From 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf Mon Sep 17 00:00:00 2001 From: takeshi_hoshina Date: Mon, 2 Nov 2020 11:07:33 +0900 Subject: basesystem-jj recipes --- .../recipes-httpd/nginx/files/default_server.site | 14 +++ .../nginx/files/nginx-fix-pidfile.patch | 99 +++++++++++++++ .../recipes-httpd/nginx/files/nginx.conf | 139 +++++---------------- .../recipes-httpd/nginx/files/nginx.service | 10 +- .../recipes-httpd/nginx/files/proxy_params | 4 + .../meta-webserver/recipes-httpd/nginx/nginx.inc | 28 ++++- .../recipes-httpd/nginx/nginx_1.15.1.bb | 10 -- .../recipes-httpd/nginx/nginx_1.15.2.bb | 6 - .../recipes-httpd/nginx/nginx_1.16.1.bb | 6 + .../recipes-httpd/nginx/nginx_1.17.8.bb | 10 ++ 10 files changed, 199 insertions(+), 127 deletions(-) create mode 100644 external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/default_server.site create mode 100644 external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx-fix-pidfile.patch create mode 100644 external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/proxy_params delete mode 100644 external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.15.1.bb delete mode 100644 external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.15.2.bb create mode 100644 external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.16.1.bb create mode 100644 external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.17.8.bb (limited to 'external/meta-openembedded/meta-webserver/recipes-httpd/nginx') diff --git a/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/default_server.site b/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/default_server.site new file mode 100644 index 00000000..7a8a215c --- /dev/null +++ b/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/default_server.site @@ -0,0 +1,14 @@ +# Default server configuration +server { + listen 80 default_server; + listen [::]:80 default_server; + + root /var/www/localhost/html; + + index index.html index.htm; + + server_name _; + + # redirect server error pages to the static page /50x.html + error_page 500 502 503 504 /50x.html; +} diff --git a/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx-fix-pidfile.patch b/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx-fix-pidfile.patch new file mode 100644 index 00000000..90159a66 --- /dev/null +++ b/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx-fix-pidfile.patch @@ -0,0 +1,99 @@ +Description: Fix NGINX pidfile handling +Author: Tj +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1581864 +Last-Update: 2019-06-04 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ + +Upstream-Status: Pending + +This patch is from ubuntu, https://github.com/aroth-arsoft/pkg-nginx/blob +/master/debian/patches/nginx-fix-pidfile.patch, for fix below +error info: +nginx.service: failed to parse pid from file /run/nginx/nginx.pid: +invalid argument + +Signed-off-by: Changqing Li + +diff --git a/src/core/nginx.c b/src/core/nginx.c +index 9fcb0eb2..083eba1d 100644 +--- a/src/core/nginx.c ++++ b/src/core/nginx.c +@@ -338,14 +338,21 @@ main(int argc, char *const *argv) + ngx_process = NGX_PROCESS_MASTER; + } + ++ /* tell-tale to detect if this is parent or child process */ ++ ngx_int_t child_pid = NGX_BUSY; ++ + #if !(NGX_WIN32) + + if (ngx_init_signals(cycle->log) != NGX_OK) { + return 1; + } + ++ /* tell-tale that this code has been executed */ ++ child_pid--; ++ + if (!ngx_inherited && ccf->daemon) { +- if (ngx_daemon(cycle->log) != NGX_OK) { ++ child_pid = ngx_daemon(cycle->log); ++ if (child_pid == NGX_ERROR) { + return 1; + } + +@@ -358,8 +365,19 @@ main(int argc, char *const *argv) + + #endif + +- if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) { +- return 1; ++ /* If ngx_daemon() returned the child's PID in the parent process ++ * after the fork() set ngx_pid to the child_pid, which gets ++ * written to the PID file, then exit. ++ * For NGX_WIN32 always write the PID file ++ * For others, only write it from the parent process */ ++ if (child_pid < NGX_OK || child_pid > NGX_OK) { ++ ngx_pid = child_pid > NGX_OK ? child_pid : ngx_pid; ++ if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) { ++ return 1; ++ } ++ } ++ if (child_pid > NGX_OK) { ++ exit(0); + } + + if (ngx_log_redirect_stderr(cycle) != NGX_OK) { +diff --git a/src/os/unix/ngx_daemon.c b/src/os/unix/ngx_daemon.c +index 385c49b6..3719854c 100644 +--- a/src/os/unix/ngx_daemon.c ++++ b/src/os/unix/ngx_daemon.c +@@ -7,14 +7,17 @@ + + #include + #include ++#include + + + ngx_int_t + ngx_daemon(ngx_log_t *log) + { + int fd; ++ /* retain the return value for passing back to caller */ ++ pid_t pid_child = fork(); + +- switch (fork()) { ++ switch (pid_child) { + case -1: + ngx_log_error(NGX_LOG_EMERG, log, ngx_errno, "fork() failed"); + return