cryptofuture / nginx-hda-bundle Goto Github PK

thanks for this project and just wonder if you can add ipv6 module at your convenience, thanks in advance!

I stumbled across the related PPA because of a need for the nginx-xmpp patch in a bit of an edge case. It turns out, this package doesn't specify Conflicts: or Replaces: in d/control and causes all sorts of interesting problems.

nginx should conflict with and replace nginx-{light,extras,full,common} and the modules should do the same with their debian/ubuntu counterparts.

Could you add that module, please? :)

https://github.com/google/ngx_brotli/blob/master/src/ngx_http_brotli_static_module.c

The package needs to be updated to be compatible with the latest Nginx mainline, and the latest Ubuntu - focal fossa has been out for almost 6 months now. At the moment, when adding the ppa and running subsequent apt update the user gets:

E: The repository 'http://ppa.launchpad.net/hda-me/nginx-stable/ubuntu focal Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.

Also, it might be worthwhile including TLSv1.3 - the latest Ubuntu ships with OpenSSL 1.1.1+ by default now.

Upgrading a 16.04 system with nginx already installed:

 Unpacking nginx (1.11.12-1-ppa7~xenial) over (1.10.0-0ubuntu0.16.04.4) ...

dpkg: error processing archive /var/cache/apt/archives/nginx_1.11.12-1-ppa7~xenial_amd64.deb (--unpack):
trying to overwrite '/etc/logrotate.d/nginx', which is also in package nginx-common 1.10.0-0ubuntu0.16.04.4
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)

Obviously the issue can be fixed by uninstalling the existing nginx packages first, but if the PPA provided an upgraded nginx-common users could upgrade without warnings.

Hi,

nginx released version 1.17.1

When will this repository be updated?

Hi,

nginx released version 1.17.0

When will this repository be updated?

I tried to make this work, but I'm thinking that I need someone to help (co-maintain) the repository and launchpad.

Reason: I'm very bad at distinguishing working time with a free time. And when I have a free time, I'm not in the mood to maintain repository, as I'm already tired from other work.

If a person would have any question, how to patch, and maintain it, I probably could answer.

With TLS v1.0 being phased out by the end of the month. I am not quite sure how I would disable that. Tried searching high and low but didn't find any result. The conf file doesn't have any mention of TLS v1.0. Can you advise?

Hi!
Many thanks for this magnific work! I have a problem with the directive:
brotli_static on;
When i push it in my nginx configuration file it throws an error:
unknown directive "brotli_static"

Another directives such as:

brotli on;
brotli_comp_level 9;

works well in the configuration file. Do you know the posible reason?

This seems unintentional:

$ curl --http1.1 -I https://host | grep Server
Server: cloudflare-nginx
$ curl --http2 -I https://host | grep Server
server: nginx

On Ubuntu 18.04, this PPA installs nginx 1.14.0 but nginx-module-brotli seems to depend on a older unavailable version of nginx, preventing the module from being installed. Is this intentional?

$ apt install nginx-module-brotli
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 nginx-module-brotli : Depends: nginx (= 1.13.8-2-ppa7~bionic)
E: Unable to correct problems, you have held broken packages.

Hello!
Can u please update to latest nginx version? This release include http2 push functionality.

Hello,
I want to know how can I implement ngx_http_proxy_connect_module in this ppa.
I tried to compile ngx_http_proxy_connect_module as dynamic module, however that returns 'not binary compatatible' even I tried to add options in ./configure.

Please give some tips.
https://github.com/chobits/ngx_http_proxy_connect_module

Please, add -DTCP_FASTOPEN=23 compiler flags to get support of TFO

i386 bionic and xenial build 1.15.6 fails with https://github.com/cryptofuture/lua-nginx-module, branch = graphite:
UPD: fixed

src/http -I src/http/modules -I src/http/v2 -I debian/extra/ngx_devel_kit/src -I src/mail -I src/stream \
	-o objs/addon/src/ngx_http_lua_control.o \
	debian/extra/lua-nginx-module/src/ngx_http_lua_control.c
In file included from debian/extra/lua-nginx-module/src/ngx_http_lua_control.h:12:0,
                 from debian/extra/lua-nginx-module/src/ngx_http_lua_control.c:14:
debian/extra/lua-nginx-module/src/ngx_http_lua_control.c: In function ‘ngx_http_lua_on_abort’:
debian/extra/lua-nginx-module/src/ngx_http_lua_common.h:144:61: error: left shift count >= width of type [-Werror=shift-count-overflow]
     ((void *) ((uintptr_t) (&ngx_http_lua_##ludata) & ((1UL << 47) - 1)))
                                                             ^
debian/extra/lua-nginx-module/src/ngx_http_lua_control.c:435:30: note: in expansion of macro ‘ngx_http_lua_lightudata_mask’
     lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask(
                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
objs/Makefile:2087: recipe for target 'objs/addon/src/ngx_http_lua_control.o' failed
make[3]: *** [objs/addon/src/ngx_http_lua_control.o] Error 1

