diff --git a/images/nginx/rootfs/Dockerfile b/images/nginx/rootfs/Dockerfile index 07c837d47..a8cbd2a66 100644 --- a/images/nginx/rootfs/Dockerfile +++ b/images/nginx/rootfs/Dockerfile @@ -21,7 +21,7 @@ RUN apk add -U bash \ && /build.sh # Use a multi-stage build -FROM alpine:3.11 +FROM alpine:3.12 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin diff --git a/images/nginx/rootfs/build.sh b/images/nginx/rootfs/build.sh index e0e66ad8b..076f4bd00 100755 --- a/images/nginx/rootfs/build.sh +++ b/images/nginx/rootfs/build.sh @@ -18,23 +18,23 @@ set -o errexit set -o nounset set -o pipefail -export NGINX_VERSION=1.19.3 +export NGINX_VERSION=1.19.4 export NDK_VERSION=0.3.1 export SETMISC_VERSION=0.32 export MORE_HEADERS_VERSION=0.33 export NGINX_DIGEST_AUTH=cd8641886c873cf543255aeda20d23e4cd603d05 export NGINX_SUBSTITUTIONS=bc58cb11844bc42735bbaef7085ea86ace46d05b -export NGINX_OPENTRACING_VERSION=0.9.0 +export NGINX_OPENTRACING_VERSION=0.10.0 export OPENTRACING_CPP_VERSION=1.5.1 export ZIPKIN_CPP_VERSION=0.5.2 export JAEGER_VERSION=0.4.2 export MSGPACK_VERSION=3.2.1 export DATADOG_CPP_VERSION=1.2.0 -export MODSECURITY_VERSION=b55a5778c539529ae1aa10ca49413771d52bb62e +export MODSECURITY_VERSION=22e53aba4e3ae8c7d59a3672d6727e49246afe96 export MODSECURITY_LIB_VERSION=v3.0.4 export OWASP_MODSECURITY_CRS_VERSION=v3.3.0 -export LUA_NGX_VERSION=0.10.17 -export LUA_STREAM_NGX_VERSION=0.0.8 +export LUA_NGX_VERSION=0.10.18rc4 +export LUA_STREAM_NGX_VERSION=0.0.9rc3 export LUA_UPSTREAM_VERSION=0.07 export LUA_BRIDGE_TRACER_VERSION=0.1.1 export LUA_CJSON_VERSION=2.1.0.8 @@ -42,11 +42,11 @@ export NGINX_INFLUXDB_VERSION=5b09391cb7b9a889687c0aa67964c06a2d933e8b export GEOIP2_VERSION=3.3 export NGINX_AJP_VERSION=bf6cd93f2098b59260de8d494f0f4b1f11a84627 -export LUAJIT_VERSION=31116c4d25c4283a52b2d87fed50101cf20f5b77 +export LUAJIT_VERSION=2.1-20201027 export LUA_RESTY_BALANCER=0.03 export LUA_RESTY_CACHE=0.10 -export LUA_RESTY_CORE=0.1.19 +export LUA_RESTY_CORE=0.1.20rc3 export LUA_RESTY_COOKIE_VERSION=766ad8c15e498850ac77f5e0265f1d3f30dc4027 export LUA_RESTY_DNS=0.21 export LUA_RESTY_HTTP=0.15 @@ -119,7 +119,7 @@ mkdir --verbose -p "$BUILD_PATH" cd "$BUILD_PATH" # download, verify and extract the source files -get_src 91e5b74fa17879d2463294e93ad8f6ffc066696ae32ad0478ffe15ba0e9e8df0 \ +get_src 61df546927905a0d624f9396bb7a8bc7ca7fd26522ce9714d56a78b73284000e \ "https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz" get_src 0e971105e210d272a497567fa2e2c256f4e39b845a5ba80d373e26ba1abfbd85 \ @@ -137,7 +137,7 @@ get_src fe683831f832aae4737de1e1026a4454017c2d5f98cb88b08c5411dc380062f8 \ get_src 618551948ab14cac51d6e4ad00452312c7b09938f59ebff4f93875013be31f2d \ "https://github.com/yaoweibin/ngx_http_substitutions_filter_module/archive/$NGINX_SUBSTITUTIONS.tar.gz" -get_src 4fc410d7aef0c8a6371afa9f249d2c6cec50ea88785d05052f8f457c35b69c18 \ +get_src d580efc71809cc1cd9138c1940f4f20766a0631cacf45b99c07facd93583260d \ "https://github.com/opentracing-contrib/nginx-opentracing/archive/v$NGINX_OPENTRACING_VERSION.tar.gz" get_src 015c4187f7a6426a2b5196f0ccd982aa87f010cf61f507ae3ce5c90523f92301 \ @@ -146,7 +146,7 @@ get_src 015c4187f7a6426a2b5196f0ccd982aa87f010cf61f507ae3ce5c90523f92301 \ get_src 30affaf0f3a84193f7127cc0135da91773ce45d902414082273dae78914f73df \ "https://github.com/rnburn/zipkin-cpp-opentracing/archive/v$ZIPKIN_CPP_VERSION.tar.gz" -get_src 