From 083ba2bc785447dbb6dc180fa447a73ac3ee0e8b Mon Sep 17 00:00:00 2001
From: Brad Ison <bison@xvdf.io>
Date: Fri, 13 Jul 2018 14:53:53 -0400
Subject: [PATCH] Build nginx-vts module for nginx stats

---
 Dockerfile                 | 17 +++++--
 scripts/build-nginx-vts.sh | 96 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 110 insertions(+), 3 deletions(-)
 create mode 100755 scripts/build-nginx-vts.sh

diff --git a/Dockerfile b/Dockerfile
index b0bf9558a..854a27d12 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,12 +13,19 @@ WORKDIR $QUAYDIR
 
 # This is so we don't break http golang/go#17066
 # When Ubuntu has nginx >= 1.11.0 we can switch back.
-RUN  add-apt-repository ppa:nginx/development
+ENV NGINX_GPGKEY 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
+RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 \
+    --keyserver-options timeout=10 --recv-keys "${NGINX_GPGKEY}"
+
+RUN add-apt-repository --enable-source \
+    "deb http://nginx.org/packages/ubuntu/ xenial nginx"
 
 # Add Yarn repository until it is officially added to Ubuntu
 RUN curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
-    && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
+    && add-apt-repository "deb https://dl.yarnpkg.com/debian/ stable main"
+
 RUN curl -fsSL https://deb.nodesource.com/setup_8.x | bash -
+
 # Install system packages
 RUN apt-get update && apt-get upgrade -y \
     && apt-get install -y \
@@ -55,7 +62,11 @@ RUN apt-get update && apt-get upgrade -y \
      python-pip        \
      python-virtualenv \
      yarn=0.22.0-1     \
-     w3m # 27MAR2018
+     w3m # 13JUL2018
+
+# Install nginx-module-vts
+COPY scripts/build-nginx-vts.sh /tmp/build-nginx-vts.sh
+RUN /tmp/build-nginx-vts.sh v0.1.18
 
 # Install cfssl
 RUN curl -fsSL -o /bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 \
diff --git a/scripts/build-nginx-vts.sh b/scripts/build-nginx-vts.sh
new file mode 100755
index 000000000..f652b9c34
--- /dev/null
+++ b/scripts/build-nginx-vts.sh
@@ -0,0 +1,96 @@
+#!/bin/bash
+
+if [ -z "${1}" ]; then
+    echo "Please specify a vts version to install."
+    exit 1
+fi
+
+set -euo pipefail
+
+VTS_VERSION="${1}"
+NGINX_VERSION="$(nginx -v 2>&1 | cut -d '/' -f 2)"
+MODULES_DIR="/usr/lib/nginx/modules"
+
+BUILD_PATH="/tmp/build"
+VTS_PATH="${BUILD_PATH}/nginx-module-vts-${VTS_VERSION}"
+
+mkdir -p "${BUILD_PATH}"
+mkdir -p "${VTS_PATH}"
+cd "${BUILD_PATH}"
+
+echo "==> Downloading nginx-module-vts..."
+curl -fsSL -o "nginx-module-vts-${VTS_VERSION}.tar.gz" \
+     "https://github.com/vozlt/nginx-module-vts/archive/${VTS_VERSION}.tar.gz"
+
+# The directory in the tarball (infuriatingly) doesn't include the
+# leading "v" in the version number, so this normalizes it.
+tar xzf "nginx-module-vts-${VTS_VERSION}.tar.gz" -C "${VTS_PATH}" \
+    --strip-components 1
+
+echo "==> Downloading nginx source..."
+apt-get source -y nginx
+apt-get install -y libpcre16-3 libpcre3-dev libpcre32-3 libpcrecpp0v5
+
+echo "==> Building nginx-module-vts..."
+cd "nginx-${NGINX_VERSION}"
+
+CCFLAGS='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC'
+LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'
+
+(
+
+    # The options here need to match the output of `nginx -v`.
+    ./configure --prefix=/etc/nginx \
+                --sbin-path=/usr/sbin/nginx \
+                --modules-path=/usr/lib/nginx/modules \
+                --conf-path=/etc/nginx/nginx.conf \
+                --error-log-path=/var/log/nginx/error.log \
+                --http-log-path=/var/log/nginx/access.log \
+                --pid-path=/var/run/nginx.pid \
+                --lock-path=/var/run/nginx.lock \
+                --http-client-body-temp-path=/var/cache/nginx/client_temp \
+                --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
+                --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
+                --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
+                --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
+                --user=nginx \
+                --group=nginx \
+                --with-compat \
+                --with-file-aio \
+                --with-threads \
+                --with-http_addition_module \
+                --with-http_auth_request_module \
+                --with-http_dav_module \
+                --with-http_flv_module \
+                --with-http_gunzip_module \
+                --with-http_gzip_static_module \
+                --with-http_mp4_module \
+                --with-http_random_index_module \
+                --with-http_realip_module \
+                --with-http_secure_link_module \
+                --with-http_slice_module \
+                --with-http_ssl_module \
+                --with-http_stub_status_module \
+                --with-http_sub_module \
+                --with-http_v2_module \
+                --with-mail \
+                --with-mail_ssl_module \
+                --with-stream \
+                --with-stream_realip_module \
+                --with-stream_ssl_module \
+                --with-stream_ssl_preread_module \
+                --with-cc-opt="${CCFLAGS}" \
+                --with-ld-opt="${LDFLAGS}" \
+                --add-dynamic-module="${VTS_PATH}"
+
+    make modules
+
+) 1>/dev/null
+
+echo "==> Installing nginx-module-vts..."
+cp -a objs/ngx_http_vhost_traffic_status_module.so \
+   "${MODULES_DIR}/ngx_http_vhost_traffic_status_module.so"
+
+echo "==> Cleaning up..."
+cd / && rm -fr "${BUILD_PATH}"
+apt-get purge -y libpcre16-3 libpcre3-dev libpcre32-3 libpcrecpp0v5