amd64 xenial build fails with https://github.com/wburgers/Session-Binding-Proxy , branch openssl-1.1.x
UPD: fix provided upstream

src/mail -I src/stream \
	-o objs/addon/nginx_session_binding_proxy_module/ngx_http_session_binding_proxy_module.o \
	debian/extra/Session-Binding-Proxy/nginx_session_binding_proxy_module/ngx_http_session_binding_proxy_module.c
debian/extra/Session-Binding-Proxy/nginx_session_binding_proxy_module/ngx_http_session_binding_proxy_module.c: In function ‘ngx_http_session_binding_proxy_handler’:
debian/extra/Session-Binding-Proxy/nginx_session_binding_proxy_module/ngx_http_session_binding_proxy_module.c:184:21: error: implicit declaration of function ‘SSL_SESSION_get_master_key’ [-Werror=implicit-function-declaration]
    master_key.len = SSL_SESSION_get_master_key(ssl_session, master_key.data, SSL_MAX_MASTER_KEY_LENGTH);
                     ^
cc1: all warnings being treated as errors
objs/Makefile:2615: recipe for target 'objs/addon/nginx_session_binding_proxy_module/ngx_http_session_binding_proxy_module.o' failed
make[3]: *** [objs/addon/nginx_session_binding_proxy_module/ngx_http_session_binding_proxy_module.o] Error 1
make[3]: Leaving directory '/<<PKGBUILDDIR>>'

Source packages could be found there, I prefer to not update github repo before stabilization
https://launchpad.net/~hda-me/+archive/ubuntu/nginx-stable/+packages

Hi,

I just googled and reached your git. Trying to learn backend and sysadmin. I wanted to understand if I were to load a dynamic module. I would just go ahead and uncomment the module and it gets activated, right?

Looking forward for 1.13.9 :)

PS: The Brotli compression is enabled automagically right? No need to edit the nginx conf file? I'm a little confused as I'm also seeing gzip set to 'ON' in the conf file. Could you please clarify?

Hi 👋🏻,

I am just wondering when this update will hit Launchpad, as it was released today and fixes security issues reported by Netflix.

Thanks for your awesome work, by the way!

This one have more functionality https://github.com/nginx-modules/ngx_cache_purge

Hi guys,
I noticed that this is still using https://github.com/eustas/ngx_brotli which is no longer actively developed.
The submodule should be switched over to https://github.com/google/ngx_brotli to make use of active development/changes

One of the main reasons I currently have to build nginx packages from source is that I want chacha20/poly1305 support, which requires a more recent or patched OpenSSL, such as this one. Any chance you could include that in your builds?

I just updated to 1.13.8-1-ppa7~xenial and noticed that broti compression of dynamic content via seems to no longer work, e.g. requests for such resources time out in the browser. The static brotli module seems fine on the other hand.

Relevant config parts:

load_module modules/ngx_http_brotli_filter_module.so;
server {
  brotli on;
  brotli_types text/plain text/css application/javascript application/json;
  location / {
    proxy_pass http://127.0.0.1:5000;
  }
}

error.log shows this error:

2018/01/12 11:33:52 [alert] 3458#3458: worker process 3463 exited on signal 9
2018/01/12 11:33:52 [alert] 3458#3458: worker process 3465 exited on signal 9
2018/01/12 11:34:07 [alert] 3472#3472: worker process 3480 exited on signal 9

There's this Nginx module implementing TLS Certificate Transparency which is going to become more and more demanded as Chrome will enforce CT by end of this year:

https://github.com/grahamedgecombe/nginx-ct

This nginx version is not up to date.
We got DoS attacked today by this http/2 issue https://news.softpedia.com/news/nginx-security-issues-expose-more-than-14-million-servers-to-dos-attacks-523659.shtml

I really loved your modularity approach but this all means nothing when we can get attacked. Really sad I loose brotli and Google pagespeed for my old sites now :(

Seems the only good way to keep nginx with features is to compile it yourself (I hate this route ... I want to install stuff not custom compile it).

