Index | Thread | Search

From:
Robert Nagy <robert@openbsd.org>
Subject:
Re: nginx: imrpove compatibiliy with unwind and
To:
OpenBSD ports <ports@openbsd.org>
Date:
Thu, 4 Jul 2024 13:32:19 +0200

Download raw body.

Thread

  • Kirill A. Korinsky:

    nginx: imrpove compatibiliy with unwind and

    • go ahead

On 04/07/24 12:27 GMT, Kirill A. Korinsky wrote:
> ports@, Robert,
> 
> I'd like to ping about this trivial patch that allows me to use nginx with
> unwind for last weeks.
> 
> Additionally, I had added ngx_cache_purge as new subpackage which brings
> qutie stable module https://github.com/FRiCKLE/ngx_cache_purge which allows
> to purge some elements of cache via HTTP request. I don't include it into
> default build, and build it as dynamic module.
> 
> The original point about unwind patch:
> 
> On Sat, 15 Jun 2024 12:09:21 +0100,
> Kirill A. Korinsky <kirill@korins.ky> wrote:
> >
> > ports@
> >
> > Here a trivial patch which improves compatibility with unwind.
> >
> > I'm using the following unwind.config:
> >
> >     preference { recursor oDoT-autoconf }
> >
> >     forwarder { 172.31.2.1 }
> >
> >     force accept bogus forwarder {
> >       some.internal.domain
> >     }
> >
> > where 172.31.2.1 is Unifi GW and nginx is configured as:
> >
> >     server {
> >         listen                              127.0.0.1:80;
> >
> >         resolver                            127.0.0.1;
> >
> >         set $nas_uri                        "http://nas.some.internal.domain";
> >
> >         location / {
> >                 proxy_pass                  $nas_uri;
> >         }
> >     }
> >
> > it can't be used due errors in log:
> >
> >     2024/06/15 11:53:55 [error] 30452#0: invalid UDP DNS response 49184 fl:81A0
> >     2024/06/15 11:54:00 [error] 30452#0: invalid UDP DNS response 30883 fl:81A0
> >     2024/06/15 11:54:00 [error] 30452#0: invalid UDP DNS response 49184 fl:81A0
> >     2024/06/15 11:54:05 [error] 30452#0: invalid UDP DNS response 30883 fl:81A0
> >
> > because nginx rejects response with enabled AD bit.
> >
> 
> And, finally, the diff:
> 
> diff --git www/nginx/Makefile www/nginx/Makefile
> index 7d86279085c..203e8aa3fc5 100644
> --- www/nginx/Makefile
> +++ www/nginx/Makefile
> @@ -17,15 +17,17 @@ COMMENT-njs=		nginx javascript scripting module
>  COMMENT-passenger=	nginx passenger (ruby/python/nodejs) integration module
>  COMMENT-rtmp=		nginx module for RTMP streaming
>  COMMENT-securelink=	nginx HMAC secure link module
> +COMMENT-cache_purge=	nginx module which adds ability to purge cache content
>  
>  VERSION=	1.26.1
>  DISTNAME=	nginx-${VERSION}
>  CATEGORIES=	www
> -REVISION-main=	0
> +REVISION-main=	1
>  REVISION-passenger=	0
>  
>  VERSION-njs=	0.8.2
>  VERSION-rtmp=	1.2.1
> +VERSION-cache_purge=	2.3
>  
>  PKGNAME-main=		${DISTNAME}
>  PKGNAME-image_filter=	nginx-image_filter-${VERSION}
> @@ -42,6 +44,7 @@ PKGNAME-njs=		nginx-njs-${VERSION}
>  PKGNAME-passenger=	nginx-passenger-${VERSION}
>  PKGNAME-rtmp=		nginx-rtmp-${VERSION}
>  PKGNAME-securelink=	nginx-securelink-${VERSION}
> +PKGNAME-cache_purge=	ngx_cache_purge-${VERSION}
>  
>  ONLY_FOR_ARCHS-passenger= aarch64 amd64 arm i386
