I have several servers chef managed each running a stack with:
nginx
phusion passenger
I'd like to make the passenger gem upgrade process automated with the ability to conditionally skip passenger nginx module compilation meaning I don't want the compile process to happen on every chef run, only on runs where it is determined that it is necessary (typically because passenger gem version is being upgraded, but also in cases where the passenger gem is not being upgraded but the compilation failed previously).
Currently I check the version of passenger being run, but in cases where the gem actually installs to the correct version but the compilation fails, that idempotency check is too broad and I fail to get a compile attempt when I need one.
What is the most accurate way to verify that the passenger nginx module has been compiled? Is there a specific file in a stable location whose existence I can check for?
Right now my chef block looks like this:
execute "compile passenger nginx module" do
ruby_vers = node[:ruby][:global_version]
passenger_vers = node[:passenger][:version]
ruby_parent_vers = node[:ruby_parent_vers]
command "export ORIG_PATH=\"$PATH\"; sudo -s -E; export PATH=\"$ORIG_PATH\"; /usr/bin/ruby /usr/lib/ruby/gems/2.4.0/gems/passenger-#{passenger_vers}/bin/passenger-install-nginx-module --auto --auto-download"
# check for a difference between passenger version requested and passenger version running
not_if { `passenger --version` == cur_vers }
end
Have you tried passenger-config about compiled?
Related
I updated nginx from version 1.14 to 1.18 (Ubuntu) on Ubuntu 18.04.
Doing so appeared to break passenger. So I uninstalled and attempted to reinstall the Open Source Passenger version via the Passenger installation Ubuntu 18.04 instructions.
I got to this line:
sudo apt-get install -y libnginx-mod-http-passenger
Which throws this error
libnginx-mod-http-passenger : Depends: nginx-common (< 1.14.1) but 1.18.0-3ubuntu1+bionic1 is to be installed
Update I also attempted with the enterprise version. Following the enterprise version installation instructions, I received a similar error message:
libnginx-mod-http-passenger-enterprise : Depends: nginx-common (< 1.14.1) but 1.18.0-3ubuntu1+bionic1 is to be installed
I did attempt to research the issue and I found this issue on Phusion's GitHub as well as this more recent issue. It appears that what most people are doing is rolling back their nginx version to 1.14.
It is not deprecated, no. The problem is that the packaged module you are trying to install was made for an older Nginx version that is distributed through the system default repository. This appears in the installation guide that you've mentioned:
At this point we assume that you already have Nginx installed from your system repository.
What this means is that the following instructions assume that you have Nginx specific version (1.14.0 in your case) installed, for which the packaged module was built. This is emphasised in the new passenger documentation:
If you want to use our packaged Nginx module, you must use your distro's provided Nginx package. If for example you have the repo provided by NGINX setup, you will instead need to compile a dynamic module compatible with that Nginx.
The link in the last quote will bring you to the guide on how to compile a dynamic passenger module and enable it in Nginx configuration. I will not repeat the whole process to keep the answer short but the general approach is this:
Get passenger module for Nginx source code.
Get Nginx source code for the version you have installed.
Compile Nginx with the passenger module:
cd /path-to-nginx-source-dir
./configure --prefix=/opt/nginx \
--with-some-configure-flag \
--add-dynamic-module=$(passenger-config --nginx-addon-dir) \
--add-module=/path-to-some-other-nginx-module
make
sudo make install
Make Nginx to load the module by adding this line to nginx.conf:
load_module modules/ngx_http_passenger_module.so;
Personally, I'd rather chosen the 'nginx-behind-nginx' approach than building the module. That is you have Nginx any version you like but it runs as a reverse proxy for another Nginx with passenger enabled (Passenger Standalone). With an unnoticeable penalty to performance this will be much easier to maintain (install, update). See this guide for details.
