dead = 1;
@@ -2090,7 +2093,31 @@ ngx_http_lua_pipe_read_retval_helper(ngx
rc = ngx_http_lua_pipe_read(pipe, pipe_ctx);
if (rc != NGX_AGAIN) {
- return 0;
+ size_t buf_size = 4096;
+
+ while (1) {
+ u_char *buf, *p;
+
+ buf = ngx_pcalloc(pipe->pool, buf_size);
+ if (!buf) {
+ lua_pushnil(L);
+ lua_pushliteral(L, "no memory");
+ return 2;
+ }
+
+ p = buf;
+
+ ngx_http_lua_pipe_put_data(pipe, pipe_ctx, &p, &buf_size);
+ if (!p) {
+ ngx_pfree(pipe->pool, buf);
+ continue;
+ }
+
+ lua_pushlstring(L, (char *)buf, buf_size);
+ ngx_pfree(pipe->pool, buf);
+ break;
+ }
+ return 1;
}
rev = pipe_ctx->c->read;
@@ -2493,6 +2520,353 @@ ngx_http_lua_pipe_proc_wait_cleanup(void
wait_co_ctx->cleanup = NULL;
}
+static int lua_table_array_cnt(lua_State *L, int idx)
+{
+ int n = 0;
+
+ if (idx < 0)
+ idx = lua_gettop(L) + idx + 1;
+
+ if (!lua_istable(L, idx))
+ return 0;
+
+ lua_pushnil(L); /* stack: table key */
+
+ while (lua_next(L, idx)) { /* stack: table key value */
+ if (lua_type(L, -2) == LUA_TNUMBER) {
+ lua_Number idx = lua_tonumber(L, -2);
+ if (floor(idx) != idx || idx != n + 1)
+ goto non_array;
+ n++;
+ lua_pop(L, 1); /* stack: table key */
+ continue;
+ }
+non_array:
+ lua_pop(L, 2);
+ break;
+ }
+
+ return n;
+}
+
+static void ngx_http_lua_ngx_pipe_set_opt(lua_State *L, int idx, const char *name, int *val)
+{
+ lua_getfield(L, idx, name);
+ if (!lua_isnil(L, -1))
+ *val = lua_tointeger(L, -1);
+ lua_pop(L, 1);
+}
+
+static int ngx_http_lua_ngx_pipe_spawn(lua_State *L)
+{
+ ngx_http_lua_ffi_pipe_proc_t *proc;
+ int merge_stderr = 0;
+ int buffer_size = 4096;
+ int write_timeout = 10000;
+ int stdout_read_timeout = 10000;
+ int stderr_read_timeout = 10000;
+ int wait_timeout = 10000;
+ const char **args = NULL, **envs = NULL;
+ u_char errbuf[512] = "";
+ size_t errbuf_size = sizeof(errbuf);
+ ngx_http_request_t *r;
+ int rc = 1;
+
+ r = ngx_http_lua_get_req(L);
+ if (!r)
+ return luaL_error(L, "no request found");
+
+ if (lua_istable(L, 1)) {
+ int nargs = lua_table_array_cnt(L, 1);
+
+ if (nargs == 0)
+ return luaL_error(L, "bad args arg: non-empty table expected");
+
+ args = ngx_pcalloc(r->pool, sizeof(char *) * (nargs + 1));
+
+ for (int i = 0; i < nargs; i++) {
+ lua_rawgeti(L, 1, i + 1);
+ args[i] = lua_tostring(L, -1);
+ lua_pop(L, 1);
+ }
+ } else if (lua_isstring(L, 1)) {
+ args = ngx_pcalloc(r->pool, sizeof(char *) * 4);
+ args[0] = "/bin/sh";
+ args[1] = "-c";
+ args[2] = lua_tostring(L, 1);
+ } else {
+ return luaL_error(L, "bad args arg: table expected, got '%s'", lua_typename(L, lua_type(L, 1)));
+ }
+
+ if (lua_istable(L, 2)) {
+ lua_getfield(L, 2, "merge_stderr");
+ merge_stderr = lua_toboolean(L, -1);
+ lua_pop(L, 1);
+
+ ngx_http_lua_ngx_pipe_set_opt(L, 2, "buffer_size", &buffer_size);
+ ngx_http_lua_ngx_pipe_set_opt(L, 2, "write_timeout", &write_timeout);
+ ngx_http_lua_ngx_pipe_set_opt(L, 2, "stdout_read_timeout", &stdout_read_timeout);
