Merge pull request #16 from cloud66-oss/dev

Dev
cloud66-oss · Jul 1, 2024 · ffbd6bb · ffbd6bb
2 parents 0aa8c78 + fe6684a
commit ffbd6bb
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 39 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -10,35 +10,35 @@ ARG RELEASE_VERSION=*passed-in*
 ARG OPENSSL_VERSION=*passed-in*
 
 # NOTE: these are updated as required (build dependencies)
-ARG AUTOMAKE_VERSION=1.16.4
+ARG AUTOMAKE_VERSION=1.16.5
 ARG PCRE_VERSION=8.45
-ARG ZLIB_VERSION=1.2.11
+ARG ZLIB_VERSION=1.3.1
 ARG LIBGD_VERSION=2.3.3
-ARG MODSECURITY_VERSION=3.0.5
-ARG LUAJIT2_VERSION=2.1.0-beta3
-ARG LUAJIT2_PACKAGE_VERSION=2.1-20210510
-ARG LUAJIT2_SHORT_VERSION=2.1
-ARG LUA_RESTY_CORE_VERSION=0.1.22
-ARG LUA_RESTY_LRUCACHE_VERSION=0.11
-ARG LIBMAXMINDDB_VERSION=1.6.0
+ARG MODSECURITY_VERSION=3.0.12
+ARG LUAJIT2_VERSION=2.1
+ARG LUAJIT2_PACKAGE_VERSION=2.1-20240626
+ARG LUA_RESTY_CORE_VERSION=0.1.28
+ARG LUA_RESTY_LRUCACHE_VERSION=0.13
+ARG LIBMAXMINDDB_VERSION=1.10.0
 
 # NOTE: these are updated as required (NGINX modules)
-ARG MODSECURITY_MODULE_VERSION=1.0.2
-ARG HEADERS_MORE_MODULE_VERSION=0.33
-ARG HTTP_AUTH_PAM_MODULE_VERSION=1.5.3
-ARG CACHE_PURGE_MODULE_VERSION=2.4.3
+ARG MODSECURITY_MODULE_VERSION=1.0.3
+ARG HEADERS_MORE_MODULE_VERSION=0.37
+ARG HTTP_AUTH_PAM_MODULE_VERSION=1.5.5
+ARG CACHE_PURGE_MODULE_VERSION=2.5.3
 ARG DAV_EXT_MODULE_VERSION=3.0.0
-ARG DEVEL_KIT_MODULE_VERSION=0.3.1
-ARG ECHO_MODULE_VERSION=0.62
-ARG FANCYINDEX_MODULE_VERSION=0.5.1
-ARG NCHAN_MODULE_VERSION=1.3.1
-ARG LUA_MODULE_VERSION=0.10.20
+ARG DEVEL_KIT_MODULE_VERSION=0.3.3
+ARG ECHO_MODULE_VERSION=0.63
+ARG FANCYINDEX_MODULE_VERSION=0.5.2
+ARG NCHAN_MODULE_VERSION=1.3.6
+ARG LUA_MODULE_VERSION=0.10.26
 ARG RTMP_MODULE_VERSION=1.2.2
-ARG UPLOAD_PROGRESS_MODULE_VERSION=0.9.2
+ARG UPLOAD_PROGRESS_MODULE_VERSION=0.9.3
 ARG UPSTREAM_FAIR_MODULE_VERSION=0.1.3
 ARG HTTP_SUBSTITUTIONS_FILTER_MODULE_VERSION=0.6.4
-ARG HTTP_GEOIP2_MODULE_VERSION=3.3
-ARG NGX_MRUBY_VERSION=2.5.0
+ARG HTTP_GEOIP2_MODULE_VERSION=3.4
+ARG NGX_MRUBY_VERSION=2.6.0
+ARG HTTP_AUTH_JWT_MODULE_VERSION=2.1.0
 
 # NOTE: these are debian package versions derived from the above (for packages that will be publicly published)
 # NOTE: tried using debian epoch BUT it looks like there's a bug in apt where if the package name contains a ':' character, it doesn't install the package (says nothing to be done)
@@ -67,7 +67,7 @@ RUN mkdir -p /usr/local/debs
 RUN apt-get update &&\
     apt-get install -y software-properties-common &&\
     apt-get update &&\
-    apt-get install -y apt-utils autoconf build-essential curl git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpam0g-dev libpcre++-dev libperl-dev libtool libxml2-dev libxslt-dev libyajl-dev pkgconf ruby-full ruby-dev vim wget zlib1g-dev 
+    apt-get install -y apt-utils autoconf build-essential curl git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpam0g-dev libpcre++-dev libperl-dev libtool libxml2-dev libxslt-dev libyajl-dev pkgconf ruby-full ruby-dev vim wget zlib1g-dev libjwt-dev libjansson-dev
 
