Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Brotli not building, Add optional cloudflare zlib, and optional pcre v2 in mainline… #224

Closed
wants to merge 5 commits into from
Closed

Fix Brotli not building, Add optional cloudflare zlib, and optional pcre v2 in mainline… #224

wants to merge 5 commits into from

Conversation

FlurryNight
Copy link

@FlurryNight FlurryNight commented Feb 15, 2022
edited
Loading

Fix [#222]

Add [#208]

Getting golang from website [#115]

Build 1 - Stable

Modules to install :
    HTTP/3 (⚠️ Patch by Cloudflare, will install BoringSSL, Quiche, Rust and Go) [y/n]: y
    Cloudflare's TLS Dynamic Record Resizing patch [y/n]: y
    Cloudflare's full HPACK encoding patch [y/n]: y
    Cloudflare ZLIB Fork [y/n]: y
    With PCRE v2 (Only works on NGINX Mainline) [y/n]: n
    PageSpeed 1.13.35.2 [y/n]: n
    Brotli [y/n]: y
    Headers More 0.33 [y/n]: y
    GeoIP (BROKEN) [y/n]: n
    Fancy index [y/n]: n
    ngx_cache_purge [y/n]: n
    nginx_substitutions_filter [y/n]: n
    ngx_http_lua_module [y/n]: n
    nginx WebDAV [y/n]: n
    nginx VTS (BROKEN) [y/n]: n
    nginx RTMP [y/n]: n
    nginx testcookie [y/n]: n
    nginx ModSecurity [y/n]: n

Build 2 - Mainline

Modules to install :
   HTTP/3 (⚠️ Patch by Cloudflare, will install BoringSSL, Quiche, Rust and Go) [y/n]: y
   Cloudflare's TLS Dynamic Record Resizing patch [y/n]: y
   Cloudflare's full HPACK encoding patch [y/n]: y
   Cloudflare ZLIB Fork [y/n]: y
   With PCRE v2 (Only works on NGINX Mainline) [y/n]: y
   PageSpeed 1.13.35.2 [y/n]: n
   Brotli [y/n]: y
   Headers More 0.33 [y/n]: y
   GeoIP (BROKEN) [y/n]: n
   Fancy index [y/n]: n
   ngx_cache_purge [y/n]: n
   nginx_substitutions_filter [y/n]: n
   ngx_http_lua_module [y/n]: n
   nginx WebDAV [y/n]: n
   nginx VTS (BROKEN) [y/n]: n
   nginx RTMP [y/n]: n
   nginx testcookie [y/n]: n
   nginx ModSecurity [y/n]: n

Was not able to build Nginx VTS module, maybe broken??

Everything else smooth , tested with diferent options.

Feel free to improve!

@FlurryNight
Fix Brotli no building, Add optional cloudflare zlib, and optional pc…
25a2d80 
…re v2 in mainline ...

Fix [#222] (#222)

Add [#208] (#208)

Change Golang to source [#115] (#115)
@FlurryNight
Update README.md
b4a80fb 
Add Cloudflare Zlib
Add PCRE v2
Warning about nginx-module-vts
@MaximeMichaud
Copy link
Contributor

Hi, really interesting.
Everything is working without any problem(s) ? I could test it when I come back at home :)
For VTS, I don't know, I never had the chance for using it.

@FlurryNight
Copy link
Author

Hi, really interesting. Everything is working without any problem(s) ? I could test it when I come back at home :) For VTS, I don't know, I never had the chance for using it.

Hi, Thank you

Yes just VTS , if u don't mind i'd appreciate,

Im on it tho
vozlt/nginx-module-vts#223

@FlurryNight
Copy link
Author

Got VTS building, testing now

@MaximeMichaud
Copy link
Contributor

I got errors. (
image
)
Do you mainline or stable?
I'm retrying without Quiche

@FlurryNight
Copy link
Author

VTS okay!

    Modules to install :
       HTTP/3 (⚠️ Patch by Cloudflare, will install BoringSSL, Quiche, Rust and Go) [y/n]: y
       Cloudflare's TLS Dynamic Record Resizing patch [y/n]: y
       Cloudflare's full HPACK encoding patch [y/n]: y
       Cloudflare ZLIB Fork [y/n]: y
       With PCRE v2 (Only works on NGINX Mainline) [y/n]: n
       PageSpeed 1.13.35.2 [y/n]: n
       Brotli [y/n]: y
       Headers More 0.33 [y/n]: y
       GeoIP (BROKEN) [y/n]: n
       Fancy index [y/n]: n
       ngx_cache_purge [y/n]: n
       nginx_substitutions_filter [y/n]: n
       ngx_http_lua_module [y/n]: n
       nginx WebDAV [y/n]: n
       nginx VTS [y/n]: y
       nginx RTMP [y/n]: n
       nginx testcookie [y/n]: n
       nginx ModSecurity [y/n]: n

Saving to: ‘nginx’

nginx                            100%[========================================================>]     355  --.-KB/s    in 0s

2022-02-15 16:41:03 (5.27 MB/s) - ‘nginx’ saved [355/355]

Installation done.

I built with both and goes okay

@FlurryNight
Copy link
Author

@MaximeMichaud

Updated the commit to include VTS fix

@FlurryNight
Copy link
Author

@MaximeMichaud

Any updates ?