+ ngx_http_lua_ngx_pipe_set_opt(L, 2, "stderr_read_timeout", &stderr_read_timeout);
+ ngx_http_lua_ngx_pipe_set_opt(L, 2, "wait_timeout", &wait_timeout);
+
+ lua_getfield(L, 2, "environ");
+ if (lua_istable(L, -1)) {
+ int nenv = lua_table_array_cnt(L, -1);
+
+ envs = ngx_pcalloc(r->pool, sizeof(char *) * (nenv + 1));
+
+ for (int i = 0; i < nenv; i++) {
+ lua_rawgeti(L, -1, i + 1);
+ envs[i] = lua_tostring(L, -1);
+ lua_pop(L, 1);
+ }
+ }
+ lua_pop(L, 1);
+ }
+
+ proc = lua_newuserdata(L, sizeof(ngx_http_lua_ffi_pipe_proc_t));
+ if (!proc) {
+ lua_pushnil(L);
+ lua_pushliteral(L, "no memory");
+ rc = 2;
+ goto free_mem;
+ }
+
+ proc->write_timeout = write_timeout;
+ proc->stdout_read_timeout = stdout_read_timeout;
+ proc->stderr_read_timeout = stderr_read_timeout;
+ proc->wait_timeout = wait_timeout;
+
+ lua_pushlightuserdata(L, &ngx_http_lua_proc_metatable_key);
+ lua_rawget(L, LUA_REGISTRYINDEX);
+ lua_setmetatable(L, -2);
+
+ rc = ngx_http_lua_ffi_pipe_spawn(proc, args[0], args, merge_stderr, buffer_size, envs,
+ errbuf, &errbuf_size);
+ if (rc != NGX_OK) {
+ lua_pushnil(L);
+ lua_pushlstring(L, (char *)errbuf, errbuf_size);
+ rc = 2;
+ } else {
+ rc = 1;
+ }
+
+free_mem:
+ if (args)
+ ngx_pfree(r->pool, args);
+ if (envs)
+ ngx_pfree(r->pool, envs);
+ return rc;
+}
+
+static int ngx_http_lua_proc_pid(lua_State *L)
+{
+ ngx_http_lua_ffi_pipe_proc_t *proc = lua_touserdata(L, 1);
+
+ lua_pushinteger(L, proc->_pid);
+ return 1;
+}
+
+static int ngx_http_lua_proc_wait(lua_State *L)
+{
+ ngx_http_lua_ffi_pipe_proc_t *proc = lua_touserdata(L, 1);
+ ngx_http_request_t *r;
+ char *reason;
+ int status;
+ u_char errbuf[128] = "";
+ size_t errbuf_size = sizeof(errbuf);
+ int rc;
+
+ r = ngx_http_lua_get_req(L);
+ if (!r)
+ return luaL_error(L, "no request found");
+
+ rc = ngx_http_lua_ffi_pipe_proc_wait(r, proc, &reason, &status, errbuf, &errbuf_size);
+ switch (rc) {
+ case NGX_OK:
+ lua_pushboolean(L, 1);
+ lua_pushstring(L, reason);
+ lua_pushinteger(L, status);
+ return 3;
+ case NGX_DECLINED:
+ lua_pushboolean(L, 0);
+ lua_pushstring(L, reason);
+ lua_pushinteger(L, status);
+ return 3;
+ case NGX_ERROR:
+ lua_pushnil(L);
+ lua_pushlstring(L, (char *)errbuf, errbuf_size);
+ return 2;
+ default:
+ return lua_yield(L, 0);
+ }
+}
+
+static int ngx_http_lua_proc_kill(lua_State *L)
+{
+ ngx_http_lua_ffi_pipe_proc_t *proc = lua_touserdata(L, 1);
+ u_char errbuf[128] = "";
+ size_t errbuf_size = sizeof(errbuf);
+ int signal;
+ int rc;
+
+ signal = luaL_checkinteger(L, 2);
+
+ rc = ngx_http_lua_ffi_pipe_proc_kill(proc, signal, errbuf, &errbuf_size);
+ if (rc == NGX_OK) {
+ lua_pushnil(L);
+ lua_pushlstring(L, (char *)errbuf, errbuf_size);
+ return 2;
+ }
+
+ lua_pushboolean(L, 1);
+ return 1;
+}
+
+static int ngx_http_lua_proc_read(lua_State *L, int from_stderr, int reader_type)
+{
+ ngx_http_lua_ffi_pipe_proc_t *proc = lua_touserdata(L, 1);
+ ssize_t len = lua_tointeger(L, 2);