 # NGINX seems to require a specific version of automake, but only sometimes...
 RUN wget https://ftp.gnu.org/gnu/automake/automake-${AUTOMAKE_VERSION}.tar.gz -P /usr/local/sources &&\
@@ -349,7 +349,6 @@ ARG PCRE_VERSION
 ARG ZLIB_VERSION
 ARG MODSECURITY_VERSION
 ARG LUAJIT2_VERSION
-ARG LUAJIT2_SHORT_VERSION
 ARG LUA_RESTY_CORE_VERSION
 ARG LUA_RESTY_LRUCACHE_VERSION
 ARG LIBMAXMINDDB_VERSION
@@ -370,6 +369,7 @@ ARG UPSTREAM_FAIR_MODULE_VERSION
 ARG HTTP_SUBSTITUTIONS_FILTER_MODULE_VERSION
 ARG HTTP_GEOIP2_MODULE_VERSION
 ARG NGX_MRUBY_VERSION
+ARG HTTP_AUTH_JWT_MODULE_VERSION
 
 ARG NGINX_DEB_VERSION
 
@@ -426,17 +426,20 @@ RUN wget https://github.com/itoffshore/nginx-upstream-fair/archive/refs/tags/${U
 RUN wget https://github.com/yaoweibin/ngx_http_substitutions_filter_module/archive/refs/tags/v${HTTP_SUBSTITUTIONS_FILTER_MODULE_VERSION}.tar.gz -P /usr/local/sources && tar zxf /usr/local/sources/v${HTTP_SUBSTITUTIONS_FILTER_MODULE_VERSION}.tar.gz
 # directory name: ngx_http_geoip2_module-${HTTP_GEOIP2_MODULE_VERSION}
 RUN wget https://github.com/leev/ngx_http_geoip2_module/archive/refs/tags/${HTTP_GEOIP2_MODULE_VERSION}.tar.gz -P /usr/local/sources && tar zxf /usr/local/sources/${HTTP_GEOIP2_MODULE_VERSION}.tar.gz
+# directory name: ngx-http-auth-jwt-module-${HTTP_AUTH_JWT_MODULE_VERSION}
+RUN wget https://github.com/TeslaGov/ngx-http-auth-jwt-module/archive/refs/tags/${HTTP_AUTH_JWT_MODULE_VERSION}.tar.gz -P /usr/local/sources && tar zxf /usr/local/sources/${HTTP_AUTH_JWT_MODULE_VERSION}.tar.gz
 
 # INSTALL NGINX
 
 RUN current_state.sh before
 
 ENV LUAJIT_LIB=/usr/local/lib
-ENV LUAJIT_INC=/usr/local/include/luajit-${LUAJIT2_SHORT_VERSION}
+ENV LUAJIT_INC=/usr/local/include/luajit-${LUAJIT2_VERSION}
 
 # NOTE: define NGINX configure options here because mruby also needs them
+# NOTE: -DNGX_LINKED_LIST_COOKIES=1 is required for https://github.com/TeslaGov/ngx-http-auth-jwt-module/issues/127
 ENV NGINX_CONFIGURE_OPTIONS_WITHOUT_MODULES="\
---with-cc-opt=\"-g -O2 -fdebug-prefix-map=/usr/local/build/nginx-${NGINX_VERSION}=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -D_FORTIFY_SOURCE=2\" \
+--with-cc-opt=\"-g -O2 -fdebug-prefix-map=/usr/local/build/nginx-${NGINX_VERSION}=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -D_FORTIFY_SOURCE=2 -DNGX_LINKED_LIST_COOKIES=1\" \
 --with-ld-opt=\"-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC\" \
 --prefix=/usr/share/nginx \
 --conf-path=/etc/nginx/nginx.conf \
@@ -521,6 +524,7 @@ RUN cd nginx-${NGINX_VERSION} &&\
         --add-module=/usr/local/build/ngx_http_substitutions_filter_module-${HTTP_SUBSTITUTIONS_FILTER_MODULE_VERSION} \
         --add-module=/usr/local/build/ngx_http_geoip2_module-${HTTP_GEOIP2_MODULE_VERSION} \
         --add-module=/usr/local/build/ngx_mruby-${NGX_MRUBY_VERSION} \
+        --add-module=/usr/local/build/ngx-http-auth-jwt-module-${HTTP_AUTH_JWT_MODULE_VERSION} \
         --add-module=/usr/local/build/modsecurity-nginx-v${MODSECURITY_MODULE_VERSION}" >> real_configure &&\
     chmod +x ./real_configure &&\
     ./real_configure &&\
@@ -544,7 +548,6 @@ RUN echo "{ \
   \"ZLIB_VERSION\":\"${ZLIB_VERSION}\", \
   \"MODSECURITY_VERSION\":\"${MODSECURITY_VERSION}\", \
   \"LUAJIT2_VERSION\":\"${LUAJIT2_VERSION}\", \
-  \"LUAJIT2_SHORT_VERSION\":\"${LUAJIT2_SHORT_VERSION}\", \
   \"LUA_RESTY_CORE_VERSION\":\"${LUA_RESTY_CORE_VERSION}\", \
   \"LUA_RESTY_LRUCACHE_VERSION\":\"${LUA_RESTY_LRUCACHE_VERSION}\", \
   \"LIBMAXMINDDB_VERSION\":\"${LIBMAXMINDDB_VERSION}\", \
@@ -563,7 +566,8 @@ RUN echo "{ \
   \"UPSTREAM_FAIR_MODULE_VERSION\":\"${UPSTREAM_FAIR_MODULE_VERSION}\", \
   \"HTTP_SUBSTITUTIONS_FILTER_MODULE_VERSION\":\"${HTTP_SUBSTITUTIONS_FILTER_MODULE_VERSION}\", \
   \"HTTP_GEOIP2_MODULE_VERSION\":\"${HTTP_GEOIP2_MODULE_VERSION}\", \
-  \"NGX_MRUBY_VERSION\":\"${NGX_MRUBY_VERSION}\" \
+  \"NGX_MRUBY_VERSION\":\"${NGX_MRUBY_VERSION}\", \
+  \"HTTP_AUTH_JWT_MODULE_VERSION\":\"${HTTP_AUTH_JWT_MODULE_VERSION}\" \
 }" >> /etc/nginx/compilation-configuration.json
 