NGX_ERROR; +@@ -23,7 +26,8 @@ ngx_daemon(ngx_log_t *log) + break; + + default: +- exit(0); ++ /* let caller do the exit() */ ++ return pid_child; + } + + ngx_parent = ngx_pid; diff --git a/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx.conf b/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx.conf index 69d3a2ad..6d219422 100644 --- a/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx.conf +++ b/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx.conf @@ -1,118 +1,47 @@ - user www; -worker_processes 1; - -error_log /var/log/nginx/error.log; -#error_log logs/error.log notice; -#error_log logs/error.log info; - -pid /run/nginx/nginx.pid; - +worker_processes 1; +pid /run/nginx/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; events { - worker_connections 1024; + worker_connections 768; + # multi_accept on; } - http { - include mime.types; + # Basic Settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; default_type application/octet-stream; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - #keepalive_timeout 0; - keepalive_timeout 65; - - #gzip on; - - server { - listen 80; - server_name localhost; - - #charset koi8-r; - - #access_log logs/host.access.log main; - - location / { - root /var/www/localhost/html; - index index.html index.htm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /var/www/localhost/html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} - } - - - # another virtual host using mix of IP-, name-, and port-based configuration - # - #server { - # listen 8000; - # listen somename:8080; - # server_name somename alias another.alias; - - # location / { - # root html; - # index index.html index.htm; - # } - #} - - - # HTTPS server - # - #server { - # listen 443; - # server_name localhost; - - # ssl on; - # ssl_certificate cert.pem; - # ssl_certificate_key cert.key; + # SSL Settings + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; - # ssl_session_timeout 5m; + ## Logging + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; - # ssl_protocols SSLv2 SSLv3 TLSv1; - # ssl_ciphers HIGH:!aNULL:!MD5; - # ssl_prefer_server_ciphers on; + ## Gzip settings + gzip on; - # location / { - # root html; - # index index.html index.htm; - # } - #} + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + ## Virtual Host Configs + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; } diff --git a/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx.service b/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx.service index ce990617..9a6ca965 100644 --- a/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx.service +++ b/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/nginx.service @@ -1,11 +1,15 @@ [Unit] -Description=Nginx Server -After=network.target +Description=The NGINX HTTP and reverse proxy server +After=syslog.target network.target remote-fs.target nss-lookup.target + [Service] Type=forking PIDFile=/run/nginx/nginx.pid +ExecStartPre=@SBINDIR@/nginx -t ExecStart=@SBINDIR@/nginx -ExecStop=@SBINDIR@/nginx -s stop ExecReload=@SBINDIR@/nginx -s reload +ExecStop=@BASE_BINDIR@/kill -s QUIT $MAINPID +PrivateTmp=true + [Install] WantedBy=multi-user.target diff --git a/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/proxy_params b/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/proxy_params new file mode 100644 index 00000000..df75bc5d --- /dev/null +++ b/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/proxy_params @@ -0,0 +1,4 @@ +proxy_set_header Host $http_host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; diff --git a/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx.inc b/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx.inc index 24c2cedf..de080a2b 100644 --- a/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx.inc +++ b/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx.inc @@ -16,9 +16,12 @@ SRC_URI = " \ file://nginx-cross.patch \ file://0001-Allow-the-overriding-of-the-endianness-via-the-confi.patch \ file://nginx.conf \ + file://default_server.site \ + file://proxy_params \ file://nginx.init \ file://nginx-volatile.conf \ file://nginx.service \ + file://nginx-fix-pidfile.patch \ " inherit siteinfo update-rc.d useradd systemd @@ -38,6 +41,7 @@ PACKAGECONFIG ??