+ ngx_http_lua_pipe_ctx_t *pipe_ctx;
+ ngx_http_request_t *r;
+ u_char *buf, *p;
+ size_t buf_size = 4096;
+ u_char errbuf[128] = "";
+ size_t errbuf_size = sizeof(errbuf);
+ int rc;
+
+ switch (reader_type) {
+ case PIPE_READ_BYTES:
+ if (len <= 0) {
+ if (len < 0)
+ return luaL_error(L, "bad len argument");
+ lua_pushliteral(L, "");
+ return 1;
+ }
+ break;
+ case PIPE_READ_ANY:
+ if (len <= 0)
+ return luaL_error(L, "bad max argument");
+ break;
+ default:
+ len = 0;
+ break;
+ }
+
+ r = ngx_http_lua_get_req(L);
+ if (!r)
+ return luaL_error(L, "no request found");
+
+ buf = ngx_pcalloc(proc->pipe->pool, buf_size);
+ p = buf;
+
+ if (!p) {
+ lua_pushnil(L);
+ lua_pushliteral(L, "no memory");
+ return 2;
+ }
+
+ rc = ngx_http_lua_ffi_pipe_proc_read(r, proc, from_stderr, reader_type, len, &p,
+ &buf_size, errbuf,
+ &errbuf_size);
+ if (rc == NGX_OK || rc == NGX_DECLINED) {
+ if (!p) {
+ if (from_stderr)
+ pipe_ctx = proc->pipe->stderr_ctx;
+ else
+ pipe_ctx = proc->pipe->stdout_ctx;
+
+ ngx_pfree(proc->pipe->pool, buf);
+
+ buf = ngx_pcalloc(proc->pipe->pool, buf_size);
+ if (!buf) {
+ lua_pushnil(L);
+ lua_pushliteral(L, "no memory");
+ return 2;
+ }
+ ngx_http_lua_pipe_put_data(proc->pipe, pipe_ctx, &buf, &buf_size);
+ }
+
+ if (rc == NGX_OK) {
+ lua_pushlstring(L, (char *)buf, buf_size);
+ ngx_pfree(proc->pipe->pool, buf);
+ return 1;
+ }
+
+ lua_pushnil(L);
+ lua_pushlstring(L, (char *)errbuf, errbuf_size);
+ lua_pushlstring(L, (char *)buf, buf_size);
+ ngx_pfree(proc->pipe->pool, buf);
+ return 3;
+ }
+
+ if (rc == NGX_ERROR) {
+ lua_pushnil(L);
+ lua_pushlstring(L, (char *)errbuf, errbuf_size);
+ ngx_pfree(proc->pipe->pool, buf);
+ return 2;
+ }
+
+ ngx_pfree(proc->pipe->pool, buf);
+
+ return lua_yield(L, 0);
+}
+
+#define NGX_LUA_PIPE_DEF_READ_FUN(name, from_stderr, reader_type) \
+ static int ngx_http_lua_proc_##name(lua_State *L) \
+ { \
+ return ngx_http_lua_proc_read(L, from_stderr, reader_type); \
+ }
+
+NGX_LUA_PIPE_DEF_READ_FUN(stdout_read_all, 0, PIPE_READ_ALL)
+NGX_LUA_PIPE_DEF_READ_FUN(stdout_read_bytes, 0, PIPE_READ_BYTES)
+NGX_LUA_PIPE_DEF_READ_FUN(stdout_read_line, 0, PIPE_READ_LINE)
+NGX_LUA_PIPE_DEF_READ_FUN(stdout_read_any, 0, PIPE_READ_ANY)
+
+NGX_LUA_PIPE_DEF_READ_FUN(stderr_read_all, 1, PIPE_READ_ALL)
+NGX_LUA_PIPE_DEF_READ_FUN(stderr_read_bytes, 1, PIPE_READ_BYTES)
+NGX_LUA_PIPE_DEF_READ_FUN(stderr_read_line, 1, PIPE_READ_LINE)
+NGX_LUA_PIPE_DEF_READ_FUN(stderr_read_any, 1, PIPE_READ_ANY)
+
+#define NGX_LUA_PIPE_ADD_FUN(name) \
+ do { \
+ lua_pushcfunction(L, ngx_http_lua_proc_##name); \
+ lua_setfield(L, -2, #name); \
+ } while (0)
+
+void ngx_http_lua_inject_pipe_api(lua_State *L)
+{
+ lua_createtable(L, 0 /* narr */, 1 /* nrec */); /* ngx.pipe. */
+
+ lua_pushcfunction(L, ngx_http_lua_ngx_pipe_spawn);
+ lua_setfield(L, -2, "spawn");
+
+ lua_setfield(L, -2, "pipe");
+
+ /* {{{proc object metatable */
+ lua_pushlightuserdata(L, &ngx_http_lua_proc_metatable_key);