3f943d1ac7bbf64b010a57b8738107c1412cb31c55c73f0772b4148614493b7b \ +get_src 38f2ae43fceda683f652065e13a80b14a580ede476a4b44eb0ddd85665380360 \ "https://github.com/SpiderLabs/ModSecurity-nginx/archive/$MODSECURITY_VERSION.tar.gz" get_src 21257af93a64fee42c04ca6262d292b2e4e0b7b0660c511db357b32fd42ef5d3 \ @@ -155,17 +155,17 @@ get_src 21257af93a64fee42c04ca6262d292b2e4e0b7b0660c511db357b32fd42ef5d3 \ get_src 464f46744a6be778626d11452c4db3c2d09461080c6db42e358e21af19d542f6 \ "https://github.com/msgpack/msgpack-c/archive/cpp-$MSGPACK_VERSION.tar.gz" -get_src 1ebdcb041ca3bd238813ef6de352285e7418e6001c41a0a260b447260e37716e \ +get_src 0407cd1a71c60dc192dc2bfe87f89aea9351c69e815758b375770a958e8e1823 \ "https://github.com/openresty/lua-nginx-module/archive/v$LUA_NGX_VERSION.tar.gz" -get_src f2c4b7966dbb5c88edb5692616bf0eeca330ee2d43ae04c1cb96ef8fb072ba46 \ +get_src 3a92710da33a177dee5db1cc4c76a37661c064543bfb309e66400df7a0641058 \ "https://github.com/openresty/stream-lua-nginx-module/archive/v$LUA_STREAM_NGX_VERSION.tar.gz" get_src 2a69815e4ae01aa8b170941a8e1a10b6f6a9aab699dee485d58f021dd933829a \ "https://github.com/openresty/lua-upstream-nginx-module/archive/v$LUA_UPSTREAM_VERSION.tar.gz" -get_src 82bf1af1ee89887648b53c9df566f8b52ec10400f1641c051970a7540b7bf06a \ - "https://github.com/openresty/luajit2/archive/$LUAJIT_VERSION.tar.gz" +get_src f74a0821b079ea1fd63dd8659064356fc3f421ff4b35c17877140d2b2841cc3b \ + "https://github.com/openresty/luajit2/archive/v$LUAJIT_VERSION.tar.gz" get_src 3e6fe45f467d653870985cc52a1c2cf81a8a2c7a7bcf7ffcfedfd305a47a1eca \ "https://github.com/DataDog/dd-opentracing-cpp/archive/v$DATADOG_CPP_VERSION.tar.gz" @@ -191,7 +191,7 @@ get_src bfd8c4b6c90aa9dcbe047ac798593a41a3f21edcb71904d50d8ac0e8c77d1132 \ get_src 82209d5a5d9545c6dde3db7857f84345db22162fdea9743d5e2b2094d8d407f8 \ "https://github.com/openresty/lua-resty-balancer/archive/v$LUA_RESTY_BALANCER.tar.gz" -get_src 040878ed9a485ca7f0f8128e4e979280bcf501af875704c8830bec6a68f128f7 \ +get_src 467e6e0cade66d74a9f8e789d1045bc033a646cee904ba758be8191b61fa6ecc \ "https://github.com/openresty/lua-resty-core/archive/v$LUA_RESTY_CORE.tar.gz" get_src bd6bee4ccc6cf3307ab6ca0eea693a921fab9b067ba40ae12a652636da588ff7 \ @@ -567,22 +567,9 @@ make install cd "$BUILD_PATH/lua-resty-string-$LUA_RESTY_STRING_VERSION" make install -# build Lua bridge tracer -#cd "$BUILD_PATH/lua-bridge-tracer-$LUA_BRIDGE_TRACER_VERSION" -#mkdir .build -#cd .build -# -#cmake -DCMAKE_BUILD_TYPE=Release \ -# -DBUILD_SHARED=OFF \ -# -WITH_BOOST_STATIC=ON \ -# .. -# -#make -#make install - # mimalloc cd "$BUILD_PATH" -git clone --depth=1 -b v1.6.4 https://github.com/microsoft/mimalloc +git clone --depth=1 -b v1.6.7 https://github.com/microsoft/mimalloc cd mimalloc mkdir -p out/release @@ -593,16 +580,6 @@ cmake ../.. make make install -# check libraries are ok -#echo "Checking libraries..." -#for LIB in $(find /usr/local/lib -name "*.so");do -# ldd $LIB | grep 'not found' -# if [ $? -eq 0 ]; then -# echo "Dependencies is missing for $LIB" -# exit 1 -# fi -#done - # update image permissions writeDirs=( \ /etc/nginx \ diff --git a/images/nginx/rootfs/patches/nginx-1.17.8-no_Werror.patch b/images/nginx/rootfs/patches/nginx-1.17.8-no_Werror.patch deleted file mode 100644 index 753d86adc..000000000 --- a/images/nginx/rootfs/patches/nginx-1.17.8-no_Werror.