From 9da2042b0866ed727929d7d5678ef076e682dcb1 Mon Sep 17 00:00:00 2001 From: Ycarus Date: Wed, 12 Dec 2018 21:28:20 +0100 Subject: [PATCH] Update to latest nginx package --- luci-app-nginx-ha/Makefile | 2 +- nginx/Config.in | 7 ++- nginx/Config_ssl.in | 9 +-- nginx/Makefile | 60 ++++++++++++------ nginx/files-luci-support/luci_nginx.conf | 40 ++++++------ nginx/files-luci-support/luci_nginx_ssl.conf | 62 +++++++++---------- nginx/files-luci-support/luci_uwsgi.conf | 34 +++++----- nginx/patches/101-feature_test_fix.patch | 9 +++ .../patches/201-ignore-invalid-options.patch | 2 +- 9 files changed, 128 insertions(+), 97 deletions(-) diff --git a/luci-app-nginx-ha/Makefile b/luci-app-nginx-ha/Makefile index 267d00238..2cdad84f7 100644 --- a/luci-app-nginx-ha/Makefile +++ b/luci-app-nginx-ha/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk LUCI_TITLE:=LuCI Support for nginx load balancing LUCI_DEPENDS:=+nginx -KCONFIG:=CONFIG_NGINX_STREAM +KCONFIG:=CONFIG_NGINX_STREAM_CORE_MODULE PKG_LICENSE:=MIT diff --git a/nginx/Config.in b/nginx/Config.in index c2c9882c2..68b037098 100644 --- a/nginx/Config.in +++ b/nginx/Config.in @@ -220,12 +220,12 @@ config NGINX_HTTP_BROTLI help Add support for brotli compression module. default n - -config NGINX_STREAM + +config NGINX_STREAM_CORE_MODULE bool prompt "Enable stream support" help - Add support for stream module. + Add support for NGINX request streaming. default y config NGINX_RTMP_MODULE @@ -234,6 +234,7 @@ config NGINX_RTMP_MODULE depends on NGINX_SSL help Add support for NGINX-based Media Streaming Server module. + DASH enhanced - https://github.com/ut0mt8/nginx-rtmp-module default n config NGINX_TS_MODULE diff --git a/nginx/Config_ssl.in b/nginx/Config_ssl.in index 90d8098d2..9325fba51 100644 --- a/nginx/Config_ssl.in +++ b/nginx/Config_ssl.in @@ -213,12 +213,12 @@ config NGINX_HTTP_BROTLI help Add support for brotli compression module. default n - -config NGINX_STREAM + +config NGINX_STREAM_CORE_MODULE bool - prompt "Enable stream module" + prompt "Enable stream support" help - Add support for stream module. + Add support for NGINX request streaming. default n config NGINX_RTMP_MODULE @@ -226,6 +226,7 @@ config NGINX_RTMP_MODULE prompt "Enable RTMP module" help Add support for NGINX-based Media Streaming Server module. + DASH enhanced - https://github.com/ut0mt8/nginx-rtmp-module default n config NGINX_TS_MODULE diff --git a/nginx/Makefile b/nginx/Makefile index 763e41222..31448b1be 100644 --- a/nginx/Makefile +++ b/nginx/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx -PKG_VERSION:=1.15.1 -PKG_RELEASE:=5 +PKG_VERSION:=1.15.7 +PKG_RELEASE:=2 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://nginx.org/download/ -PKG_HASH:=c7206858d7f832b8ef73a45c9b8f8e436bcb1ee88db2bc85b8e438ecec9d5460 +PKG_HASH:=8f22ea2f6c0e0a221b6ddc02b6428a3ff708e2ad55f9361102b1c9f4142bdf93 PKG_MAINTAINER:=Thomas Heil \ Ansuel Smith @@ -65,8 +65,8 @@ PKG_CONFIG_DEPENDS := \ CONFIG_NGINX_HTTP_REAL_IP \ CONFIG_NGINX_HTTP_SECURE_LINK \ CONFIG_NGINX_HTTP_BROTLI \ - CONFIG_NGINX_STREAM \ CONFIG_NGINX_HEADERS_MORE \ + CONFIG_NGINX_STREAM_CORE_MODULE \ CONFIG_NGINX_RTMP_MODULE \ CONFIG_NGINX_TS_MODULE \ @@ -79,7 +79,7 @@ define Package/nginx/default TITLE:=Nginx web server URL:=http://nginx.org/ DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl \ - +NGINX_HTTP_GZIP:zlib +NGINX_LUA:liblua +libpthread + +NGINX_HTTP_GZIP:zlib +NGINX_LUA:liblua +libpthread +NGINX_DAV:libexpat endef define Package/nginx/description @@ -108,7 +108,7 @@ Package/nginx-ssl/description = $(Package/nginx/description) \ define Package/nginx-all-module $(Package/nginx/default) TITLE += with ALL module selected - DEPENDS:=+libpcre +libopenssl +zlib +liblua +libpthread + DEPENDS:=+libpcre +libopenssl +zlib +liblua +libpthread +libexpat VARIANT:=all-module PROVIDES:=nginx endef @@ -248,7 +248,7 @@ ifneq ($(BUILD_VARIANT),all-module) ADDITIONAL_MODULES += --with-http_flv_module endif ifeq ($(CONFIG_NGINX_DAV),y) - ADDITIONAL_MODULES += --with-http_dav_module + ADDITIONAL_MODULES += --with-http_dav_module --add-module=$(PKG_BUILD_DIR)/nginx-dav-ext-module endif ifeq ($(CONFIG_NGINX_HTTP_AUTH_REQUEST),y) ADDITIONAL_MODULES += --with-http_auth_request_module @@ -265,15 +265,15 @@ ifneq ($(BUILD_VARIANT),all-module) ifeq ($(CONFIG_NGINX_HTTP_SUB),y) ADDITIONAL_MODULES += --with-http_sub_module endif + ifeq ($(CONFIG_NGINX_STREAM_CORE_MODULE),y) + ADDITIONAL_MODULES += --with-stream + endif ifeq ($(CONFIG_NGINX_HEADERS_MORE),y) ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-headers-more endif ifeq ($(CONFIG_NGINX_HTTP_BROTLI),y) ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-brotli endif - ifeq ($(CONFIG_NGINX_STREAM),y) - ADDITIONAL_MODULES += --with-stream - endif ifeq ($(CONFIG_NGINX_RTMP_MODULE),y) ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-rtmp endif @@ -287,10 +287,13 @@ else CONFIG_NGINX_TS_MODULE:=y CONFIG_NGINX_NAXSI:=y CONFIG_NGINX_LUA:=y + CONFIG_NGINX_DAV:=y ADDITIONAL_MODULES += --with-http_ssl_module --add-module=$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_src \ --add-module=$(PKG_BUILD_DIR)/lua-nginx --with-ipv6 --with-http_stub_status_module --with-http_flv_module \ - --with-http_dav_module --with-stream --with-http_auth_request_module --with-http_v2_module --with-http_realip_module \ + --with-http_dav_module --add-module=$(PKG_BUILD_DIR)/nginx-dav-ext-module \ + --with-http_auth_request_module --with-http_v2_module --with-http_realip_module \ --with-http_secure_link_module --with-http_sub_module --add-module=$(PKG_BUILD_DIR)/nginx-headers-more \ + --with-stream \ --add-module=$(PKG_BUILD_DIR)/nginx-brotli --add-module=$(PKG_BUILD_DIR)/nginx-rtmp \ --add-module=$(PKG_BUILD_DIR)/nginx-ts config_files += koi-utf koi-win win-utf fastcgi_params @@ -324,7 +327,7 @@ endef Package/nginx-mod-luci-ssl/description = $(define Package/nginx-mod-luci/description) \ This also include redirect from http to https and cert autogeneration. -TARGET_CFLAGS += -fvisibility=hidden -ffunction-sections -fdata-sections -DNGX_LUA_NO_BY_LUA_BLOCK -DNGX_HAVE_GCC_ATOMIC +TARGET_CFLAGS += -fvisibility=hidden -ffunction-sections -fdata-sections -DNGX_LUA_NO_BY_LUA_BLOCK TARGET_LDFLAGS += -Wl,--gc-sections ifeq ($(CONFIG_NGINX_LUA),y) @@ -392,6 +395,7 @@ define Build/Prepare $(Prepare/nginx-headers-more) $(Prepare/nginx-rtmp) $(Prepare/nginx-ts) + $(Prepare/nginx-dav-ext-module) endef @@ -433,17 +437,17 @@ endif ifeq ($(CONFIG_NGINX_RTMP_MODULE),y) define Download/nginx-rtmp - VERSION:=791b6136f02bc9613daf178723ac09f4df5a3bbf + VERSION:=f0ea62342a4eca504b311cd5df910d026c3ea4cf SUBDIR:=nginx-rtmp FILE:=ngx-rtmp-module-$(PKG_VERSION)-$$(VERSION).tar.gz - URL:=https://github.com/arut/nginx-rtmp-module.git - MIRROR_HASH:=8db3f7b545ce98f47415e0436e12dfb55ae787afd3cd9515b5642c7b9dc0ef00 + URL:=https://github.com/ut0mt8/nginx-rtmp-module.git + MIRROR_HASH:=9ba7625718d21f658c4878729271832a07bd989165f1d1c720b3a9b54cf738cc PROTO:=git endef $(eval $(call Download,nginx-rtmp)) define Prepare/nginx-rtmp - $(eval $(call Download,nginx-rtmp)) + $(eval $(Download/nginx-rtmp)) gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) endef endif @@ -461,7 +465,7 @@ ifeq ($(CONFIG_NGINX_TS_MODULE),y) $(eval $(call