When running nginx -t I get this error:
nginx: [emerg] unknown directive "subs_filter_types" in /etc/nginx/sites-enabled/my.site.com.conf:285
nginx: configuration file /etc/nginx/nginx.conf test failed
So I need to install the substitution filter module and in the nginx documentation https://www.nginx.com/resources/wiki/modules/substitutions/#subs-filter-types
Which says to run these commands:
git clone git://github.com/yaoweibin/ngx_http_substitutions_filter_module.git
./configure --add-module=/path/to/module
The problem is I don't have the configure script anywhere in my nginx installation nor in the
git repository. I really don't understand.
At the very least I want to know the content of that nginx configure script.
The instructions you are referring to are for compiled installation.
Assuming you want to add the module to your existing NGINX install, below are the generic steps that will get things running.
Fetch exactly matching version of NGINX as the one you have installed, from nginx.org onto your system and extract it to, say, /usr/local/src/nginx
git clone NGINX module's source code onto your system, to e.g. /usr/local/src/nginx-module-foo
cd /usr/local/src/nginx. This is where you will find the configure script. You will basically configure NGINX with the location of the config of specific module in question, thus next step:
./configure --add-dynamic-module=../nginx-module-foo --with-compat
make
As a resulf of the compilation you will have module's .so file somewhere in objs directory of your NGINX sources. You will then copy it over to e.g. /usr/lib64/nginx/modules/ directory.
To make your existing NGINX load the module, add load_module modules/foo.so; at the very top of /etc/nginx/nginx.conf.
You can decipher the many downsides to the whole compiled approach: one is having compilation software (gcc) on a production system, other is having to re-do all those steps any time you upgrade NGINX or the module.
For the reasons mentioned, you might want to search for a packaged install of third-party modules.
For CentOS/RHEL systems, you might want to look at GetPageSpeed repos (subscription-ware, and I'm biased to mention it, because I'm the maintainer. But this is free for CentOS/RHEL 8 at the time of this writing. Installing the module you want, goes down to a couple of commands:
yum -y install https://extras.getpagespeed.com/release-latest.rpm
yum -y install nginx-module-substitutions
For Debian-based systems, probably there are alternative PPAs existing for the same.
Just replace prefix subs with sub.
For default nginx 1.10.3 installation (Ubuntu 16.04.5 LTS)
nginx -V should have flag --with-http_sub_module to use sub_* directives.
Usage example:
sub_filter_types text/html text/css text/xml;
sub_filter 'needle' 'replacement';
sub_filter_once off;
NGINX documentation link
I'm running Ubuntu 12.04 LTS with an apache server for my Jira/Confluence application.
Now I need to additionally install an instance of Plone (production).
But port 8080 is already taken by Jira and until now I couldn't find working instructions to change this.
I followed these instructions to install plone:
http://developer.plone.org/getstarted/ubuntu_production.html
Do I have to take care of the port during these instructions?
I have found this site (2.5. Creating New Instances): http://plone.org/documentation/manual/installing-plone/referencemanual-all-pages where it says you have to change some settings in buildout.cfg. But even as sudoer I can't run these instructions. I get this:
buildout.sanitycheck:
***********************************************************
Buildout should not be run while superuser. Doing so allows
untrusted code to be run as root.
Instead, you probably wish to do something like:
sudu -u plone_buildout bin/buildout
If you have a good reason to bypass this restriction,
remove the buildout.sanitycheck extension from your buildout.
***********************************************************
While:
Installing.
Loading extensions.
Error: User attempt to give system ownership to Internet
*************** PICKED VERSIONS ****************
[versions]
*************** /PICKED VERSIONS ***************
But how can I remove the sanity check? I can't find it in this file.
We've got multiple issues here.
Changing Ports
To change the port Plone attaches to, edit buildout.cfg and look for the lines:
[instance]
<= instance_base
recipe = plone.recipe.zope2instance
http-address = 8080
Change '8080' to the desired port. If this is a ZEO configuration, look for 'client#' parts instead and change their port numbers. Choose ports > 1024. After editing, run buildout.