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -urp nginx-1.17.8/auto/cc/clang nginx-1.17.8-patched/auto/cc/clang ---- nginx-1.17.8/auto/cc/clang 2014-03-04 03:39:24.000000000 -0800 -+++ nginx-1.17.8-patched/auto/cc/clang 2014-03-13 20:54:26.241413360 -0700 -@@ -89,7 +89,7 @@ CFLAGS="$CFLAGS -Wconditional-uninitiali - CFLAGS="$CFLAGS -Wno-unused-parameter" - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+#CFLAGS="$CFLAGS -Werror" - - # debug - CFLAGS="$CFLAGS -g" -diff -urp nginx-1.17.8/auto/cc/gcc nginx-1.17.8-patched/auto/cc/gcc ---- nginx-1.17.8/auto/cc/gcc 2014-03-04 03:39:24.000000000 -0800 -+++ nginx-1.17.8-patched/auto/cc/gcc 2014-03-13 20:54:13.301355329 -0700 -@@ -168,7 +168,7 @@ esac - - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+#CFLAGS="$CFLAGS -Werror" - - # debug - CFLAGS="$CFLAGS -g" -diff -urp nginx-1.17.8/auto/cc/icc nginx-1.17.8-patched/auto/cc/icc ---- nginx-1.17.8/auto/cc/icc 2014-03-04 03:39:24.000000000 -0800 -+++ nginx-1.17.8-patched/auto/cc/icc 2014-03-13 20:54:13.301355329 -0700 -@@ -115,7 +115,7 @@ case "$NGX_ICC_VER" in - esac - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+#CFLAGS="$CFLAGS -Werror" - - # debug - CFLAGS="$CFLAGS -g" diff --git a/images/nginx/rootfs/patches/nginx-1.17.8-balancer_status_code.patch b/images/nginx/rootfs/patches/nginx-1.19.3-balancer_status_code.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.17.8-balancer_status_code.patch rename to images/nginx/rootfs/patches/nginx-1.19.3-balancer_status_code.patch diff --git a/images/nginx/rootfs/patches/nginx-1.17.8-cache_manager_exit.patch b/images/nginx/rootfs/patches/nginx-1.19.3-cache_manager_exit.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.17.8-cache_manager_exit.patch rename to images/nginx/rootfs/patches/nginx-1.19.3-cache_manager_exit.patch diff --git a/images/nginx/rootfs/patches/nginx-1.17.8-delayed_posted_events.patch b/images/nginx/rootfs/patches/nginx-1.19.3-delayed_posted_events.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.17.8-delayed_posted_events.patch rename to images/nginx/rootfs/patches/nginx-1.19.3-delayed_posted_events.patch diff --git a/images/nginx/rootfs/patches/nginx-1.17.8-hash_overflow.patch b/images/nginx/rootfs/patches/nginx-1.19.3-hash_overflow.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.17.8-hash_overflow.patch rename to images/nginx/rootfs/patches/nginx-1.19.3-hash_overflow.patch diff --git a/images/nginx/rootfs/patches/nginx-1.17.8-init_cycle_pool_release.patch b/images/nginx/rootfs/patches/nginx-1.19.3-init_cycle_pool_release.patch similarity index 65% rename from images/nginx/rootfs/patches/nginx-1.17.8-init_cycle_pool_release.patch rename to images/nginx/rootfs/patches/nginx-1.19.3-init_cycle_pool_release.patch index bd621eb68..b6f46674f 100644 --- a/images/nginx/rootfs/patches/nginx-1.17.8-init_cycle_pool_release.patch +++ b/images/nginx/rootfs/patches/nginx-1.19.3-init_cycle_pool_release.patch @@ -1,6 +1,6 @@ -diff -rup nginx-1.17.8/src/core/nginx.c nginx-1.17.8-patched/src/core/nginx.c ---- nginx-1.17.8/src/core/nginx.c 2017-12-17 00:00:38.136470108 -0800 -+++ nginx-1.17.8-patched/src/core/nginx.c 2017-12-16 23:59:51.680958322 -0800 +diff -rup nginx-1.19.3/src/core/nginx.c nginx-1.19.3-patched/src/core/nginx.c +--- nginx-1.19.3/src/core/nginx.c 2017-12-17 00:00:38.136470108 -0800 ++++ nginx-1.19.3-patched/src/core/nginx.c 2017-12-16 23:59:51.680958322 -0800 @@ -186,6 +186,7 @@ static u_char *ngx_prefix; static u_char *ngx_conf_file; static u_char *ngx_conf_params; @@ -18,9 +18,9 @@ diff -rup nginx-1.17.8/src/core/nginx.c nginx-1.17.8-patched/src/core/nginx.c if (ngx_save_argv(&init_cycle, argc, argv) != NGX_OK) { return 1; } -diff -rup nginx-1.17.8/src/core/ngx_core.h nginx-1.17.8-patched/src/core/ngx_core.h ---- nginx-1.17.8/src/core/ngx_core.h 2017-10-10 08:22:51.000000000 -0700 -+++ nginx-1.17.8-patched/src/core/ngx_core.h 2017-12-16 23:59:51.679958370 -0800 +diff -rup nginx-1.19.3/src/core/ngx_core.h nginx-1.19.3-patched/src/core/ngx_core.h +--- nginx-1.19.3/src/core/ngx_core.h 2017-10-10 08:22:51.000000000 -0700 ++++ nginx-1.19.3-patched/src/core/ngx_core.h 2017-12-16 23:59:51.679958370 -0800 @@ -108,4 +108,6 @@ void ngx_cpuinfo(void); #define NGX_DISABLE_SYMLINKS_NOTOWNER 2 #endif @@ -28,9 +28,9 @@ diff -rup nginx-1.17.8/src/core/ngx_core.h nginx-1.17.8-patched/src/core/ngx_cor +extern ngx_pool_t *saved_init_cycle_pool; + #endif /* _NGX_CORE_H_INCLUDED_ */ -diff -rup nginx-1.17.8/src/core/ngx_cycle.c nginx-1.17.8-patched/src/core/ngx_cycle.c ---- nginx-1.17.8/src/core/ngx_cycle.c 2017-10-10 08:22:51.000000000 -0700 -+++ nginx-1.17.8-patched/src/core/ngx_cycle.c 2017-12-16 23:59:51.678958419 -0800 +diff -rup nginx-1.19.3/src/core/ngx_cycle.c nginx-1.19.3-patched/src/core/ngx_cycle.c +--- nginx-1.19.3/src/core/ngx_cycle.c 2017-10-10 08:22:51.000000000 -0700 ++++ nginx-1.19.3-patched/src/core/ngx_cycle.c 2017-12-16 23:59:51.678958419 -0800 @@ -748,6 +748,10 @@ old_shm_zone_done: if (ngx_process == NGX_PROCESS_MASTER || ngx_is_init_cycle(old_cycle)) { @@ -42,9 +42,9 @@ diff -rup nginx-1.17.8/src/core/ngx_cycle.c nginx-1.17.8-patched/src/core/ngx_cy ngx_destroy_pool(old_cycle->pool); cycle->old_cycle = NULL; -diff -rup nginx-1.17.8/src/os/unix/ngx_process_cycle.c nginx-1.17.8-patched/src/os/unix/ngx_process_cycle.c ---- nginx-1.17.8/src/os/unix/ngx_process_cycle.c 2017-12-17 00:00:38.142469762 -0800 -+++ nginx-1.17.8-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 23:59:51.691957791 -0800 +diff -rup nginx-1.19.3/src/os/unix/ngx_process_cycle.c nginx-1.19.3-patched/src/os/unix/ngx_process_cycle.c +--- nginx-1.19.3/src/os/unix/ngx_process_cycle.c 2017-12-17 00:00:38.142469762 -0800 ++++ nginx-1.19.3-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 23:59:51.691957791 -0800 @@ -783,6 +783,11 @@ ngx_master_process_exit(ngx_cycle_t *cyc ngx_exit_cycle.files_n = ngx_cycle->files_n; ngx_cycle = &ngx_exit_cycle; diff --git a/images/nginx/rootfs/patches/nginx-1.17.8-larger_max_error_str.patch b/images/nginx/rootfs/patches/nginx-1.19.3-larger_max_error_str.patch similarity index 62% rename from images/nginx/rootfs/patches/nginx-1.17.8-larger_max_error_str.patch rename to images/nginx/rootfs/patches/nginx-1.19.3-larger_max_error_str.patch index 128bd9e0d..c7013e05d 100644 --- a/images/nginx/rootfs/patches/nginx-1.17.8-larger_max_error_str.patch +++ b/images/nginx/rootfs/patches/nginx-1.19.3-larger_max_error_str.patch @@ -1,5 +1,5 @@ ---- nginx-1.17.8/src/core/ngx_log.h 2013-10-08 05:07:14.000000000 -0700 -+++ nginx-1.17.8-patched/src/core/ngx_log.h 2013-12-05 20:35:35.996236720 -0800 +--- nginx-1.19.3/src/core/ngx_log.h 2013-10-08 05:07:14.000000000 -0700 ++++ nginx-1.19.3-patched/src/core/ngx_log.h 2013-12-05 20:35:35.996236720 -0800 @@ -64,7 +64,9 @@ struct ngx_log_s { }; diff --git a/images/nginx/rootfs/patches/nginx-1.19.3-no_Werror.patch