geoip2 for nginx not wirking - nginx

i have Problem with compile "geoip2" for nginx. my ".so" is not working.
my install way:
cd /opt/
sudo add-apt-repository ppa:maxmind/ppa && apt update & sudo apt install libmaxminddb0 libmaxminddb-dev mmdb-bin
git clone https://github.com/leev/ngx_http_geoip2_module.git
wget http://nginx.org/download/nginx-1.15.8.tar.gz && tar xzfv nginx-1.15.8.tar.gz && cd nginx-1.15.8/
./configure --with-compat --add-dynamic-module=/opt/ngx_http_geoip2_module && make && make install
... test ! -f '/usr/local/nginx/modules/ngx_http_geoip2_module.so' \
|| mv '/usr/local/nginx/modules/ngx_http_geoip2_module.so' \
'/usr/local/nginx/modules/ngx_http_geoip2_module.so.old' cp
objs/ngx_http_geoip2_module.so
'/usr/local/nginx/modules/ngx_http_geoip2_module.so' make[1]: Leaving
directory '/opt/nginx-1.15.8 ...
cp /usr/local/nginx/modules/ngx_http_geoip2_module.so /usr/share/nginx/modules/ngx_http_geoip2_module.so
adding the line load_module "modules/ngx_http_geoip2_module.so"; in my nginx.conf an restart nginx.
and after restart is geoip2 not loaded in my nginx install
nginx version: nginx/1.15.8 built with OpenSSL 1.1.1 11 Sep 2018
(running with OpenSSL 1.1.1a 20 Nov 2018) TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2
-fdebug-prefix-map=/build/nginx-2CZdMa/nginx-1.15.8=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-2CZdMa/nginx-1.15.8/debian/modules/http-auth-pam
--add-dynamic-module=/build/nginx-2CZdMa/nginx-1.15.8/debian/modules/http-dav-ext
--add-dynamic-module=/build/nginx-2CZdMa/nginx-1.15.8/debian/modules/http-echo
--add-dynamic-module=/build/nginx-2CZdMa/nginx-1.15.8/debian/modules/http-upstream-fair
--add-dynamic-module=/build/nginx-2CZdMa/nginx-1.15.8/debian/modules/http-subs-filter
who is my fail or problem?

There is no problem. You seem to be copying the dynamic module to existing nginx installation.
The nginx -V will show the configure command that was used while compiling nginx. So it won't show configure options for the dynamic module that you compiled in a separate step, and it won't show loaded modules.
Just use the module's directives. It should work.

Related

How to install nginx without the modules in RedHat

I install nginx using Yum following these steps:
yum install epel-release
yum install nginx
The following is the output of nginx -V:
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.1.1c FIPS 28 May 2019 (running with OpenSSL 1.1.1g FIPS 21 Apr 2020)
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-stream_ssl_preread_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-http_auth_request_module --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'
How can I install nginx without the --with*
In order to do that you must install nginx from source.
First download the tar.gz file from http://nginx.org/en/download.html then run the following command for compiling and installing:
./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=nginx --group=nginx --build=CentOS --builddir=nginx-1.18.0 --with-http_gunzip_module --with-http_gzip_static_module
make sure to edit the version in builddir as your current version
run for compiling: make
for installing run make install
nginx is part of RHEL 8. Suggest installing that one: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/deploying_different_types_of_servers/setting-up-and-configuring-nginx_deploying-different-types-of-servers

Adding lua module to nginx dynamically

I have tried the installation steps for lua module mentioned here
http://openresty.org/en/getting-started.html
resty -e 'print("hello, world")'
works
But when i try to restart nginx i get the following error
nginx: [emerg] unknown directive "content_by_lua_block" in /etc/nginx/nginx.conf:11
Configuration file is same as mentioned in the link above.
Nginx was install using apt-get
Output of current nginx -V
nginx version: nginx/1.14.0 (Ubuntu)
built with OpenSSL 1.1.0g 2 Nov 2017
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-FIJPpj/nginx-1.14.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module