Just rebuild with mainline and went okay,
Strange

/usr/bin/cmake -E cmake_progress_start /usr/local/src/nginx/modules/quiche/quiche/deps/boringssl/build/CMakeFiles 0
make[2]: Leaving directory '/usr/local/src/nginx/modules/quiche/quiche/deps/boringssl/build'
cd /usr/local/src/nginx/modules/quiche && cargo build --package quiche --verbose --no-default-features --features ffi --release
    Updating crates.io index
   Compiling cc v1.0.72
     Running `rustc --crate-name cc --edition=2018 /root/.cargo/registry/src/github.aaakk.us.kg-1ecc6299db9ec823/cc-1.0.72/src/lib.rs --error-format=json --json=diagnostic-rendered-ansi,artifacts --crate-type lib --emit=dep-info,metadata,link -C embed-bitcode=no -C debuginfo=2 -C debug-assertions=off -C metadata=bbda7c9b978db63f -C extra-filename=-bbda7c9b978db63f --out-dir /usr/local/src/nginx/modules/quiche/target/release/deps -L dependency=/usr/local/src/nginx/modules/quiche/target/release/deps --cap-lints allow`

@FlurryNight
Copy link
Author

I've searched and that errors occurs on unsuccessful installation of rust

what's the output of this command rustup toolchain list ?

@FlurryNight
Copy link
Author

It seems that if i set --with-cc-opt=-Wno-stringop-overread, --with-cc-opt=-Wno-ignored-qualifiers which is needed is not added to CFLAGS

@MaximeMichaud
Copy link
Contributor

MaximeMichaud commented Feb 15, 2022
edited
Loading 

Select an option [1-5]: 1

This script will install Nginx with some optional modules.

Do you want to install Nginx stable or mainline?
   1) Stable 1.20.2
   2) Mainline 1.21.6

Select an option [1-2]: 2

Please tell me which modules you want to install.
If you select none, Nginx will be installed with its default modules.

Modules to install :
       HTTP/3 (⚠️ Patch by Cloudflare, will install BoringSSL, Quiche, Rust and Go) [y/n]: n
       Cloudflare's TLS Dynamic Record Resizing patch [y/n]: y
       Cloudflare's full HPACK encoding patch [y/n]: y
       Cloudflare ZLIB Fork [y/n]: y
       With PCRE v2 (Only works on NGINX Mainline) [y/n]: y
       PageSpeed 1.13.35.2 [y/n]: n
       Brotli [y/n]: y
       Headers More 0.33 [y/n]: y
       GeoIP (BROKEN) [y/n]: n
       Fancy index [y/n]: nn
       Fancy index [y/n]: nn
       Fancy index [y/n]: n
       ngx_cache_purge [y/n]: n
       nginx_substitutions_filter [y/n]: n
       ngx_http_lua_module [y/n]: n
       nginx WebDAV [y/n]: n
       nginx VTS (BROKEN) [y/n]: n
       nginx RTMP [y/n]: n
       nginx testcookie [y/n]: n
       nginx ModSecurity [y/n]: y
       Enable nginx ModSecurity? [y/n]: y

Choose your OpenSSL implementation:
   1) System's OpenSSL (1.1.1k)
   2) OpenSSL 1.1.1l from source
   3) LibreSSL 3.4.2 from source 

Select an option [1-3]: 1

image
Will retry exactly the same, but I need ModSecurity :)

@FlurryNight
Copy link
Author

@MaximeMichaud

Okay, Thanks

Still fighting to get all the needed CFLAGS, it gets replaced with the last one

Will try modsecurity too

@MaximeMichaud
Copy link
Contributor

@MaximeMichaud

Okay, Thanks

Still fighting to get all the needed CFLAGS, it gets replaced with the last one

Will try modsecurity too

Without ModSecurity, same options than you.
Everything seems to be working.
IS HTTP/3 better than it was before ? I didn't check more in deep , HTTP/3 was not always working with the PATCH.

@FlurryNight
Copy link
Author

@MaximeMichaud
Okay, Thanks
Still fighting to get all the needed CFLAGS, it gets replaced with the last one
Will try modsecurity too

Without ModSecurity, same options than you. Everything seems to be working. IS HTTP/3 better than it was before ? I didn't check more in deep , HTTP/3 was not always working with the PATCH.

The HTTP3 stuff i dind't change,just switched from getting golang from the website instead of a repo

I think they have fixed it in the latest commit

I will test after tho

@MaximeMichaud
Copy link
Contributor

@MaximeMichaud
Okay, Thanks
Still fighting to get all the needed CFLAGS, it gets replaced with the last one
Will try modsecurity too

Without ModSecurity, same options than you. Everything seems to be working. IS HTTP/3 better than it was before ? I didn't check more in deep , HTTP/3 was not always working with the PATCH.

The HTTP3 stuff i dind't change,just switched from getting golang from the website instead of a repo

I think they have fixed it in the latest commit

I will test after tho

OK, an issue was speaking about it in this repo.
HTTP/3 was not always working properly, it was really intermittent.

@FlurryNight
Copy link
Author

I think it's fixed yeah

65076c2

However i will still test that

Do you know why a third --with-cc-opt discards the last one?

ModSecurity still building

@FlurryNight
Copy link
Author

FlurryNight commented Feb 15, 2022
edited
Loading

ModSecurity is related to NGINX changes, guess we have to delay PCRE v2

owasp-modsecurity/ModSecurity-nginx#262

owasp-modsecurity/ModSecurity-nginx#261

@MaximeMichaud
Copy link
Contributor

I think it's fixed yeah

65076c2

However i will still test that

Do you know why a third --with-cc-opt discards the last one?

ModSecurity still building

No, don't know.

@FlurryNight FlurryNight marked this pull request as draft February 16, 2022 01:01
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@FlurryNight @MaximeMichaud