Merge pull request #3182 from bison/nginx-vts
Add vhost-traffic-status module to Nginx
This commit is contained in:
Brad Ison
GitHub
commit
cf8e71f1e8
6 changed files with 139 additions and 3 deletions
17
Dockerfile
17
Dockerfile
|
|
@ -13,12 +13,19 @@ WORKDIR $QUAYDIR
|
|||
|
||||
# This is so we don't break http golang/go#17066
|
||||
# When Ubuntu has nginx >= 1.11.0 we can switch back.
|
||||
RUN add-apt-repository ppa:nginx/development
|
||||
ENV NGINX_GPGKEY 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
|
||||
RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 \
|
||||
--keyserver-options timeout=10 --recv-keys "${NGINX_GPGKEY}"
|
||||
|
||||
RUN add-apt-repository --enable-source \
|
||||
"deb http://nginx.org/packages/ubuntu/ xenial nginx"
|
||||
|
||||
# Add Yarn repository until it is officially added to Ubuntu
|
||||
RUN curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
|
||||
&& echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
|
||||
&& add-apt-repository "deb https://dl.yarnpkg.com/debian/ stable main"
|
||||
|
||||
RUN curl -fsSL https://deb.nodesource.com/setup_8.x | bash -
|
||||
|
||||
# Install system packages
|
||||
RUN apt-get update && apt-get upgrade -y \
|
||||
&& apt-get install -y \
|
||||
|
|
@ -55,7 +62,11 @@ RUN apt-get update && apt-get upgrade -y \
|
|||
python-pip \
|
||||
python-virtualenv \
|
||||
yarn=0.22.0-1 \
|
||||
w3m # 27MAR2018
|
||||
w3m # 13JUL2018
|
||||
|
||||
# Install nginx-module-vts
|
||||
COPY scripts/build-nginx-vts.sh /tmp/build-nginx-vts.sh
|
||||
RUN /tmp/build-nginx-vts.sh v0.1.18
|
||||
|
||||
# Install cfssl
|
||||
RUN curl -fsSL -o /bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 \
|
||||
|
|
|
|||
|
|
@ -11,6 +11,8 @@ http {
|
|||
|
||||
resolver 127.0.0.1 valid=10s;
|
||||
|
||||
vhost_traffic_status_zone;
|
||||
|
||||
ssl_certificate ../stack/ssl.cert;
|
||||
ssl_certificate_key ../stack/ssl.key;
|
||||
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
|
||||
|
|
@ -52,6 +54,14 @@ http {
|
|||
|
||||
access_log /dev/stdout lb_logs;
|
||||
}
|
||||
|
||||
server {
|
||||
include vhost-traffic-status.conf;
|
||||
|
||||
listen 9080 default;
|
||||
|
||||
access_log /dev/stdout lb_logs;
|
||||
}
|
||||
}
|
||||
|
||||
{% else %}
|
||||
|
|
@ -62,6 +72,8 @@ http {
|
|||
|
||||
resolver 127.0.0.1 valid=10s;
|
||||
|
||||
vhost_traffic_status_zone;
|
||||
|
||||
server {
|
||||
include server-base.conf;
|
||||
|
||||
|
|
@ -69,6 +81,14 @@ http {
|
|||
|
||||
access_log /dev/stdout lb_logs;
|
||||
}
|
||||
|
||||
server {
|
||||
include vhost-traffic-status.conf;
|
||||
|
||||
listen 9080 default;
|
||||
|
||||
access_log /dev/stdout lb_logs;
|
||||
}
|
||||
}
|
||||
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,7 @@
|
|||
# vim: ft=nginx
|
||||
|
||||
load_module modules/ngx_http_vhost_traffic_status_module.so;
|
||||
|
||||
pid /tmp/nginx.pid;
|
||||
error_log /dev/stdout;
|
||||
|
||||
|
|
|
|||
7
conf/nginx/vhost-traffic-status.conf
Normal file
7
conf/nginx/vhost-traffic-status.conf
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
# vim: ft=nginx
|
||||
|
||||
server_name _;
|
||||
|
||||
root /dev/null;
|
||||
|
||||
vhost_traffic_status_display;
|
||||
96
scripts/build-nginx-vts.sh
Executable file
96
scripts/build-nginx-vts.sh
Executable file
|
|
@ -0,0 +1,96 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ -z "${1}" ]; then
|
||||
echo "Please specify a vts version to install."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
VTS_VERSION="${1}"
|
||||
NGINX_VERSION="$(nginx -v 2>&1 | cut -d '/' -f 2)"
|
||||
MODULES_DIR="/usr/lib/nginx/modules"
|
||||
|
||||
BUILD_PATH="/tmp/build"
|
||||
VTS_PATH="${BUILD_PATH}/nginx-module-vts-${VTS_VERSION}"
|
||||
|
||||
mkdir -p "${BUILD_PATH}"
|
||||
mkdir -p "${VTS_PATH}"
|
||||
cd "${BUILD_PATH}"
|
||||
|
||||
echo "==> Downloading nginx-module-vts..."
