nginx-more el9 support

I started working on el9 support for nginx-more. There's only issues so far with two modules: PageSpeed and VTS.

I will keep this issue for tracking el9 release.

Jul 20 '22 17:07 karljohns0n

For modules like PageSpeed and VTS that hasn't been updated from years, please compile one without them so we can use nginx-more on El9 for now! After the issues get fixed, then please compile new one including them!! Besides, for me VTS and PageSpeed work can be performed using analytics and WP plugin until they are available!! Thanks

Jul 29 '22 06:07 skrlance

Hi Karl. I would really appreciate it if you just happen to be able to release a working version for EL9 without all the bells and whistles that currently have issues. Thank you.

Aug 18 '22 08:08 oncena

I also agree Karl, please compile one with those thats working. Let's not stop because of Pagespeed and VTS. We are already on El9 and waiting to install nginx-more for it. You can compile including those after the issues gets fixed.

Aug 19 '22 17:08 aabiskar1

A new version of module VTS has been released today. I will keep an eye on it.

Meanwhile, I built packages for el9 for testing purpose. Everything seems fine so far, only need to remove PageSpeed/VTS config to start nginx.

[root@7e215c48dc3f ~]# dnf -y -q install https://repo.aerisnetwork.com/pub/aeris-release-9.rpm
Installed:
  aeris-release-1.0-9.el9.noarch                                       dbus-libs-1:1.12.20-5.el9.x86_64                      
  dnf-plugins-core-4.0.24-4.el9_0.noarch                               epel-release-9-4.el9.noarch                           
  python3-dateutil-1:2.8.1-6.el9.noarch                                python3-dbus-1.2.18-2.el9.x86_64                      
  python3-dnf-plugins-core-4.0.24-4.el9_0.noarch                       python3-six-1.15.0-9.el9.noarch                       

[root@7e215c48dc3f ~]# dnf -y -q --enablerepo=aeris-testing install nginx-more nginx-more-module-modsecurity
Installed:
  fontconfig-2.13.94-2.el9.x86_64     freetype-2.10.4-6.el9.x86_64        gd-2.3.2-3.el9.x86_64                              
  graphite2-1.3.14-9.el9.x86_64       harfbuzz-2.7.4-5.el9.x86_64         jbigkit-libs-2.1-23.el9.x86_64                     
  libX11-1.7.0-7.el9.x86_64           libX11-common-1.7.0-7.el9.noarch    libXau-1.0.9-8.el9.x86_64                          
  libXpm-3.5.13-7.el9.x86_64          libjpeg-turbo-2.0.90-5.el9.x86_64   libmaxminddb-1.6.0-2.el9.x86_64                    
  libmodsecurity-3.0.7-2.el9.x86_64   libpng-2:1.6.37-12.el9.x86_64       libtiff-4.2.0-3.el9.x86_64                         
  libwebp-1.2.0-3.el9.x86_64          libxcb-1.13.1-9.el9.x86_64          libxslt-1.1.34-9.el9.x86_64                        
  lmdb-libs-0.9.29-3.el9.x86_64       nginx-more-1.22.0-4.el9.x86_64      nginx-more-module-modsecurity-1.22.0-4.el9.x86_64  
  ssdeep-libs-2.14.1-11.el9.x86_64    xml-common-0.6.3-58.el9.noarch      yajl-2.1.0-21.el9_0.x86_64                         

[root@7e215c48dc3f ~]# nginx &

[root@7e215c48dc3f ~]# nginx -V
nginx version: nginx/1.22.0
custom build maintained on github.com/karljohns0n/nginx-more
built by gcc 11.2.1 20220127 (Red Hat 11.2.1-9) (GCC) 
built with OpenSSL 3.0.5 5 Jul 2022
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/cache/client_body --http-proxy-temp-path=/var/lib/nginx/cache/proxy --http-fastcgi-temp-path=/var/lib/nginx/cache/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/cache/uwsgi --http-scgi-temp-path=/var/lib/nginx/cache/scgi --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=nginx --group=nginx --with-compat --with-file-aio --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_image_filter_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-threads --with-stream --with-stream_ssl_module --with-stream_realip_module --with-http_slice_module --with-stream_ssl_preread_module --with-debug --with-cc-opt='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64-v2 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -DTCP_FASTOPEN=23' --with-openssl=modules/openssl-3.0.5 --with-openssl-opt=enable-ktls --with-http_v2_hpack_enc --add-dynamic-module=modules/ngx_modsecurity-1.0.3 --add-module=modules/ngx_headers_more-0.34 --add-module=modules/ngx_cache_purge-2.3 --add-module=modules/ngx_brotli-snap20220505 --add-module=modules/ngx_http_geoip2_module-3.4 --add-module=modules/ngx_echo-0.62