Running Buildout
If you used sudo to run the Unified Installer, that caused it to create plone_buildout and plone_daemon system users. The "plone_buildout" user is meant to be used to run buildout, and owns the code files. The "plone_daemon" user is meant to be used to run the long-lived processes that connect to the Internet, and it owns the data.
This scheme is carefully contrived so that you do not have to run buildout as root, and so that the long-lived daemon processes will have (close to) minimum privileges. Under this scheme, you run buildout as the plone_buildout user, generally with the command:
sudo -u plone_buildout bin/buildout
The command "sudo -u username" causes the rest of the command line to be executed under the effective ownership of the specified user.
It is generally a very, very bad idea to run buildout as root. That's why the sanity check exists. Running buildout as root means that you are giving control of your system to the author of every setup.py file in every module downloaded by buildout. Don't do it.
A note on a common misconception: The Unified Installer, when run as root, via sudo, does not run buildout as root (at least not in any recent version). It uses root privileges to create a plone_buildout user, then runs buildout as that user.
Just remove buildout.sanitycheck of base.cfg.
As the docs also instruct to sudo after a root-install, the warning makes only sense in a non-root-install.
I installed Nginx via apt-get on Debian a while ago, and I've got a couple of sites live on it. Now I need to install some additional modules, and as I don't want to mess anything up I'd like to double check my process before I perform it. Hopefully this will also help others that are unsure about this part.
As I've understood it I have to do the following to minimize the downtime:
Download the source for Nginx
Add the additional modules with ./configure --additional-module
Compile Nginx with make
Stop the current server (service nginx stop)
Install Nginx with make install
Start the new server (service nginx start)
Or do I have to uninstall Nginx first, as it's not compiled from source at this point?
Having done something similar on Ubuntu before, the installation should overwrite the existing nginx binaries with the newly compiled ones, so long as yes, you ensure nginx isn't running on the system at the time.
I'd recommend trying to install nginx elsewhere on the system, so in case you can't get it to work quickly, you can restart your web server with the old nginx binaries and not have significant downtime.
nginx -V - helpful command which shows options for .\configure which was used to make nginx, which is actually working.
Helpful to get detail imagination about.
apt-get source nginx - to get source
install will automatically substitute actual installed version by new one
Keep also in mind that some nginx-modules can require additional libs on server. geoip module is classical example of it
I'm trying to move from Apache + Passenger to Nginx + passenger on my Ubuntu Lucid Lynx box.
When I install passenger:
sudo gem install passenger
and
cd /var/lib/gems/1.9.1/gems/passenger-2.2.14/bin
sudo ./passenger-install-nginx-module
everything is fine (no error). Nginx is downloaded and compiled and installed at the same time (when selecting the first option during passenger installation). By default it is installed in /opt/nginx.
I end up with the configuration file /opt/nginx/conf/nginx.conf; This conf file was automatically updated with passenger config). The thing I do not understand is that I also have the configuration file /etc/nginx/nginx.conf. What is the purpose of this one when it seems that the conf file in /opt/... is the main one?
When I run /etc/init.d/nginx start, it starts correclty saying that /etc/nginx/nginx.conf is ok. Does it mean that it does not check the other conf file?
I updated /etc/init.d/nginx script and added /opt/nginx/sbin at the beginning of the PATH and it seems the correct conf file is taken into account. It seems like I have two nginx installations where I only relied on passenger to install it.
You did end up with 2 Nginx installations:
The one installed globally by your OS's package manager (/usr/sbin/nginx). This uses /etc/nginx/nginx.conf as configuration file by default.
The one installed by Phusion Passenger (/opt/nginx/sbin/nginx). This uses /opt/nginx/conf/nginx.conf as configuration file by default.
Only (2) has Phusion Passenger support. Ignore (1) and do not use it.
I don't think that this is a programming related question, but anyway...
It seems like passenger installation have configured nginx to look for config file in /etc/nginx. Post your nginx configure flags and check if /etc/init.d/nginx overrides config file path.
http://wiki.nginx.org/NginxCommandLine