|
||||
curl -fsSL -o "nginx-module-vts-${VTS_VERSION}.tar.gz" \
|
||||
"https://github.com/vozlt/nginx-module-vts/archive/${VTS_VERSION}.tar.gz"
|
||||
|
||||
# The directory in the tarball (infuriatingly) doesn't include the
|
||||
# leading "v" in the version number, so this normalizes it.
|
||||
tar xzf "nginx-module-vts-${VTS_VERSION}.tar.gz" -C "${VTS_PATH}" \
|
||||
--strip-components 1
|
||||
|
||||
echo "==> Downloading nginx source..."
|
||||
apt-get source -y nginx
|
||||
apt-get install -y libpcre16-3 libpcre3-dev libpcre32-3 libpcrecpp0v5
|
||||
|
||||
echo "==> Building nginx-module-vts..."
|
||||
cd "nginx-${NGINX_VERSION}"
|
||||
|
||||
CCFLAGS='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC'
|
||||
LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'
|
||||
|
||||
(
|
||||
|
||||
# The options here need to match the output of `nginx -v`.
|
||||
./configure --prefix=/etc/nginx \
|
||||
--sbin-path=/usr/sbin/nginx \
|
||||
--modules-path=/usr/lib/nginx/modules \
|
||||
--conf-path=/etc/nginx/nginx.conf \
|
||||
--error-log-path=/var/log/nginx/error.log \
|
||||
--http-log-path=/var/log/nginx/access.log \
|
||||
--pid-path=/var/run/nginx.pid \
|
||||
--lock-path=/var/run/nginx.lock \
|
||||
--http-client-body-temp-path=/var/cache/nginx/client_temp \
|
||||
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
|
||||
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
|
||||
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
|
||||
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
|
||||
--user=nginx \
|
||||
--group=nginx \
|
||||
--with-compat \
|
||||
--with-file-aio \
|
||||
--with-threads \
|
||||
--with-http_addition_module \
|
||||
--with-http_auth_request_module \
|
||||
--with-http_dav_module \
|
||||
--with-http_flv_module \
|
||||
--with-http_gunzip_module \
|
||||
--with-http_gzip_static_module \
|
||||
--with-http_mp4_module \
|
||||
--with-http_random_index_module \
|
||||
--with-http_realip_module \
|
||||
--with-http_secure_link_module \
|
||||
--with-http_slice_module \
|
||||
--with-http_ssl_module \
|
||||
--with-http_stub_status_module \
|
||||
--with-http_sub_module \
|
||||
--with-http_v2_module \
|
||||
--with-mail \
|
||||
--with-mail_ssl_module \
|
||||
--with-stream \
|
||||
--with-stream_realip_module \
|
||||
--with-stream_ssl_module \
|
||||
--with-stream_ssl_preread_module \
|
||||
--with-cc-opt="${CCFLAGS}" \
|
||||
--with-ld-opt="${LDFLAGS}" \
|
||||
--add-dynamic-module="${VTS_PATH}"
|
||||
|
||||
make modules
|
||||
|
||||
) 1>/dev/null
|
||||
|
||||
echo "==> Installing nginx-module-vts..."
|
||||
cp -a objs/ngx_http_vhost_traffic_status_module.so \
|
||||
"${MODULES_DIR}/ngx_http_vhost_traffic_status_module.so"
|
||||
|
||||
echo "==> Cleaning up..."
|
||||
cd / && rm -fr "${BUILD_PATH}"
|
||||
apt-get purge -y libpcre16-3 libpcre3-dev libpcre32-3 libpcrecpp0v5
|
||||
Binary file not shown.
Reference in a new issue