[root@7e215c48dc3f ~]# cat /var/log/nginx/error.log 
2022/09/05 18:41:21 [notice] 212#212: ModSecurity-nginx v1.0.3 (rules loaded inline/local/remote: 0/0/0)
2022/09/05 18:41:21 [notice] 212#212: using the "epoll" event method
2022/09/05 18:41:21 [notice] 212#212: nginx/1.22.0
2022/09/05 18:41:21 [notice] 212#212: built by gcc 11.2.1 20220127 (Red Hat 11.2.1-9) (GCC) 
2022/09/05 18:41:21 [notice] 212#212: OS: Linux 5.10.124-linuxkit
2022/09/05 18:41:21 [notice] 212#212: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2022/09/05 18:41:21 [notice] 213#213: start worker processes
2022/09/05 18:41:21 [notice] 213#213: start worker process 214
2022/09/05 18:41:21 [notice] 213#213: start worker process 215
2022/09/05 18:41:21 [notice] 213#213: start worker process 216
2022/09/05 18:41:21 [notice] 213#213: start worker process 217
2022/09/05 18:41:21 [notice] 213#213: start worker process 218
2022/09/05 18:41:21 [notice] 213#213: start worker process 219
2022/09/05 18:41:21 [notice] 213#213: start cache manager process 220
2022/09/05 18:41:21 [notice] 213#213: start cache loader process 221

Sep 05 '22 13:09 karljohns0n

I just checked, latest dev version has fixed the VTS issue when compiling.

Sep 08 '22 07:09 skrlance

Yes I did a build yesterday, it went fine. Only missing PageSpeed. I'll probably skip this module for el9, at least to start.

Sep 08 '22 17:09 karljohns0n

I pushed el9 build stable including latest module VTS 0.2.1 but still without PageSpeed (for now).

Package aeris-release should be reinstalled as it uses a new key.

[root@81b6c7c5497f ~]# dnf clean all && dnf reinstall -y aeris-release 
[root@81b6c7c5497f ~]# dnf install nginx-more nginx-more-module-modsecurity
[root@81b6c7c5497f ~]# nginx -V
nginx version: nginx/1.22.0
custom build maintained on github.com/karljohns0n/nginx-more
built by gcc 11.2.1 20220127 (Red Hat 11.2.1-9) (GCC) 
built with OpenSSL 3.0.5 5 Jul 2022
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/cache/client_body --http-proxy-temp-path=/var/lib/nginx/cache/proxy --http-fastcgi-temp-path=/var/lib/nginx/cache/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/cache/uwsgi --http-scgi-temp-path=/var/lib/nginx/cache/scgi --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=nginx --group=nginx --with-compat --with-file-aio --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_image_filter_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-threads --with-stream --with-stream_ssl_module --with-stream_realip_module --with-http_slice_module --with-stream_ssl_preread_module --with-debug --with-cc-opt='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64-v2 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -DTCP_FASTOPEN=23' --with-openssl=modules/openssl-3.0.5 --with-openssl-opt=enable-ktls --with-http_v2_hpack_enc --add-dynamic-module=modules/ngx_modsecurity-1.0.3 --add-module=modules/ngx_headers_more-0.34 --add-module=modules/ngx_cache_purge-2.3 --add-module=modules/ngx_module_vts-0.2.1 --add-module=modules/ngx_brotli-snap20220505 --add-module=modules/ngx_http_geoip2_module-3.4 --add-module=modules/ngx_echo-0.62

Please provide feedback. I only tested with Docker at the moment. Thanks!

Sep 20 '22 02:09 karljohns0n

Works like a charm on Rocky Linux 9. Thank you.

Sep 20 '22 18:09 oncena

The repos are working good and stable so this issue should be marked resolved!!

Sep 24 '22 16:09 skrlance

nginx-more nginx-more copied to clipboard

el9 support

nginx-more
nginx-more copied to clipboard