vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #3182 from bison/nginx-vts

Browse source 
Add vhost-traffic-status module to Nginx
This commit is contained in:
Brad Ison 2018-07-25 20:15:11 +02:00 committed by GitHub
commit cf8e71f1e8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 139 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
Dockerfile
View file

@ -13,12 +13,19 @@ WORKDIR $QUAYDIR
# This is so we don't break http golang/go#17066 # This is so we don't break http golang/go#17066
# When Ubuntu has nginx >= 1.11.0 we can switch back. # When Ubuntu has nginx >= 1.11.0 we can switch back.
RUN add-apt-repository ppa:nginx/development ENV NGINX_GPGKEY 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 \
--keyserver-options timeout=10 --recv-keys "${NGINX_GPGKEY}"
RUN add-apt-repository --enable-source \
"deb http://nginx.org/packages/ubuntu/ xenial nginx"
# Add Yarn repository until it is officially added to Ubuntu # Add Yarn repository until it is officially added to Ubuntu
RUN curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \ RUN curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
&& echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && add-apt-repository "deb https://dl.yarnpkg.com/debian/ stable main"
RUN curl -fsSL https://deb.nodesource.com/setup_8.x | bash - RUN curl -fsSL https://deb.nodesource.com/setup_8.x | bash -
# Install system packages # Install system packages
RUN apt-get update && apt-get upgrade -y \ RUN apt-get update && apt-get upgrade -y \
&& apt-get install -y \ && apt-get install -y \
@ -55,7 +62,11 @@ RUN apt-get update && apt-get upgrade -y \
python-pip \ python-pip \
python-virtualenv \ python-virtualenv \
yarn=0.22.0-1 \ yarn=0.22.0-1 \
w3m # 27MAR2018 w3m # 13JUL2018
# Install nginx-module-vts
COPY scripts/build-nginx-vts.sh /tmp/build-nginx-vts.sh
RUN /tmp/build-nginx-vts.sh v0.1.18
# Install cfssl # Install cfssl
RUN curl -fsSL -o /bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 \ RUN curl -fsSL -o /bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 \

20
conf/nginx/nginx.conf.jnj
View file

@ -11,6 +11,8 @@ http {
resolver 127.0.0.1 valid=10s; resolver 127.0.0.1 valid=10s;
vhost_traffic_status_zone;
ssl_certificate ../stack/ssl.cert; ssl_certificate ../stack/ssl.cert;
ssl_certificate_key ../stack/ssl.key; ssl_certificate_key ../stack/ssl.key;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
@ -52,6 +54,14 @@ http {
access_log /dev/stdout lb_logs; access_log /dev/stdout lb_logs;
} }
server {
include vhost-traffic-status.conf;
listen 9080 default;
access_log /dev/stdout lb_logs;
}
} }
{% else %} {% else %}
@ -62,6 +72,8 @@ http {
resolver 127.0.0.1 valid=10s; resolver 127.0.0.1 valid=10s;
vhost_traffic_status_zone;
server { server {
include server-base.conf; include server-base.conf;
@ -69,6 +81,14 @@ http {
access_log /dev/stdout lb_logs; access_log /dev/stdout lb_logs;
} }
server {
include vhost-traffic-status.conf;
listen 9080 default;
access_log /dev/stdout lb_logs;
}
} }
{% endif %} {% endif %}

2
conf/nginx/root-base.conf
View file

@ -1,5 +1,7 @@
# vim: ft=nginx # vim: ft=nginx
load_module modules/ngx_http_vhost_traffic_status_module.so;
pid /tmp/nginx.pid; pid /tmp/nginx.pid;
error_log /dev/stdout; error_log /dev/stdout;

7
conf/nginx/vhost-traffic-status.conf Normal file
View file

@ -0,0 +1,7 @@
# vim: ft=nginx
server_name _;
root /dev/null;
vhost_traffic_status_display;

96
scripts/build-nginx-vts.sh Executable file
View file

@ -0,0 +1,96 @@
#!/bin/bash
if [ -z "${1}" ]; then
echo "Please specify a vts version to install."
exit 1
fi
set -euo pipefail
VTS_VERSION="${1}"
NGINX_VERSION="$(nginx -v 2>&1 | cut -d '/' -f 2)"
MODULES_DIR="/usr/lib/nginx/modules"
BUILD_PATH="/tmp/build"
VTS_PATH="${BUILD_PATH}/nginx-module-vts-${VTS_VERSION}"
mkdir -p "${BUILD_PATH}"
mkdir -p "${VTS_PATH}"
cd "${BUILD_PATH}"
echo "==> Downloading nginx-module-vts..."
curl -fsSL -o "nginx-module-vts-${VTS_VERSION}.tar.gz" \
"https://github.com/vozlt/nginx-module-vts/archive/${VTS_VERSION}.tar.gz"
# The directory in the tarball (infuriatingly) doesn't include the
# leading "v" in the version number, so this normalizes it.
tar xzf "nginx-module-vts-${VTS_VERSION}.tar.gz" -C "${VTS_PATH}" \
--strip-components 1
echo "==> Downloading nginx source..."
apt-get source -y nginx
apt-get install -y libpcre16-3 libpcre3-dev libpcre32-3 libpcrecpp0v5
echo "==> Building nginx-module-vts..."
cd "nginx-${NGINX_VERSION}"
CCFLAGS='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC'
LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'
(
# The options here need to match the output of `nginx -v`.
./configure --prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--user=nginx \
--group=nginx \
--with-compat \
--with-file-aio \
--with-threads \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_mp4_module \
--with-http_random_index_module \
--with-http_realip_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_v2_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-cc-opt="${CCFLAGS}" \
--with-ld-opt="${LDFLAGS}" \
--add-dynamic-module="${VTS_PATH}"
make modules
) 1>/dev/null
echo "==> Installing nginx-module-vts..."
cp -a objs/ngx_http_vhost_traffic_status_module.so \
"${MODULES_DIR}/ngx_http_vhost_traffic_status_module.so"
echo "==> Cleaning up..."
cd / && rm -fr "${BUILD_PATH}"
apt-get purge -y libpcre16-3 libpcre3-dev libpcre32-3 libpcrecpp0v5

BIN
test/data/test.db
View file

Binary file not shown.