+
+ lua_createtable(L, 0 /* narr */, 2 /* nrec */); /* mt */
+
+ lua_createtable(L, 0 /* narr */, 11 /* nrec */); /* __index */
+
+ NGX_LUA_PIPE_ADD_FUN(pid);
+ NGX_LUA_PIPE_ADD_FUN(wait);
+ NGX_LUA_PIPE_ADD_FUN(kill);
+ NGX_LUA_PIPE_ADD_FUN(stdout_read_all);
+ NGX_LUA_PIPE_ADD_FUN(stdout_read_bytes);
+ NGX_LUA_PIPE_ADD_FUN(stdout_read_line);
+ NGX_LUA_PIPE_ADD_FUN(stdout_read_any);
+ NGX_LUA_PIPE_ADD_FUN(stderr_read_all);
+ NGX_LUA_PIPE_ADD_FUN(stderr_read_bytes);
+ NGX_LUA_PIPE_ADD_FUN(stderr_read_line);
+ NGX_LUA_PIPE_ADD_FUN(stderr_read_any);
+
+ lua_setfield(L, -2, "__index");
+
+ lua_rawset(L, LUA_REGISTRYINDEX);
+ /* }}} */
+}
#endif /* HAVE_NGX_LUA_PIPE */
Index: nginx-1.17.7/lua-nginx/src/ngx_http_lua_pipe.h
===================================================================
--- nginx-1.17.7.orig/lua-nginx/src/ngx_http_lua_pipe.h
+++ nginx-1.17.7/lua-nginx/src/ngx_http_lua_pipe.h
@@ -86,6 +86,7 @@ typedef struct {
void ngx_http_lua_pipe_init(void);
ngx_int_t ngx_http_lua_pipe_add_signal_handler(ngx_cycle_t *cycle);
+void ngx_http_lua_inject_pipe_api(lua_State *L);
#endif

2
nginx/patches/201-ignore-invalid-options.patch
View file

@ -1,6 +1,6 @@
--- a/auto/options --- a/auto/options
+++ b/auto/options +++ b/auto/options
@@ -397,8 +397,7 @@ $0: warning: the \"--with-sha1-asm\" opt @@ -396,8 +396,7 @@ $0: warning: the \"--with-sha1-asm\" opt
--test-build-solaris-sendfilev) NGX_TEST_BUILD_SOLARIS_SENDFILEV=YES ;; --test-build-solaris-sendfilev) NGX_TEST_BUILD_SOLARIS_SENDFILEV=YES ;;
*) *)

174
nginx/patches/400-socket-cloexec.patch Normal file
View file

@ -0,0 +1,174 @@
Index: nginx-1.17.7/auto/unix
===================================================================
--- nginx-1.17.7.orig/auto/unix
+++ nginx-1.17.7/auto/unix
@@ -1037,3 +1037,27 @@ ngx_feature_test='struct addrinfo *res;
if (getaddrinfo("localhost", NULL, NULL, &res) != 0) return 1;
freeaddrinfo(res)'
. auto/feature
+
+ngx_feature="SOCK_CLOEXEC support"
+ngx_feature_name="NGX_HAVE_SOCKET_CLOEXEC"
+ngx_feature_run=no
+ngx_feature_incs="#include <sys/types.h>
+ #include <sys/socket.h>"
+ngx_feature_path=
+ngx_feature_libs=
+ngx_feature_test="int fd;
+ fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);"
+. auto/feature
+
+ngx_feature="FD_CLOEXEC support"
+ngx_feature_name="NGX_HAVE_FD_CLOEXEC"
+ngx_feature_run=no
+ngx_feature_incs="#include <sys/types.h>
+ #include <sys/socket.h>
+ #include <fcntl.h>"
+ngx_feature_path=
+ngx_feature_libs=
+ngx_feature_test="int fd;
+ fd = socket(AF_INET, SOCK_STREAM, 0);
+ fcntl(fd, F_SETFD, FD_CLOEXEC);"
+. auto/feature
Index: nginx-1.17.7/src/core/ngx_resolver.c
===================================================================
--- nginx-1.17.7.orig/src/core/ngx_resolver.c
+++ nginx-1.17.7/src/core/ngx_resolver.c
@@ -4492,7 +4492,11 @@ ngx_tcp_connect(ngx_resolver_connection_
ngx_event_t *rev, *wev;
ngx_connection_t *c;