 RUN mkdir -p /usr/lib/nginx/modules
@@ -574,7 +578,7 @@ RUN current_state.sh after
 RUN rm -rf /usr/local/debs/*
 # NOTE: The general approach is that if the OS offers the package, then we should use the OS package (e.g. libmaxminddb/libpcre3/libgd3),
 #       and package it ourselves if it doesn't and doesn't conflict with any package (e.g. modsecurity/openresty-lua-core).
-RUN generate_deb.rb nginx ${NGINX_DEB_VERSION} binary '{"Depends":"libcurl4-openssl-dev, libgd3, libgeoip-dev, libmaxminddb-dev, libpcre3, libxml2-dev, libxslt-dev, modsecurity, openresty-lua-core, openresty-lua-lrucache, openresty-luajit"}'
+RUN generate_deb.rb nginx ${NGINX_DEB_VERSION} binary '{"Depends":"libcurl4-openssl-dev, libgd3, libgeoip-dev, libmaxminddb-dev, libpcre3, libxml2-dev, libxslt-dev, modsecurity, openresty-lua-core, openresty-lua-lrucache, openresty-luajit, libjwt-dev, libjansson-dev"}'
 
 ######################################################################################################################################################################################################################################
 

diff --git a/bulk-generate.rb b/bulk-generate.rb
@@ -1,9 +1,9 @@
 #!/usr/bin/env ruby
 require 'date'
 RELEASE_VERSION = ARGV[0]
-OS_VERSIONS = %w(18.04 20.04 22.04)
-NGINX_VERSIONS = %w(1.22.1)
-PASSENGER_VERSIONS = %w(6.0.20)
+OS_VERSIONS = %w(20.04 22.04)
+NGINX_VERSIONS = %w(1.24.0)
+PASSENGER_VERSIONS = %w(6.0.22)
 
 raise "Must provide release number as first argument" if RELEASE_VERSION.nil?
 

diff --git a/compile_nginx.sh b/compile_nginx.sh
@@ -3,28 +3,24 @@ set -e
 
 if [[ -z "$1" ]] || [[ -z "$2" ]] || [[ -z "$3" ]]; then
     echo "FATAL: Expected ARGS:"
-    echo "1. os-version: 18.04"
-    echo "2. nginx-version: ie. 1.18.0"
+    echo "1. os-version: 20.04"
+    echo "2. nginx-version: 1.18.0"
     echo "3. passenger-version: 6.0.10"
     echo "4. release-version: 1.0.0"
     echo ""
     echo "Usage Examples:"
-    echo "./compile_nginx.sh 18.04 1.18.0 6.0.10 1.0.0"
+    echo "./compile_nginx.sh 20.04 1.18.0 6.0.10 1.0.0"
     exit 22
 fi
 
 case $1 in
-    18.04)
-	OPERATING_SYSTEM_CODENAME=bionic
-        OPENSSL_VERSION=1.1.1s
-	;;
     20.04)
 	OPERATING_SYSTEM_CODENAME=focal
         OPENSSL_VERSION=1.1.1s
 	;;
     22.04)
 	OPERATING_SYSTEM_CODENAME=jammy
-        OPENSSL_VERSION=3.0.7
+        OPENSSL_VERSION=3.0.14
 	;;
     *)
 	echo "Unknown operating system"