b/images/nginx/rootfs/patches/nginx-1.19.3-no_Werror.patch new file mode 100644 index 000000000..2cf7cd9c7 --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.19.3-no_Werror.patch @@ -0,0 +1,36 @@ +diff -urp nginx-1.19.3/auto/cc/clang nginx-1.19.3-patched/auto/cc/clang +--- nginx-1.19.3/auto/cc/clang 2014-03-04 03:39:24.000000000 -0800 ++++ nginx-1.19.3-patched/auto/cc/clang 2014-03-13 20:54:26.241413360 -0700 +@@ -89,7 +89,7 @@ CFLAGS="$CFLAGS -Wconditional-uninitiali + CFLAGS="$CFLAGS -Wno-unused-parameter" + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" +diff -urp nginx-1.19.3/auto/cc/gcc nginx-1.19.3-patched/auto/cc/gcc +--- nginx-1.19.3/auto/cc/gcc 2014-03-04 03:39:24.000000000 -0800 ++++ nginx-1.19.3-patched/auto/cc/gcc 2014-03-13 20:54:13.301355329 -0700 +@@ -168,7 +168,7 @@ esac + + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" +diff -urp nginx-1.19.3/auto/cc/icc nginx-1.19.3-patched/auto/cc/icc +--- nginx-1.19.3/auto/cc/icc 2014-03-04 03:39:24.000000000 -0800 ++++ nginx-1.19.3-patched/auto/cc/icc 2014-03-13 20:54:13.301355329 -0700 +@@ -115,7 +115,7 @@ case "$NGX_ICC_VER" in + esac + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" diff --git a/images/nginx/rootfs/patches/nginx-1.19.3-proxy_host_port_vars.patch b/images/nginx/rootfs/patches/nginx-1.19.3-proxy_host_port_vars.patch new file mode 100644 index 000000000..63eaf0ca7 --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.19.3-proxy_host_port_vars.patch @@ -0,0 +1,19 @@ +--- nginx-1.19.3/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 ++++ nginx-1.19.3-patched/src/http/modules/ngx_http_proxy_module.c 2017-07-16 14:02:51.000000000 +0800 +@@ -793,13 +793,13 @@ static ngx_keyval_t ngx_http_proxy_cach + static ngx_http_variable_t ngx_http_proxy_vars[] = { + + { ngx_string("proxy_host"), NULL, ngx_http_proxy_host_variable, 0, +- NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 }, ++ NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 }, + + { ngx_string("proxy_port"), NULL, ngx_http_proxy_port_variable, 0, +- NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 }, ++ NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 }, + + { ngx_string("proxy_add_x_forwarded_for"), NULL, +- ngx_http_proxy_add_x_forwarded_for_variable, 0, NGX_HTTP_VAR_NOHASH, 0 }, ++ ngx_http_proxy_add_x_forwarded_for_variable, 0, 0, 0 }, + + #if 0 + { ngx_string("proxy_add_via"), NULL, NULL, 0, NGX_HTTP_VAR_NOHASH, 0 }, diff --git a/images/nginx/rootfs/patches/nginx-1.19.3-resolver_conf_parsing.patch b/images/nginx/rootfs/patches/nginx-1.19.3-resolver_conf_parsing.patch new file mode 100644 index 000000000..8638cdf2a --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.19.3-resolver_conf_parsing.patch @@ -0,0 +1,263 @@ +diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c +index cd55520c..dade1846 100644 +--- a/src/core/ngx_resolver.c ++++ b/src/core/ngx_resolver.c +@@ -9,12 +9,26 @@ + #include + #include + ++#if !(NGX_WIN32) ++#include ++#endif ++ + + #define NGX_RESOLVER_UDP_SIZE 4096 + + #define NGX_RESOLVER_TCP_RSIZE (2 + 65535) + #define NGX_RESOLVER_TCP_WSIZE 8192 + ++#if !(NGX_WIN32) ++/* ++ * note that 2KB should be more than enough for majority of the ++ * resolv.conf files out there. it also acts as a safety guard to prevent ++ * abuse. ++ */ ++#define NGX_RESOLVER_FILE_BUF_SIZE 2048 ++#define NGX_RESOLVER_FILE_NAME "/etc/resolv.conf" ++#endif ++ + + typedef struct { + u_char ident_hi; +@@ -131,6 +145,191 @@ static ngx_resolver_node_t *ngx_resolver_lookup_addr6(ngx_resolver_t *r, + #endif + + ++#if !