>  
> @@ -59,7 +62,8 @@ _GH_MODS=	\
>  	nginx		njs				${VERSION-njs} \
>  	simpl		ngx_devel_kit			v0.3.0 \
>  	leev		ngx_http_geoip2_module		3.3 \
> -	nginx-modules	ngx_http_hmac_secure_link_module 48c4625fbbf51ed5a95bfec23fa444f6c3702e50
> +	nginx-modules	ngx_http_hmac_secure_link_module	48c4625fbbf51ed5a95bfec23fa444f6c3702e50 \
> +	FRiCKLE		ngx_cache_purge			${VERSION-cache_purge}
>  
>  .for _a _p _c in ${_GH_MODS}
>  DISTFILES.a+=	${_p}-{${_a}/${_p}/archive/}${_c}.tar.gz
> @@ -76,7 +80,7 @@ MULTI_PACKAGES =	-main -naxsi -perl ${MODULE_PACKAGES}
>  
>  MODULE_PACKAGES =	-image_filter -geoip2 -xslt -mailproxy -stream \
>  			-passenger -headers_more -ldap_auth -lua -njs \
> -			-rtmp -securelink
> +			-rtmp -securelink -cache_purge
>  
>  FLAVOR ?=
>  PSEUDO_FLAVORS =	no_lua no_njs no_passenger
> @@ -100,6 +104,7 @@ WANTLIB-headers_more=
>  WANTLIB-perl=		c m perl
>  WANTLIB-passenger=	m pthread ${COMPILER_LIBCXX}
>  WANTLIB-securelink=	crypto
> +WANTLIB-cache_purge=
>  
>  LIB_DEPENDS-main=	devel/pcre2
>  LIB_DEPENDS-xslt=	textproc/libxml \
> @@ -114,6 +119,7 @@ LIB_DEPENDS-securelink=
>  LIB_DEPENDS-njs=	devel/pcre2 \
>  			textproc/libxslt \
>  			textproc/libxml
> +LIB_DEPENDS-cache_purge=
>  
>  MODLUA_RUNDEP=		No
>  RUN_DEPENDS=		www/nginx,-main=${VERSION}
> @@ -202,7 +208,8 @@ CONFIGURE_ARGS+=	--prefix=${NGINX_DIR} \
>  			--add-dynamic-module=${WRKSRC}/headers-more-nginx-module \
>  			--add-dynamic-module=${WRKSRC}/nginx-auth-ldap \
>  			--add-dynamic-module=${WRKSRC}/ngx_http_geoip2_module \
> -			--add-dynamic-module=${WRKSRC}/ngx_http_hmac_secure_link_module
> +			--add-dynamic-module=${WRKSRC}/ngx_http_hmac_secure_link_module \
> +			--add-dynamic-module=${WRKSRC}/ngx_cache_purge
>  
>  SUBSTFILES=		conf/nginx.conf */config
>  
> @@ -212,7 +219,7 @@ ALL_TARGET=
>  pre-patch:
>  .for i in headers-more-nginx-module lua-nginx-module naxsi njs \
>  	nginx-auth-ldap ngx_devel_kit ngx_http_geoip2_module \
> -	ngx_http_hmac_secure_link_module
> +	ngx_http_hmac_secure_link_module ngx_cache_purge
>  	cd ${WRKSRC} && mv ../$i-* $i
>  .endfor
>  
> diff --git www/nginx/distinfo www/nginx/distinfo
> index 05b5868d540..1138961174f 100644
> --- www/nginx/distinfo
> +++ www/nginx/distinfo
> @@ -5,6 +5,7 @@ SHA256 (nginx-1.20.1-chroot.patch) = SS1TB0j8N4/dn5pUTGT6WvkN3aAUuKz5+R0Nt+MG0gk
>  SHA256 (nginx-1.26.1.tar.gz) = +Rh0aP8usVkmC/1Thnwl/44zRyYjes8ie56HDlPT42s=
>  SHA256 (nginx-auth-ldap-83c059b73566c2ee9cbda920d91b66657cf120b7.tar.gz) = aQxOW9sq4ZsP7nXNNW0YATRo20cmFrYJeloLvjRshGQ=
>  SHA256 (nginx-rtmp-module-v1.2.1.tar.gz) = h6pZdACwtaBSdO4tI9jLgiThJoYiegq+MdeDs6ZF6jc=
> +SHA256 (ngx_cache_purge-2.3.tar.gz) = y31fIpGcYT8fAzQaGuuWCWUmkwLp6yNCXMqr0vXcu+w=
>  SHA256 (ngx_devel_kit-v0.3.0.tar.gz) = iOBamainQZBm9a51lm+x78QJutRSLRSYbaB0VUrmFhk=
>  SHA256 (ngx_http_geoip2_module-3.3.tar.gz) = QTeEOMgz4xOhiGnQxKcnBLSDXDCsr3/WgBOrZzL/eKc=
>  SHA256 (ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz) = ZXpA2rODS1enIREzlD1OqWwpWcv3NOUXH4eUOgOAmqg=
> @@ -16,6 +17,7 @@ SIZE (nginx-1.20.1-chroot.patch) = 8783
>  SIZE (nginx-1.26.1.tar.gz) = 1244738
