Update nginx to v1.25.3

Removed the hpack enc patch since push support has been dropped
mangadventure · Nov 25, 2023 · e94cf78 · e94cf78
1 parent 185b32d
commit e94cf78
Show file tree

Hide file tree

Showing 7 changed files with 50 additions and 1,061 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:3.18
 
-ARG NGINX_VERSION=1.25.0
+ARG NGINX_VERSION=1.25.3
 
 COPY patches /tmp/patches
 
@@ -18,17 +18,18 @@ RUN addgroup -S nginx \
         cmake \
         curl \
         git \
-        perl \
-        pcre2-dev \
         liburing-dev \
         linux-headers \
         make \
         mimalloc2-dev \
+        pcre2-dev \
+        perl \
+        postgresql15-dev \
         tar \
         zlib-dev \
         zstd-dev \
     && mkdir -p /usr/src/nginx /etc/ssl /etc/letsencrypt /etc/nginx/sites-enabled \
-    && git clone --depth=1 --branch=openssl-3.0.10+quic \
+    && git clone --depth=1 --branch=openssl-3.1.4+quic \
         https://github.com/quictls/openssl /usr/src/openssl \
     && git clone --depth=1 --shallow-submodules --recursive \
         https://github.com/google/ngx_brotli /usr/src/ngx_brotli \
@@ -37,6 +38,8 @@ RUN addgroup -S nginx \
     && git clone --depth=1 https://github.com/vozlt/nginx-module-vts /usr/src/ngx_vts \
     && git clone --depth=1 https://github.com/openresty/memc-nginx-module /usr/src/ngx_memc \
     && git clone --depth=1 https://github.com/openresty/redis2-nginx-module /usr/src/ngx_redis2 \
+    && git clone --depth=1 https://github.com/RekGRpth/ngx_pq_module /usr/src/ngx_pq \
+    && sed -i /usr/src/ngx_pq/config -e 's|`pg_config --includedir`|/usr/include/postgresql|' \
     && curl -Ssf https://hg.nginx.org/nginx/archive/release-${NGINX_VERSION}.tar.gz \
         | tar xzf - -C /usr/src/nginx --strip-components=1 \
     && curl -Ssfo /etc/ssl/dhparam.pem https://2ton.com.au/dhparam/4096 \
@@ -54,8 +57,8 @@ RUN addgroup -S nginx \
         --http-client-body-temp-path=/var/cache/nginx/client_temp \
         --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
         --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
-        --user=nginx \
-        --group=nginx \
+        --user=http \
+        --group=http \
         --with-compat \
         --with-file-aio \
         --with-threads \
@@ -71,7 +74,6 @@ RUN addgroup -S nginx \
         --with-http_slice_module \
         --with-http_ssl_module \
         --with-http_v2_module \
-        --with-http_v2_hpack_enc \
         --with-http_v3_module \
         --without-http_browser_module \
         --without-http_empty_gif_module \
@@ -83,14 +85,15 @@ RUN addgroup -S nginx \
         --without-http_split_clients_module \
         --without-http_userid_module \
         --with-openssl=/usr/src/openssl \
-        --with-cc-opt='-O2 -pipe' \
+        --with-cc-opt='-O2 -pipe -Wno-error=discarded-qualifiers' \
         --with-ld-opt='-lmimalloc' \
         --add-dynamic-module=/usr/src/ngx_brotli \
         --add-dynamic-module=/usr/src/ngx_zstd \
         --add-dynamic-module=/usr/src/ngx_ct \
         --add-dynamic-module=/usr/src/ngx_vts \
         --add-dynamic-module=/usr/src/ngx_memc \
         --add-dynamic-module=/usr/src/ngx_redis2 \
+        --add-dynamic-module=/usr/src/ngx_pq \
     && make -j$(getconf _NPROCESSORS_ONLN) \
     && make install \
     && strip /usr/sbin/nginx objs/ngx_*_module.so \

diff --git a/README.adoc b/README.adoc
@@ -8,4 +8,13 @@ An Arch Linux PKGBUILD is provided as well.
 * https://github.com/hakasenyang/openssl-patch/blob/master/nginx_io_uring.patch[io_uring support]
 * https://github.com/hakasenyang/openssl-patch/blob/master/remove_nginx_server_header.patch[no server header]
 * https://github.com/cloudflare/sslconfig/blob/master/patches/nginx__dynamic_tls_records.patch[dynamic TLS records]
-* https://github.com/centminmod/centminmod/blob/130.00beta01/patches/cloudflare/nginx-1.25.0_http2-hpack.patch[HTTP/2 HPACK]
+
+=== Dynamic modules
+
+* https://github.com/google/ngx_brotli[brotli]
+* https://github.com/tokers/zstd-nginx-module[zstd]
+* https://github.com/grahamedgecombe/nginx-ct[ct]
+* https://github.com/vozlt/nginx-module-vts[vts]
+* https://github.com/openresty/memc-nginx-module[memc]
+* https://github.com/openresty/redis2-nginx-module[redis2]
+* https://github.com/RekGRpth/ngx_pq_module[pq]
diff --git a/arch/004-hpack-enc.patch b/arch/004-hpack-enc.patch
diff --git a/arch/PKGBUILD b/arch/PKGBUILD
@@ -1,29 +1,36 @@
 # Maintainer: ObserverOfTime <[email protected]>
 