(NGX_WIN32) ++static ngx_int_t ++ngx_resolver_read_resolv_conf(ngx_conf_t *cf, ngx_resolver_t *r, u_char *path, ++ size_t path_len) ++{ ++ ngx_url_t u; ++ ngx_resolver_connection_t *rec; ++ ngx_fd_t fd; ++ ngx_file_t file; ++ u_char buf[NGX_RESOLVER_FILE_BUF_SIZE]; ++ u_char ipv6_buf[NGX_INET6_ADDRSTRLEN]; ++ ngx_uint_t address = 0, j, total = 0; ++ ssize_t n, i; ++ enum { ++ sw_nameserver, ++ sw_spaces, ++ sw_address, ++ sw_skip ++ } state; ++ ++ file.name.data = path; ++ file.name.len = path_len; ++ ++ if (ngx_conf_full_name(cf->cycle, &file.name, 1) != NGX_OK) { ++ return NGX_ERROR; ++ } ++ ++ fd = ngx_open_file(file.name.data, NGX_FILE_RDONLY, ++ NGX_FILE_OPEN, 0); ++ ++ if (fd == NGX_INVALID_FILE) { ++ ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno, ++ ngx_open_file_n " \"%s\" failed", file.name.data); ++ ++ return NGX_ERROR; ++ } ++ ++ ngx_memzero(&file, sizeof(ngx_file_t)); ++ ++ file.fd = fd; ++ file.log = cf->log; ++ ++ state = sw_nameserver; ++ ++ n = ngx_read_file(&file, buf, NGX_RESOLVER_FILE_BUF_SIZE, 0); ++ ++ if (n == NGX_ERROR) { ++ ngx_conf_log_error(NGX_LOG_ALERT, cf, ngx_errno, ++ ngx_read_file_n " \"%s\" failed", file.name.data); ++ } ++ ++ if (ngx_close_file(file.fd) == NGX_FILE_ERROR) { ++ ngx_conf_log_error(NGX_LOG_ALERT, cf, ngx_errno, ++ ngx_close_file_n " \"%s\" failed", file.name.data); ++ } ++ ++ if (n == NGX_ERROR) { ++ return NGX_ERROR; ++ } ++ ++ if (n == 0) { ++ return NGX_OK; ++ } ++ ++ for (i = 0; i < n && total < MAXNS; /* void */) { ++ if (buf[i] == '#' || buf[i] == ';') { ++ state = sw_skip; ++ } ++ ++ switch (state) { ++ ++ case sw_nameserver: ++ ++ if ((size_t) n - i >= sizeof("nameserver") - 1 ++ && ngx_memcmp(buf + i, "nameserver", ++ sizeof("nameserver") - 1) == 0) ++ { ++ state = sw_spaces; ++ i += sizeof("nameserver") - 1; ++ ++ continue; ++ } ++ ++ break; ++ ++ case sw_spaces: ++ if (buf[i] != '\t' && buf[i] != ' ') { ++ address = i; ++ state = sw_address; ++ } ++ ++ break; ++ ++ case sw_address: ++ ++ if (buf[i] == CR || buf[i] == LF || i == n - 1) { ++ ngx_memzero(&u, sizeof(ngx_url_t)); ++ ++ u.url.data = buf + address; ++ ++ if (i == n - 1 && buf[i] != CR && buf[i] != LF) { ++ u.url.len = n - address; ++ ++ } else { ++ u.url.len = i - address; ++ } ++ ++ u.default_port = 53; ++ ++ /* IPv6? */ ++ if (ngx_strlchr(u.url.data, u.url.data + u.url.len, ++ ':') != NULL) ++ { ++ if (u.url.len + 2 > sizeof(ipv6_buf)) { ++ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, ++ "IPv6 resolver address is too long:" ++ " \"%V\"", &u.url); ++ ++ return NGX_ERROR; ++ } ++ ++ ipv6_buf[0] = '['; ++ ngx_memcpy(ipv6_buf + 1, u.url.data, u.url.len); ++ ipv6_buf[u.url.len + 1] = ']'; ++ ++ u.url.data = ipv6_buf; ++ u.url.len = u.url.len + 2; ++ } ++ ++ if (ngx_parse_url(cf->pool, &u) != NGX_OK) { ++ if (u.err) { ++ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, ++ "%s in resolver \"%V\"", ++ u.err, &u.url); ++ } ++ ++ return NGX_ERROR; ++ } ++ ++ rec = ngx_array_push_n(&r->connections, u.naddrs); ++ if (rec == NULL) { ++ return NGX_ERROR; ++ } ++ ++ ngx_memzero(rec, u.naddrs * sizeof(ngx_resolver_connection_t)); ++ ++ for (j = 0; j < u.naddrs; j++) { ++ rec[j].sockaddr = u.addrs[j].sockaddr; ++ rec[j].socklen = u.addrs[j].socklen; ++ rec[j].server = u.addrs[j].name; ++ rec[j].resolver = r; ++ } ++ ++ total++; ++ ++#if (NGX_DEBUG) ++ /* ++ * logs with level below NGX_LOG_NOTICE will not be printed ++ * in this early phase ++ */ ++ ngx_conf_log_error(NGX_LOG_NOTICE, cf, 0, ++ "parsed a resolver: \"%V\"", &u.url); ++#endif ++ ++ state = sw_nameserver; ++ } ++ ++ break; ++ ++ case sw_skip: ++ if (buf[i] == CR || buf[i] == LF) { ++ state = sw_nameserver; ++ } ++ ++ break; ++ } ++ ++ i++; ++ } ++ ++ return NGX_OK; ++} ++#endif ++ ++ + ngx_resolver_t * + ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n) + { +@@ -246,6 +445,39 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n) + } + #endif + ++#if !(NGX_WIN32) ++ if (ngx_strncmp(names[i].data, "local=", 6) == 0) { ++ ++ if (ngx_strcmp(&names[i].data[6], "on") == 0) { ++ if (ngx_resolver_read_resolv_conf(cf, r, ++ (u_char *) ++ NGX_RESOLVER_FILE_NAME, ++ sizeof(NGX_RESOLVER_FILE_NAME) ++ - 1) ++ != NGX_OK) ++ { ++ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, ++ "unable to parse local resolver"); ++ return NULL; ++ } ++ ++ } else if (ngx_strcmp(&names[i].data[6], "off") != 0) { ++ if (ngx_resolver_read_resolv_conf(cf, r, ++ &names[i].data[6], ++ names[i].len - 6) ++ != NGX_OK) ++ { ++ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, ++ "unable to parse local resolver"); ++ return NULL; ++ } ++ ++ } ++ ++ continue; ++ } ++#endif ++ + ngx_memzero(&u, sizeof(ngx_url_t)); + + u.url = names[i]; diff --git a/images/nginx/rootfs/patches/nginx-1.17.8-reuseport_close_unused_fds.patch b/images/nginx/rootfs/patches/nginx-1.19.3-reuseport_close_unused_fds.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.17.8-reuseport_close_unused_fds.patch rename to images/nginx/rootfs/patches/nginx-1.19.3-reuseport_close_unused_fds.patch diff --git a/images/nginx/rootfs/patches/nginx-1.17.8-single_process_graceful_exit.patch b/images/nginx/rootfs/patches/nginx-1.19.3-single_process_graceful_exit.patch similarity index 65% rename from images/nginx/rootfs/patches/nginx-1.17.8-single_process_graceful_exit.patch rename to images/nginx/rootfs/patches/nginx-1.19.3-single_process_graceful_exit.patch index 095e7fff7..2754fc2fe 100644 --- a/images/nginx/rootfs/patches/nginx-1.17.8-single_process_graceful_exit.patch +++ b/images/nginx/rootfs/patches/nginx-1.19.3-single_process_graceful_exit.patch @@ -1,8 +1,30 @@ +diff --git a/src/os/unix/ngx_process.c b/src/os/unix/ngx_process.c +index 15680237..12a8c687 100644 +--- a/src/os/unix/ngx_process.c ++++ b/src/os/unix/ngx_process.c +@@ -362,8 +362,15 @@ ngx_signal_handler(int signo, siginfo_t *siginfo, void *ucontext) + break; + + case ngx_signal_value(NGX_RECONFIGURE_SIGNAL): +- ngx_reconfigure = 1; +- action = ", reconfiguring"; ++ if (ngx_process == NGX_PROCESS_SINGLE) { ++ ngx_terminate = 1; ++ action = ", exiting"; ++ ++ } else { ++ ngx_reconfigure = 1; ++ action = ", reconfiguring"; ++ } ++ + break; + + case ngx_signal_value(NGX_REOPEN_SIGNAL): diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c -index 1710ea81..b379da9c 100644 +index 5817a2c2..f3d58e97 100644 --- a/src/os/unix/ngx_process_cycle.c +++ b/src/os/unix/ngx_process_cycle.c -@@ -304,11 +304,26 @@ ngx_single_process_cycle(ngx_cycle_t *cycle) +@@ -305,11 +305,26 @@ ngx_single_process_cycle(ngx_cycle_t *cycle) } for ( ;; ) { @@ -30,7 +52,7 @@ index 1710ea81..b379da9c 100644 for (i = 0; cycle->modules[i]; i++) { if (cycle->modules[i]->exit_process) { -@@ -319,6 +334,20 @@ ngx_single_process_cycle(ngx_cycle_t *cycle) +@@ -320,6 +335,20 @@ ngx_single_process_cycle(ngx_cycle_t *cycle) ngx_master_process_exit(cycle); } diff --git a/images/nginx/rootfs/patches/nginx-1.17.8-socket_cloexec.patch b/images/nginx/rootfs/patches/nginx-1.19.3-socket_cloexec.