Download,nginx-ts)) define Prepare/nginx-ts - $(eval $(call Download,nginx-ts)) + $(eval $(Download/nginx-ts)) gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) endef endif @@ -487,11 +491,11 @@ endif ifeq ($(CONFIG_NGINX_LUA),y) define Download/lua-nginx - VERSION:=576a10d246daf81c0ce1b959c50ee807769c01a8 + VERSION:=e94f2e5d64daa45ff396e262d8dab8e56f5f10e0 SUBDIR:=lua-nginx FILE:=lua-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz URL:=https://github.com/openresty/lua-nginx-module.git - MIRROR_HASH:=85ab2fc752d4e09f266209fdec507b30c57bb966c34bbff148cf3459ae5cac80 + MIRROR_HASH:=ae439f9a8b3c34d7240735b844db72ee721af4791bbaff5692bca20e6785f541 PROTO:=git endef $(eval $(call Download,lua-nginx)) @@ -503,6 +507,24 @@ ifeq ($(CONFIG_NGINX_LUA),y) endef endif + +ifeq ($(CONFIG_NGINX_DAV),y) + define Download/nginx-dav-ext-module + VERSION:=430fd774fe838a04f1a5defbf1dd571d42300cf9 + SUBDIR:=nginx-dav-ext-module + FILE:=nginx-dav-ext-module-$(PKG_VERSION)-$$(VERSION).tar.gz + URL:=https://github.com/arut/nginx-dav-ext-module.git + MIRROR_HASH:=0566053a8756423ecab455fd9d218cec1e017598fcbb3d6415a06f816851611e + PROTO:=git + endef + $(eval $(call Download,nginx-dav-ext-module)) + + define Prepare/nginx-dav-ext-module + $(eval $(Download/nginx-dav-ext-module)) + gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + endef +endif + $(eval $(call BuildPackage,nginx)) $(eval $(call BuildPackage,nginx-ssl)) $(eval $(call BuildPackage,nginx-all-module)) diff --git a/nginx/files-luci-support/luci_nginx.conf b/nginx/files-luci-support/luci_nginx.conf index 53d4ab6c7..31af664a2 100644 --- a/nginx/files-luci-support/luci_nginx.conf +++ b/nginx/files-luci-support/luci_nginx.conf @@ -18,38 +18,34 @@ http { include mime.types; default_type application/octet-stream; - sendfile on; + sendfile on; keepalive_timeout 0; - - client_body_buffer_size 10K; - client_header_buffer_size 1k; - client_max_body_size 1G; - large_client_header_buffers 2 1k; + + client_body_buffer_size 10K; + client_header_buffer_size 1k; + client_max_body_size 1G; + large_client_header_buffers 2 1k; gzip on; gzip_http_version 1.1; gzip_vary on; gzip_comp_level 1; gzip_proxied any; - - root /www; + + root /www; server { listen 80 default_server; - listen [::]:80 default_server; + listen [::]:80 default_server; server_name localhost; - - location ~* .(jpg|jpeg|png|gif|ico|css|js)$ { - expires 365d; - } - - location / { - index index.html; - include luci_uwsgi.conf; + + location ~* .(jpg|jpeg|png|gif|ico|css|js)$ { + expires 365d; } - - location /luci-static { - - } + + include luci_uwsgi.conf; + } -} \ No newline at end of file + + include /etc/nginx/conf.d/*.conf; +} diff --git a/nginx/files-luci-support/luci_nginx_ssl.conf b/nginx/files-luci-support/luci_nginx_ssl.conf index 4647fecbf..318453b54 100644 --- a/nginx/files-luci-support/luci_nginx_ssl.conf +++ b/nginx/files-luci-support/luci_nginx_ssl.conf @@ -18,53 +18,49 @@ http { include mime.types; default_type application/octet-stream; - sendfile on; + sendfile on; keepalive_timeout 0; - - client_body_buffer_size 10K; - client_header_buffer_size 1k; - client_max_body_size 1G; - large_client_header_buffers 2 1k; + + client_body_buffer_size 10K; + client_header_buffer_size 1k; + client_max_body_size 1G; + large_client_header_buffers 2 1k; gzip on; gzip_http_version 1.1; gzip_vary on; gzip_comp_level 1; gzip_proxied any; - - root /www; - - server { - listen 80 default_server; - listen [::]:80 default_server; - server_name _; - return 301 https://$host$request_uri; - } + + root /www; + + server { + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + return 301 https://$host$request_uri; + } server { listen 443 ssl default_server; - listen [::]:443 ssl default_server; + listen [::]:443 ssl default_server; server_name localhost; - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; - ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:DHE+AESGCM:DHE:!RSA!