+#if (NGX_HAVE_SOCKET_CLOEXEC)
+ s = ngx_socket(rec->sockaddr->sa_family, SOCK_STREAM | SOCK_CLOEXEC, 0);
+#else
s = ngx_socket(rec->sockaddr->sa_family, SOCK_STREAM, 0);
+#endif
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, &rec->log, 0, "TCP socket %d", s);
@@ -4520,6 +4524,15 @@ ngx_tcp_connect(ngx_resolver_connection_
goto failed;
}
+#if (NGX_HAVE_FD_CLOEXEC)
+ if (ngx_cloexec(s) == -1) {
+ ngx_log_error(NGX_LOG_ALERT, &rec->log, ngx_socket_errno,
+ ngx_cloexec_n " failed");
+
+ goto failed;
+ }
+#endif
+
rev = c->read;
wev = c->write;
Index: nginx-1.17.7/src/event/ngx_event.h
===================================================================
--- nginx-1.17.7.orig/src/event/ngx_event.h
+++ nginx-1.17.7/src/event/ngx_event.h
@@ -73,6 +73,9 @@ struct ngx_event_s {
/* to test on worker exit */
unsigned channel:1;
unsigned resolver:1;
+#if (HAVE_SOCKET_CLOEXEC_PATCH)
+ unsigned skip_socket_leak_check:1;
+#endif
unsigned cancelable:1;
Index: nginx-1.17.7/src/event/ngx_event_accept.c
===================================================================
--- nginx-1.17.7.orig/src/event/ngx_event_accept.c
+++ nginx-1.17.7/src/event/ngx_event_accept.c
@@ -57,7 +57,7 @@ ngx_event_accept(ngx_event_t *ev)
#if (NGX_HAVE_ACCEPT4)
if (use_accept4) {
- s = accept4(lc->fd, &sa.sockaddr, &socklen, SOCK_NONBLOCK);
+ s = accept4(lc->fd, &sa.sockaddr, &socklen, SOCK_NONBLOCK | SOCK_CLOEXEC);
} else {
s = accept(lc->fd, &sa.sockaddr, &socklen);
}
@@ -197,6 +197,14 @@ ngx_event_accept(ngx_event_t *ev)
ngx_close_accepted_connection(c);
return;
}
+#if (NGX_HAVE_FD_CLOEXEC)
+ if (ngx_cloexec(s) == -1) {
+ ngx_log_error(NGX_LOG_ALERT, ev->log, ngx_socket_errno,
+ ngx_cloexec_n " failed");
+ ngx_close_accepted_connection(c);
+ return;
+ }
+#endif
}
}
Index: nginx-1.17.7/src/event/ngx_event_connect.c
===================================================================
--- nginx-1.17.7.orig/src/event/ngx_event_connect.c
+++ nginx-1.17.7/src/event/ngx_event_connect.c
@@ -38,7 +38,11 @@ ngx_event_connect_peer(ngx_peer_connecti
type = (pc->type ? pc->type : SOCK_STREAM);
+#if (NGX_HAVE_SOCKET_CLOEXEC)
+ s = ngx_socket(pc->sockaddr->sa_family, type | SOCK_CLOEXEC, 0);
+#else
s = ngx_socket(pc->sockaddr->sa_family, type, 0);
+#endif
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pc->log, 0, "%s socket %d",
(type == SOCK_STREAM) ? "stream" : "dgram", s);
@@ -92,6 +96,15 @@ ngx_event_connect_peer(ngx_peer_connecti
goto failed;
}
+#if (NGX_HAVE_FD_CLOEXEC)
+ if (ngx_cloexec(s) == -1) {
+ ngx_log_error(NGX_LOG_ALERT, pc->log, ngx_socket_errno,
+ ngx_cloexec_n " failed");
+
+ goto failed;
+ }
+#endif
+
if (pc->local) {
#if (NGX_HAVE_TRANSPARENT_PROXY)
Index: nginx-1.17.7/src/os/unix/ngx_process_cycle.c
===================================================================
--- nginx-1.17.7.orig/src/os/unix/ngx_process_cycle.c
+++ nginx-1.17.7/src/os/unix/ngx_process_cycle.c