This module provides the ability for a reverse DNS lookup on incoming requests: https://github.com/flant/nginx-http-rdns

It would be a good combination with testcookie to minimise potential issues with search engine indexers.

PS. Thank you for your work!

I think I made Readme to technical and long. Need short readme and more human-friendly version.
Shorter readme version also should be on launchpad. Some details could hidden in the wiki.
Possibly consider add easy tip or donation way beside bitcoin.

can You help me and explane how i can build it?

This one would also be a cool addition to your nice ppa:
nginx-rtmpt-proxy-module

First of all, thanks for this repo and ppa, you helped me a lot when i've need the installation of nginx-module-vts.

Please, add support for his brother nginx-module-sts, which is vts but for stream module (tcp and udp).

These are theirs repositories:

• https://github.com/vozlt/nginx-module-sts
• https://github.com/vozlt/nginx-module-stream-sts

Thanks!

This is a great bundle, but it has a number of differences from the official nginx packages that are obstacles for anyone switching from them, for example the nginx.conf file is unnecessarily different: it lacks an include directive to load additional config from /etc/nginx/conf.d, and setting worker_processes 1; is really unhelpful. My recommendation would be to keep the config identical as far as possible, and only change what is strictly necessary to add what your packaging provides, which should be only the loadmodule directives. They could be put in an external file (instead of directly in nginx.conf) and perhaps load from the conf.d folder. This would allow seamless switching from the stock packages and back without needing to change stock config files significantly. I'm a big fan of conf.d folders because they allow you to use distro defaults for standard config files and override them with external files, so package updates can overwrite standard config files safely.

https://alex.bouma.me/recompile-nginx-with-openssl-1-0-2-for-http-2-via-alpn-ubuntu-14-04/

Could you please compile nginx with OpenSSL 1.0.2+ (for ubuntu 14.04)? HTTP2 isn't working due to only NPN is support!

Hi,

I am facing a weird error where I am getting a 502 error when trying to access the website from incognito mode. I only have the following error.
[error] 13888#13888: *59205 upstream sent too big header while reading response header from upstream, client: 185.203.122.4, server: domain.com, request: "GET / HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.2-fpm.sock:", host: "www.domain.com"

The website opens just fine in normal mode.

First of thank you for great work!! Today when I check I found that Nginx version 1.18.0-1 is available for bionic. However, if we install this then the following modules won't be installed

The following packages have unmet dependencies:
nginx-module-brotli : Depends: nginx (= 1.17.3-2-ppa7bionic)
nginx-module-cache-purge : Depends: nginx (= 1.17.3-2-ppa7bionic)
nginx-module-http-headers-more : Depends: nginx (= 1.17.3-2-ppa7bionic)
nginx-module-pagespeed : Depends: nginx (= 1.17.3-2-ppa7bionic)
nginx-module-upload-progress : Depends: nginx (= 1.17.3-2-ppa7~bionic)

If I install old version then following modules won't install
The following packages have unmet dependencies:
nginx-module-image-filter : Depends: nginx (= 1.18.0-1bionic)
nginx-module-xslt : Depends: nginx (= 1.18.0-1bionic)

Need to cover update this week or this is taking too long...

Hi.

Is it possible to add the new GeoIp2 module?

https://github.com/leev/ngx_http_geoip2_module

From docs:
The TLSv1.3 parameter (1.13.0) works only when OpenSSL 1.1.1 built with TLSv1.3 support is used.

From nginx -V
built with OpenSSL 1.0.2g 1 Mar 2016

Hi there.

First of all thank you for your awesome work.

May i suggest to switch ngx_brotli location from google/ngx_brotli which is not supported anymore. To switch to fork from one of libbrotli maintainers https://github.com/eustas/ngx_brotli (also google guy)?

nginx: [emerg] dlopen() "/etc/nginx/modules/ngx_http_lua_module.so" failed (/etc/nginx/modules/ngx_http_lua_module.so: undefined symbol: ndk_set_var_value) in /etc/nginx/nginx.conf:6
nginx: configuration file /etc/nginx/nginx.conf test failed

OS: Ubuntu 16.04 xenial
Linux helper 4.4.0-62-generic #83-Ubuntu SMP Wed Jan 18 14:10:15 UTC 2017 x86_64 GNU/Linux

Hello,
I want to know how to implement a ModSecurity module.

Hi, this is a very nice repo and ppa, I like it - thank you very much for your efforts!

It would be great if you would like to add nginx-rtmp-module - that would be a very valuable addition to this ppa!

Thanks and have a nice day!