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!SEED"; + ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:DHE+AESGCM:DHE:!RSA!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!SEED"; ssl_session_tickets off; - ssl_certificate /etc/nginx/nginx.cer; + ssl_certificate /etc/nginx/nginx.cer; ssl_certificate_key /etc/nginx/nginx.key; - - location ~* .(jpg|jpeg|png|gif|ico|css|js)$ { - expires 365d; - } - - location / { - index index.html; - include luci_uwsgi.conf; + + location ~* .(jpg|jpeg|png|gif|ico|css|js)$ { + expires 365d; } - - location /luci-static { - - } + + include luci_uwsgi.conf; + } -} \ No newline at end of file + + include /etc/nginx/conf.d/*.conf; +} diff --git a/nginx/files-luci-support/luci_uwsgi.conf b/nginx/files-luci-support/luci_uwsgi.conf index eec66f4ad..6211db74a 100644 --- a/nginx/files-luci-support/luci_uwsgi.conf +++ b/nginx/files-luci-support/luci_uwsgi.conf @@ -1,14 +1,20 @@ -uwsgi_param QUERY_STRING $query_string; -uwsgi_param REQUEST_METHOD $request_method; -uwsgi_param CONTENT_TYPE $content_type; -uwsgi_param CONTENT_LENGTH $content_length if_not_empty; -uwsgi_param REQUEST_URI $request_uri; -uwsgi_param PATH_INFO $document_uri; -uwsgi_param SERVER_PROTOCOL $server_protocol; -uwsgi_param REMOTE_ADDR $remote_addr; -uwsgi_param REMOTE_PORT $remote_port; -uwsgi_param SERVER_ADDR $server_addr; -uwsgi_param SERVER_PORT $server_port; -uwsgi_param SERVER_NAME $server_name; -uwsgi_modifier1 9; -uwsgi_pass unix:////var/run/uwsgi.sock; \ No newline at end of file +location /cgi-bin/luci { + index index.html; + uwsgi_param QUERY_STRING $query_string; + uwsgi_param REQUEST_METHOD $request_method; + uwsgi_param CONTENT_TYPE $content_type; + uwsgi_param CONTENT_LENGTH $content_length if_not_empty; + uwsgi_param REQUEST_URI $request_uri; + uwsgi_param PATH_INFO $document_uri; + uwsgi_param SERVER_PROTOCOL $server_protocol; + uwsgi_param REMOTE_ADDR $remote_addr; + uwsgi_param REMOTE_PORT $remote_port; + uwsgi_param SERVER_ADDR $server_addr; + uwsgi_param SERVER_PORT $server_port; + uwsgi_param SERVER_NAME $server_name; + uwsgi_modifier1 9; + uwsgi_pass unix:////var/run/uwsgi.sock; +} + +location /luci-static { +} diff --git a/nginx/patches/101-feature_test_fix.patch b/nginx/patches/101-feature_test_fix.patch index 930e7da98..b867c88dd 100644 --- a/nginx/patches/101-feature_test_fix.patch +++ b/nginx/patches/101-feature_test_fix.patch @@ -11,6 +11,15 @@ ngx_feature_libs= --- a/auto/cc/conf +++ b/auto/cc/conf +@@ -183,7 +183,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then + else + ngx_feature="gcc builtin atomic operations" + ngx_feature_name=NGX_HAVE_GCC_ATOMIC +- ngx_feature_run=yes ++ ngx_feature_run=no + ngx_feature_incs= + ngx_feature_path= + ngx_feature_libs= @@ -204,7 +204,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then else ngx_feature="C99 variadic macros" diff --git a/nginx/patches/201-ignore-invalid-options.patch b/nginx/patches/201-ignore-invalid-options.patch index 82180239d..28be2fb71 100644 --- a/nginx/patches/201-ignore-invalid-options.patch +++ b/nginx/patches/201-ignore-invalid-options.patch @@ -1,6 +1,6 @@ --- a/auto/options +++ b/auto/options -@@ -391,8 +391,7 @@ +@@ -397,8 +397,7 @@ $0: warning: the \"--with-sha1-asm\" opt --test-build-solaris-sendfilev) NGX_TEST_BUILD_SOLARIS_SENDFILEV=YES ;; *)