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.17.8-socket_cloexec.patch rename to images/nginx/rootfs/patches/nginx-1.19.3-socket_cloexec.patch diff --git a/images/nginx/rootfs/patches/nginx-1.17.8-ssl_cert_cb_yield.patch b/images/nginx/rootfs/patches/nginx-1.19.3-ssl_cert_cb_yield.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.17.8-ssl_cert_cb_yield.patch rename to images/nginx/rootfs/patches/nginx-1.19.3-ssl_cert_cb_yield.patch diff --git a/images/nginx/rootfs/patches/nginx-1.17.8-ssl_sess_cb_yield.patch b/images/nginx/rootfs/patches/nginx-1.19.3-ssl_sess_cb_yield.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.17.8-ssl_sess_cb_yield.patch rename to images/nginx/rootfs/patches/nginx-1.19.3-ssl_sess_cb_yield.patch diff --git a/images/nginx/rootfs/patches/nginx-1.19.3-stream_proxy_get_next_upstream_tries.patch b/images/nginx/rootfs/patches/nginx-1.19.3-stream_proxy_get_next_upstream_tries.patch new file mode 100644 index 000000000..cb881f070 --- /dev/null +++ b/images/nginx/rootfs/patches/nginx-1.19.3-stream_proxy_get_next_upstream_tries.patch @@ -0,0 +1,31 @@ +diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h +index 09d2459..de92724 100644 +--- a/src/stream/ngx_stream.h ++++ b/src/stream/ngx_stream.h +@@ -303,4 +303,7 @@ typedef ngx_int_t (*ngx_stream_filter_pt)(ngx_stream_session_t *s, + extern ngx_stream_filter_pt ngx_stream_top_filter; + + ++#define HAS_NGX_STREAM_PROXY_GET_NEXT_UPSTREAM_TRIES_PATCH 1 ++ ++ + #endif /* _NGX_STREAM_H_INCLUDED_ */ +diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c +index 0afde1c..3254ce1 100644 +--- a/src/stream/ngx_stream_proxy_module.c ++++ b/src/stream/ngx_stream_proxy_module.c +@@ -2156,3 +2156,14 @@ ngx_stream_proxy_bind(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) + + return NGX_CONF_OK; + } ++ ++ ++ngx_uint_t ++ngx_stream_proxy_get_next_upstream_tries(ngx_stream_session_t *s) ++{ ++ ngx_stream_proxy_srv_conf_t *pscf; ++ ++ pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); ++ ++ return pscf->next_upstream_tries; ++} diff --git a/images/nginx/rootfs/patches/nginx-1.17.8-stream_ssl_preread_no_skip.patch b/images/nginx/rootfs/patches/nginx-1.19.3-stream_ssl_preread_no_skip.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.17.8-stream_ssl_preread_no_skip.patch rename to images/nginx/rootfs/patches/nginx-1.19.3-stream_ssl_preread_no_skip.patch diff --git a/images/nginx/rootfs/patches/nginx-1.17.8-upstream_pipelining.patch b/images/nginx/rootfs/patches/nginx-1.19.3-upstream_pipelining.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.17.8-upstream_pipelining.patch rename to images/nginx/rootfs/patches/nginx-1.19.3-upstream_pipelining.patch diff --git a/images/nginx/rootfs/patches/nginx-1.17.8-upstream_timeout_fields.patch b/images/nginx/rootfs/patches/nginx-1.19.3-upstream_timeout_fields.patch similarity index 100% rename from images/nginx/rootfs/patches/nginx-1.17.8-upstream_timeout_fields.patch rename to images/nginx/rootfs/patches/nginx-1.19.3-upstream_timeout_fields.patch