= "ssl" PACKAGECONFIG[http2] = "--with-http_v2_module,," PACKAGECONFIG[ssl] = "--with-http_ssl_module,,openssl" +PACKAGECONFIG[http-auth-request] = "--with-http_auth_request_module,," do_configure () { if [ "${SITEINFO_BITS}" = "64" ]; then @@ -86,13 +90,13 @@ do_install () { install -d ${D}${sysconfdir}/tmpfiles.d echo "d /run/${BPN} - - - -" \ > ${D}${sysconfdir}/tmpfiles.d/${BPN}.conf - echo "d /${localstatedir}/log/${BPN} 0755 root root -" \ + echo "d ${localstatedir}/log/${BPN} 0755 root root -" \ >> ${D}${sysconfdir}/tmpfiles.d/${BPN}.conf fi install -d ${D}${sysconfdir}/${BPN} - ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run + lnr ${D}${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run install -d ${D}${NGINX_WWWDIR} - mv ${D}/usr/html ${D}${NGINX_WWWDIR}/ + mv ${D}${exec_prefix}/html ${D}${NGINX_WWWDIR}/ chown ${NGINX_USER}:www-data -R ${D}${NGINX_WWWDIR} install -d ${D}${sysconfdir}/init.d @@ -102,23 +106,41 @@ do_install () { install -d ${D}${sysconfdir}/nginx install -m 0644 ${WORKDIR}/nginx.conf ${D}${sysconfdir}/nginx/nginx.conf + sed -i 's,/etc/,${sysconfdir}/,g' ${D}${sysconfdir}/nginx/nginx.conf sed -i 's,/var/,${localstatedir}/,g' ${D}${sysconfdir}/nginx/nginx.conf sed -i 's/^user.*/user ${NGINX_USER};/g' ${D}${sysconfdir}/nginx/nginx.conf + install -Dm 0644 ${WORKDIR}/default_server.site ${D}${sysconfdir}/nginx/sites-available/default_server + sed -i 's,/var/,${localstatedir}/,g' ${D}${sysconfdir}/nginx/sites-available/default_server install -d ${D}${sysconfdir}/nginx/sites-enabled + ln -s ../sites-available/default_server ${D}${sysconfdir}/nginx/sites-enabled/ + + install -m 0644 ${WORKDIR}/proxy_params ${D}${sysconfdir}/nginx/proxy_params install -d ${D}${sysconfdir}/default/volatiles install -m 0644 ${WORKDIR}/nginx-volatile.conf ${D}${sysconfdir}/default/volatiles/99_nginx sed -i 's,/var/,${localstatedir}/,g' ${D}${sysconfdir}/default/volatiles/99_nginx sed -i 's,@NGINX_USER@,${NGINX_USER},g' ${D}${sysconfdir}/default/volatiles/99_nginx + # cleanup configuration folder + rm ${D}${sysconfdir}/nginx/*.default + + # add additional configuration folders + install -d ${D}${sysconfdir}/nginx/modules-available + install -d ${D}${sysconfdir}/nginx/modules-enabled + install -d ${D}${sysconfdir}/nginx/server-conf.d + install -d ${D}${sysconfdir}/nginx/conf.d + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then install -d ${D}${systemd_unitdir}/system install -m 0644 ${WORKDIR}/nginx.service ${D}${systemd_unitdir}/system/ sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' \ -e 's,@LOCALSTATEDIR@,${localstatedir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ + -e 's,@BASE_BINDIR@,${base_bindir},g' \ ${D}${systemd_unitdir}/system/nginx.service fi + + rm -rf ${D}${localstatedir}/log/ } pkg_postinst_${PN} () { diff --git a/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.15.1.bb b/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.15.1.bb deleted file mode 100644 index 0f1ba8f6..00000000 --- a/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.15.1.bb +++ /dev/null @@ -1,10 +0,0 @@ -require nginx.inc - -# 1.14.x branch is the current stable branch, the recommended default -# 1.15.x is the current mainline branches containing all new features -DEFAULT_PREFERENCE = "-1" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=3691402cc54ce09f800ca348634a2dfe" - -SRC_URI[md5sum] = "2dd5a265c54a76b699443931d80a61b9" -SRC_URI[sha256sum] = "c7206858d7f832b8ef73a45c9b8f8e436bcb1ee88db2bc85b8e438ecec9d5460" diff --git a/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.15.2.bb b/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.15.2.bb deleted file mode 100644 index 3694f5b5..00000000 --- a/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.15.2.bb +++ /dev/null @@ -1,6 +0,0 @@ -require nginx.inc - -LIC_FILES_CHKSUM = "file://LICENSE;md5=3691402cc54ce09f800ca348634a2dfe" - -SRC_URI[md5sum] = "d063f746d3dc4298aed9c518f1684166" -SRC_URI[sha256sum] = "eeba09aecfbe8277ac33a5a2486ec2d6731739f3c1c701b42a0c3784af67ad90" diff --git a/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.16.1.bb b/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.16.1.bb new file mode 100644 index 00000000..20764257 --- /dev/null +++ b/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.16.1.bb @@ -0,0 +1,6 @@ +require nginx.inc + +LIC_FILES_CHKSUM = "file://LICENSE;md5=52e384aaac868b755b93ad5535e2d075" + +SRC_URI[md5sum] = "45a80f75336c980d240987badc3dcf60" +SRC_URI[sha256sum] = "f11c2a6dd1d3515736f0324857957db2de98be862461b5a542a3ac6188dbe32b" diff --git a/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.17.8.bb b/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.17.8.bb new file mode 100644 index 00000000..3d2a5edd --- /dev/null +++ b/external/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx_1.17.8.bb @@ -0,0 +1,10 @@ +require nginx.inc + +# 1.16.x branch is the current stable branch, the recommended default +# 1.17.x is the current mainline branches containing all new features +DEFAULT_PREFERENCE = "-1" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=52e384aaac868b755b93ad5535e2d075" + +SRC_URI[md5sum] = "29cd861a13aae69a058cbabaae86177b" +SRC_URI[sha256sum] = "97d23ecf6d5150b30e284b40e8a6f7e3bb5be6b601e373a4d013768d5a25965b" -- cgit 1.2.3-korg