@@ -991,6 +991,9 @@ ngx_worker_process_exit(ngx_cycle_t *cyc
for (i = 0; i < cycle->connection_n; i++) {
if (c[i].fd != -1
&& c[i].read
+#if (HAVE_SOCKET_CLOEXEC_PATCH)
+ && !c[i].read->skip_socket_leak_check
+#endif
&& !c[i].read->accept
&& !c[i].read->channel
&& !c[i].read->resolver)
Index: nginx-1.17.7/src/os/unix/ngx_socket.h
===================================================================
--- nginx-1.17.7.orig/src/os/unix/ngx_socket.h
+++ nginx-1.17.7/src/os/unix/ngx_socket.h
@@ -45,6 +45,17 @@ int ngx_blocking(ngx_socket_t s);
#endif
+#if (NGX_HAVE_FD_CLOEXEC)
+
+#define ngx_cloexec(s) fcntl(s, F_SETFD, FD_CLOEXEC)
+#define ngx_cloexec_n "fcntl(FD_CLOEXEC)"
+
+/* at least FD_CLOEXEC is required to ensure connection fd is closed
+ * after execve */
+#define HAVE_SOCKET_CLOEXEC_PATCH 1
+
+#endif
+
int ngx_tcp_nopush(ngx_socket_t s);
int ngx_tcp_push(ngx_socket_t s);

2499
nginx/src/lua-nginx/src/ngx_http_lua_pipe.c Normal file
View file

File diff suppressed because it is too large Load diff

94
nginx/src/lua-nginx/src/ngx_http_lua_pipe.h Normal file
View file

@ -0,0 +1,94 @@
/*
* Copyright (C) by OpenResty Inc.
*/
#ifndef _NGX_HTTP_LUA_PIPE_H_INCLUDED_
#define _NGX_HTTP_LUA_PIPE_H_INCLUDED_
#include "ngx_http_lua_common.h"
typedef ngx_int_t (*ngx_http_lua_pipe_input_filter)(void *data, ssize_t bytes);
typedef struct {
ngx_connection_t *c;
ngx_http_lua_pipe_input_filter input_filter;
void *input_filter_ctx;
size_t rest;
ngx_chain_t *buf_in;
ngx_chain_t *bufs_in;
ngx_buf_t buffer;
ngx_err_t pipe_errno;
unsigned err_type:16;
unsigned eof:1;
} ngx_http_lua_pipe_ctx_t;
typedef struct ngx_http_lua_pipe_s ngx_http_lua_pipe_t;
typedef struct {
ngx_pid_t _pid;
ngx_msec_t write_timeout;
ngx_msec_t stdout_read_timeout;
ngx_msec_t stderr_read_timeout;
ngx_msec_t wait_timeout;
/* pipe hides the implementation from the Lua binding */
ngx_http_lua_pipe_t *pipe;
} ngx_http_lua_ffi_pipe_proc_t;
typedef int (*ngx_http_lua_pipe_retval_handler)(
ngx_http_lua_ffi_pipe_proc_t *proc, lua_State *L);
struct ngx_http_lua_pipe_s {
ngx_pool_t *pool;
ngx_chain_t *free_bufs;
ngx_rbtree_node_t *node;
int stdin_fd;
int stdout_fd;
int stderr_fd;
ngx_http_lua_pipe_ctx_t *stdin_ctx;
ngx_http_lua_pipe_ctx_t *stdout_ctx;
ngx_http_lua_pipe_ctx_t *stderr_ctx;
ngx_http_lua_pipe_retval_handler retval_handler;
size_t buffer_size;
unsigned closed:1;
unsigned dead:1;
unsigned timeout:1;
unsigned merge_stderr:1;
};
typedef struct {
u_char color;
u_char reason_code;
int status;
ngx_http_lua_co_ctx_t *wait_co_ctx;
ngx_http_lua_ffi_pipe_proc_t *proc;
} ngx_http_lua_pipe_node_t;
typedef struct {
int signo;
char *signame;
} ngx_http_lua_pipe_signal_t;
#if !(NGX_WIN32) && defined(HAVE_SOCKET_CLOEXEC_PATCH)
#define HAVE_NGX_LUA_PIPE 1
void ngx_http_lua_pipe_init(void);
ngx_int_t ngx_http_lua_pipe_add_signal_handler(ngx_cycle_t *cycle);
#endif
#endif /* _NGX_HTTP_LUA_PIPE_H_INCLUDED_ */
/* vi:set ft=c ts=4 sw=4 et fdm=marker: */