 pkgname=nginx-custom
-pkgver=1.25.0
+pkgver=1.25.3
 pkgrel=1
 pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server (custom build)'
 arch=(x86_64)
 url='https://nginx.org'
 license=(custom)
 conflicts=(nginx)
 provides=("nginx=${pkgver%+*}")
-depends=(pcre2 zlib libxcrypt liburing mimalloc)
-makedepends=(git zstd)
+depends=(libxcrypt liburing mimalloc pcre2 zlib)
+makedepends=(git postgresql zstd)
+optdependes=(
+  'brotli: brotli module'
+  'memcached: memc module'
+  'postgresql: pq module'
+  'redis: redis2 module'
+)
 backup=(etc/nginx/nginx.conf
         etc/nginx/uwsgi_params
         etc/nginx/mime.types
         etc/nginx/default.vhost
         etc/logrotate.d/nginx)
 source=(nginx-${pkgver}.tar.gz::https://hg.nginx.org/nginx/archive/release-${pkgver}.tar.gz
-        git+https://github.com/quictls/openssl#branch=openssl-3.0.10+quic
+        git+https://github.com/quictls/openssl#branch=openssl-3.1.4+quic
         ngx_brotli::git+https://github.com/google/ngx_brotli
         ngx_zstd::git+https://github.com/tokers/zstd-nginx-module
         ngx_ct::git+https://github.com/grahamedgecombe/nginx-ct
         ngx_vts::git+https://github.com/vozlt/nginx-module-vts
         ngx_memc::git+https://github.com/openresty/memc-nginx-module
         ngx_redis2::git+https://github.com/openresty/redis2-nginx-module
+        ngx_pq::git+https://github.com/RekGRpth/ngx_pq_module
         dhparam.pem::https://2ton.com.au/dhparam/4096
         nginx.service
         logrotate
@@ -32,25 +39,26 @@ source=(nginx-${pkgver}.tar.gz::https://hg.nginx.org/nginx/archive/release-${pkg
         default.vhost
         001-io-uring.patch
         002-no-server-header.patch
-        003-dynamic-tls.patch
-        004-hpack-enc.patch)
-b2sums=('d72941977e4061487b43a206bc7e3b2d9d84ac60c42f792d3adef9ca38139278f68fc2cce6feaf3334f137ff59ed0ea030d2081065ee043cda5edf1cc93cd6b9'
-        'SKIP' 'SKIP' 'SKIP' 'SKIP' 'SKIP' 'SKIP' 'SKIP'
+        003-dynamic-tls.patch)
+b2sums=('613d5ac8acdc7eed02c22b5db66bfd03d76cf0fb8fcfbb80ba904a6b91d1a1f7a2f59cfad0dd3005ec6ba730ea8b7bdb9fc3f0ac9971ab6188118822947b3034'
+        'SKIP' 'SKIP' 'SKIP' 'SKIP' 'SKIP' 'SKIP' 'SKIP' 'SKIP'
         'e5b3af3eba36bac8c281d773cd90efb8de977a1241e246060661d5c1d436d537ff74b03d137a2bb4a7752339e98e9073ab803bc214a84906498f2383ecad07ff'
         '5aa8dab4d6517fc09a96f2ced5c85a67a44878da4c5cde1031a089609d3d32505d0cb45e6842a1502cc6f09e03eef08ee0ce6826b73bcfdd8087b0b695f0801c'
         'cf2e3ac48f06962e3ea4293f641bf8af75d7cc4269f4af9f0c23a313dce2fde9c558c6f9fcdd5d0a5458eb49b3608d29ab1406515398d3f3732385799ecce19e'
-        '8d1762a84a2bab88686a37b9a74a1f5e0367f17b13f5d7bc71c70f1d4066a5b9c167e2ddd246f1581070fd88e51be2f0c7a27b369f859b6366975c4a10abf4c3'
+        '7a6a6b8504a6aad2ed7f022febcd8762dc0bb232074ae76ef5486ec9d0c886aed203d364cd2d32deb1b08a7a8b20bbc26f89ac8b87a295d29458f2a0b763a925'
         'cde70b02ddea730c80efe8af2f9c26fdac7c48489225a41f0e82543a1e952881df0deac4a40173c6ce415bfcf8722bc623743514a7cec4b1cf93a842fe85e3fb'
         'f1d39725a26859bd5a72256e301ce585fee7e6aeba75dcf52328697cb2dac4d7daaabda7f4f148a9401c10208412d4b6b350d73a89bde1e7c24802509e02d87a'
         'fd58f913dd397ce7c5bc8af92d8946a48dc0686c7f4879d87b68ccf78950867c7c067060dcfc4f30daadeb81e494cc2bea6e3447637bf198de453daa97a7a533'
         'ffe84842a3f5e9db9fef52d5437feb6c278cbb3d20c2d4b4a836feb0475335a0946a2418c53b38f31d428bba7755dbb5c8a5080d5ffdbe8ff1b388e97878c95e'
-        '7f6364c416676af03f245b3ed978e51e0f62198941d1ee287ffec5a4607e53359172a2bfea29671b5e6ad490ea1ed9129900d6b205251e6a1cdad2887a4bb475'
-        '20c22df12ad3983424d16668b0cd4d99364be3c1ae9894c3750917cd26ed99659cbbf1fc0d325397f8f88bef56192108b84f64a876c768ff02b595e19a7e3ab1')
+        '0a3ce87ad3cb3e4d9e569438d0febeb6457abd4f9032191b08f38c84ba5a628a4182541f8573c92187b895ab127ee8ff35e94020455556a320d1f7e270d6e8b1')
 