>  SIZE (nginx-auth-ldap-83c059b73566c2ee9cbda920d91b66657cf120b7.tar.gz) = 18542
>  SIZE (nginx-rtmp-module-v1.2.1.tar.gz) = 519919
> +SIZE (ngx_cache_purge-2.3.tar.gz) = 11717
>  SIZE (ngx_devel_kit-v0.3.0.tar.gz) = 66455
>  SIZE (ngx_http_geoip2_module-3.3.tar.gz) = 8509
>  SIZE (ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz) = 6159
> diff --git www/nginx/patches/patch-ngx_cache_purge_config www/nginx/patches/patch-ngx_cache_purge_config
> new file mode 100644
> index 00000000000..e12d5e5a802
> --- /dev/null
> +++ www/nginx/patches/patch-ngx_cache_purge_config
> @@ -0,0 +1,25 @@
> +Build ngx_cache_purge as dynamic module
> +
> +Index: ngx_cache_purge/config
> +--- ngx_cache_purge/config.orig
> ++++ ngx_cache_purge/config
> +@@ -15,7 +15,17 @@ if [ "$HTTP_UWSGI" = "YES" ]; then
> + fi
> + 
> + ngx_addon_name=ngx_http_cache_purge_module
> +-HTTP_MODULES="$HTTP_MODULES ngx_http_cache_purge_module"
> +-NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_cache_purge_module.c"
> ++CACHE_PURGE_SRCS="$ngx_addon_dir/ngx_cache_purge_module.c"
> ++
> ++if [ -n "$ngx_module_link" ]; then
> ++    ngx_module_type=HTTP
> ++    ngx_module_name="$ngx_addon_name"
> ++    ngx_module_srcs="$CACHE_PURGE_SRCS"
> ++
> ++    . auto/module
> ++else
> ++    HTTP_MODULES="$HTTP_MODULES $ngx_addon_name"
> ++    NGX_ADDON_SRCS="$NGX_ADDON_SRCS $CACHE_PURGE_SRCS"
> ++fi
> + 
> + have=NGX_CACHE_PURGE_MODULE . auto/have
> diff --git www/nginx/patches/patch-src_core_ngx_resolver_c www/nginx/patches/patch-src_core_ngx_resolver_c
> new file mode 100644
> index 00000000000..b07cea4cc97
> --- /dev/null
> +++ www/nginx/patches/patch-src_core_ngx_resolver_c
> @@ -0,0 +1,12 @@
> +Index: src/core/ngx_resolver.c
> +--- src/core/ngx_resolver.c.orig
> ++++ src/core/ngx_resolver.c
> +@@ -1774,7 +1774,7 @@ ngx_resolver_process_response(ngx_resolver_t *r, u_cha
> +                    (response->nar_hi << 8) + response->nar_lo);
> + 
> +     /* response to a standard query */
> +-    if ((flags & 0xf870) != 0x8000 || (trunc && tcp)) {
> ++    if ((flags & 0xf850) != 0x8000 || (trunc && tcp)) {
> +         ngx_log_error(r->log_level, r->log, 0,
> +                       "invalid %s DNS response %ui fl:%04Xi",
> +                       tcp ? "TCP" : "UDP", ident, flags);
> diff --git www/nginx/pkg/DESCR-cache_purge www/nginx/pkg/DESCR-cache_purge
> new file mode 100644
> index 00000000000..a1021baf292
> --- /dev/null
> +++ www/nginx/pkg/DESCR-cache_purge
> @@ -0,0 +1,8 @@
> +ngx_cache_purge is nginx module which adds ability to purge content from
> +FastCGI, proxy, SCGI and uWSGI caches.
> +
> +It is build as separated dynamic module and it should be load as:
> +
> +  load_module modules/ngx_http_cache_purge_module.so;
> +
> +Documentation available at https://github.com/FRiCKLE/ngx_cache_purge
> diff --git www/nginx/pkg/PLIST-cache_purge www/nginx/pkg/PLIST-cache_purge
> new file mode 100644
> index 00000000000..ea7fe579cd9
> --- /dev/null
> +++ www/nginx/pkg/PLIST-cache_purge
> @@ -0,0 +1 @@
> +@so ngx_http_cache_purge_module.so
> 
> 
> --
> wbr, Kirill

-- 
Regards,
Robert Nagy

  • Kirill A. Korinsky:

    nginx: imrpove compatibiliy with unwind and