Building Nginx and OpenSSL from sources

I am trying to configure nginx to use ALPN for http2. I need to update openssl to do this.
At the moment standalone openssl is updated, but nginx don't use it for some reason.
# /etc/nginx $ nginx -V
nginx version: nginx/1.10.3
built with OpenSSL 1.0.1f 6 Jan 2014
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -fPIC -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-wa6Kgn/nginx-1.10.3/debian/modules/nginx-auth-pam --add-dynamic-module=/build/nginx-wa6Kgn/nginx-1.10.3/debian/modules/nginx-dav-ext-module --add-dynamic-module=/build/nginx-wa6Kgn/nginx-1.10.3/debian/modules/nginx-echo --add-dynamic-module=/build/nginx-wa6Kgn/nginx-1.10.3/debian/modules/nginx-upstream-fair --add-dynamic-module=/build/nginx-wa6Kgn/nginx-1.10.3/debian/modules/ngx_http_substitutions_filter_module
# /etc/nginx $ openssl version -a
OpenSSL 1.1.1-dev xx XXX xxxx
built on: reproducible build, date unspecified
platform: linux-x86_64
compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/lib/\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -Wa,--noexecstack
OPENSSLDIR: "/usr/local/lib/"
ENGINESDIR: "/usr/local/lib/engines-1.1"
natural idea: to rebuild nginx, configure and make run without errors, but nginx never change it version.
./configure --with-http_ssl_module --with-openssl=~/openssl/ --with-http_v2_module
make
https://gist.github.com/SilentImp/be9c088298a94e0dba6cbaf3c51b9ad0
but nothing have changed
~/nginx-1.11.13 $ nginx -V
nginx version: nginx/1.10.3
built with OpenSSL 1.0.1f 6 Jan 2014
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -fPIC -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-wa6Kgn/nginx-1.10.3/debian/modules/nginx-auth-pam --add-dynamic-module=/build/nginx-wa6Kgn/nginx-1.10.3/debian/modules/nginx-dav-ext-module --add-dynamic-module=/build/nginx-wa6Kgn/nginx-1.10.3/debian/modules/nginx-echo --add-dynamic-module=/build/nginx-wa6Kgn/nginx-1.10.3/debian/modules/nginx-upstream-fair --add-dynamic-module=/build/nginx-wa6Kgn/nginx-1.10.3/debian/modules/ngx_http_substitutions_filter_module
What could have go wrong?
And is there any way to change nginx openssl version without rebuilding nginx?
Do you want to use another repository, which has nginx with built-in ALPN support?
https://launchpad.net/~fxr/+archive/ubuntu/nginx-alpn
If this is not an option, you should double check paths of nginx binary you use, binary you build and directory with opensslsources you use at --with-openssl=~/openssl/
Always check path to nginx
$ /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.11.13
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3)
built with OpenSSL 1.1.1-dev xx XXX xxxx
TLS SNI support enabled
configure arguments: --with-http_ssl_module --with-openssl=~/openssl/ --with-http_v2_module
$ which nginx
/usr/sbin/nginx

How to add install option to package in Puppet manifest

For the last two days I tried to install just two modules for Nginx on a Debian 7 x64 virtual machine, created with Vagrant. For now I have this manifest:
package { 'nginx':
ensure => 'present',
install_options => [ '--with-http_secure_link_module', '--with-http_image_filter_module' ],
}
include '::apt'
apt::source { 'nginx':
location => "http://nginx.org/packages/debian",
repos => 'nginx',
key => '7BD9BF62',
key_source => 'http://nginx.org/keys/nginx_signing.key',
before => Package['nginx'],
}
#import 'nodes/*.pp'
After I run vagrant provision, I get into VM through ssh with vagrant ssh, and this is what I see:
vagrant#packer-virtualbox-iso:~$ sudo nginx -V
nginx version: nginx/1.6.2
built by gcc 4.7.2 (Debian 4.7.2-5)
TLS SNI support enabled
configure arguments:
--prefix=/etc/nginx
--sbin-path=/usr/sbin/nginx
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log
--pid-path=/var/run/nginx.pid
--lock-path=/var/run/nginx.lock
--http-client-body-temp-path=/var/cache/nginx/client_temp
--http-proxy-temp-path=/var/cache/nginx/proxy_temp
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
--http-scgi-temp-path=/var/cache/nginx/scgi_temp
--user=nginx
--group=nginx
--with-http_ssl_module
--with-http_realip_module
--with-http_addition_module
--with-http_sub_module
--with-http_dav_module
--with-http_flv_module
--with-http_mp4_module
--with-http_gunzip_module
--with-http_gzip_static_module
--with-http_random_index_module
--with-http_secure_link_module
--with-http_stub_status_module
--with-http_auth_request_module
--with-mail
--with-mail_ssl_module
--with-file-aio
--with-http_spdy_module
--with-cc-opt='-g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2'
--with-ld-opt='-Wl,-z,relro -Wl,--as-needed'
--with-ipv6**
image_filter module had not installed, but secure_link is ok ( I think it's ok because it was installed by default).
So what am I doing wrong?
As Felix mentioned, the package resource in Puppet is not for compiling packages, it's for managing installing and uninstalling packages.
If you want to compile an nginx Debian package specific options or additions, I recommend using fpm-cookery. There's an example nginx recipe that might be useful for you.

how do i uninstall google pagespeed installed in ubuntu with nginx?

I have 2 questions
How do i purge/uninstall Nginx I compiled on ubuntu?
I did install google pagespeed on ubuntu web server running nginx, according to the following tutorial https://github.com/pagespeed/ngx_pagespeed and https://developers.google.com/speed/pagespeed/module/configuration
How do i purge this package without affecting my server?
Your assistance will be highly appreciated
To uninstall pagespeed, build a new version of nginx from source but without the --add-module=$HOME/ngx_pagespeed-1.8.31.2-beta argument to ./configure that tells the nginx build process to include pagespeed.
Alternatively, you can remove all pagespeed directives from your configuration, which has almost the same effect as uninstalling it.
You don't have to uninstall ngx_pagespeed if you don't want to use it, just add to your host.conf file
pagespeed off;
If for some other reasons you want to remove it, Just enter:
nginx -V
You will get a result something like this:
configure arguments: --add-module=/root/custom-nginx/nginx-1.10.2/src/http/modules/ngx_pagespeed --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-file-aio --with-threads --with-ipv6 --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_ssl_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic'
Remove --add-module=/root/custom-nginx/nginx-1.10.2/src/http/modules/ngx_pagespeed
And compile again

Resources