 prepare() {
   msg2 'Updating brotli submodule'
   git -C ngx_brotli submodule update --init --depth=1
 
+  msg2 'Fixing ngx_pq config'
+  sed -i ngx_pq/config -e 's|`pg_config --includedir`|/usr/include/postgresql|'
+
   cd nginx-release-$pkgver
 
   msg2 'Applying io_uring patch'
@@ -61,9 +69,6 @@ prepare() {
 
   msg2 'Applying dynamic TLS records patch'
   patch --no-backup-if-mismatch -Np1 -i ../003-dynamic-tls.patch
-
-  msg2 'Applying HPACK encoding patch'
-  patch --no-backup-if-mismatch -Np1 -i ../004-hpack-enc.patch
 }
 
 build() {
@@ -81,8 +86,8 @@ build() {
     --http-client-body-temp-path=/var/cache/nginx/client_temp \
     --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
     --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
-    --user=nginx \
-    --group=nginx \
+    --user=http \
+    --group=http \
     --with-compat \
     --with-file-aio \
     --with-threads \
@@ -98,7 +103,6 @@ build() {
     --with-http_slice_module \
     --with-http_ssl_module \
     --with-http_v2_module \
-    --with-http_v2_hpack_enc \
     --with-http_v3_module \
     --without-http_browser_module \
     --without-http_empty_gif_module \
@@ -116,6 +120,7 @@ build() {
     --add-dynamic-module="$srcdir"/ngx_vts \
     --add-dynamic-module="$srcdir"/ngx_memc \
     --add-dynamic-module="$srcdir"/ngx_redis2 \
+    --add-dynamic-module="$srcdir"/ngx_pq \
     --with-cc-opt="$CFLAGS $CPPFLAGS" \
     --with-ld-opt="$LDFLAGS -lmimalloc"
 
@@ -155,16 +160,15 @@ package() {
   install -Dm644 docs/text/LICENSE "$pkgdir"/usr/share/licenses/${pkgname}/LICENSE
 
   for f in objs/ngx_*_module.so; do
-    install -Dm644 $f "$pkgdir"/var/lib/nginx/modules
+    install -Dm644 "$f" "$pkgdir"/var/lib/nginx/modules
   done
 
   for d in ftdetect ftplugin indent syntax; do
     install -Dm644 contrib/vim/$d/nginx.vim \
       "$pkgdir/usr/share/vim/vimfiles/$d/nginx.vim"
   done
 
-  sed -i "$pkgdir"/etc/nginx/nginx.conf \
-      -e '/^user/s|nginx|http|;/^pid/s|/var||'
+  sed -i "$pkgdir"/etc/nginx/nginx.conf -e '/^pid/s|/var||'
 
   printf >> "$pkgdir"/etc/nginx/uwsgi_params \
     '\nuwsgi_param HTTP_EARLY_DATA $ssl_early_data if_not_empty;\n'

diff --git a/config/nginx.conf b/config/nginx.conf
@@ -1,4 +1,4 @@
-user              nginx;
+user              http;
 worker_processes  auto;
 pcre_jit          on;
 pid               /var/run/nginx.pid;

diff --git a/patches/003-dynamic-tls.patch b/patches/003-dynamic-tls.patch
@@ -218,10 +218,10 @@ diff --git a/src/http/modules/ngx_http_ssl_module.h b/src/http/modules/ngx_http_
 index 26fdccf..b14b52a 100644
 --- a/src/http/modules/ngx_http_ssl_module.h
 +++ b/src/http/modules/ngx_http_ssl_module.h
-@@ -67,6 +67,12 @@ typedef struct {
-
-     u_char                         *file;
-     ngx_uint_t                      line;
+@@ -62,6 +62,12 @@ typedef struct {
+     ngx_flag_t                      stapling_verify;
+     ngx_str_t                       stapling_file;
+     ngx_str_t                       stapling_responder;
 +
 +    ngx_flag_t                      dyn_rec_enable;
 +    ngx_msec_t                      dyn_rec_timeout;