My issue:
Can compile nginx-http-shibboleth against 1.26.3 with pkg-oss.
Yet nginx.service demands exactly fitting module versions.
How I encountered the problem:
Well: ./build_module.sh -v 1.26.3 https://github.com/nginx-shib/nginx-http-shibboleth.git produces the 1.27.1 module
Solutions I’ve tried:
Tried altering pkg-oss (changing nginx version or URL in Makefile, as well as in version file in compiling/pkg-oss-4e0f19ed237a/contrib/src/nginx/version and a few other things), yet no luck, module binary alway has the same hash as 1.27.1
Can’t roll back either since the version of nginx I need is not available any more, don’t have a package at hand, and couldn’t find any 1.26.2 .debs anywhere. (not in apt cache either sadly)
My config:
ubuntu 20.04, nginx as web server a ton of dynamic modules installed an configured.
Any chance pkg-oss will support 1.26.3 in the near future?
Or if someone has a workaround where I dont have to compüile nginx with all the modules statically, please let me know!
Found out how to build in docker.
Because this is just some isolated bash execution, one can do it in bash.
But I’m limited in my time so i did not test the following but gave the Dockerfile to an a LLM to make a bash script out of it:
#!/bin/bash
set -e # Exit on error
set -o pipefail # Catch errors in piped commands
# Ensure required environment variables are set
if [[ -z "$NGINX_VERSION" ]]; then
echo "Error: NGINX_VERSION is not set"
exit 1
fi
# Enable deb-src in sources.list
sed -Ei 's/^# deb-src /deb-src /' /etc/apt/sources.list
# Update and install necessary dependencies
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
apt-transport-https \
ca-certificates \
git \
libxslt-dev \
libgd-dev \
libgeoip-dev \
libperl-dev \
software-properties-common \
gpg-agent
# Add the Ondřej Surý repository for Nginx sources
LC_ALL=C.UTF-8 add-apt-repository --yes --enable-source ppa:ondrej/nginx
# Install build dependencies for nginx-extras
apt-get update
apt-get build-dep -y nginx-extras="$NGINX_VERSION"
# Download nginx-extras source code
apt-get source nginx-extras="$NGINX_VERSION"
# Clone the Shibboleth module repository
git clone https://github.com/nginx-shib/nginx-http-shibboleth.git
# Enter the Nginx source directory
cd nginx-$NGINX_VERSION
# Configure Nginx build with the required modules
./configure \
--with-cc-opt='-g -O2 -ffile-prefix-map=/build/nginx-xQvXCS/nginx-${NGINX_VERSION}=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' \
--with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -fPIC' \
--prefix=/usr/share/nginx \
--conf-path=/etc/nginx/nginx.conf \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=stderr \
--lock-path=/var/lock/nginx.lock \
--pid-path=/run/nginx.pid \
--modules-path=/usr/lib/nginx/modules \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--with-compat \
--with-debug \
--with-pcre-jit \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_auth_request_module \
--with-http_v2_module \
--with-http_v3_module \
--with-http_dav_module \
--with-http_slice_module \
--with-threads \
--with-http_addition_module \
--with-http_flv_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_mp4_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_sub_module \
--with-mail_ssl_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-stream_realip_module \
--with-http_geoip_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_perl_module=dynamic \
--with-http_xslt_module=dynamic \
--with-mail=dynamic \
--with-stream=dynamic \
--with-stream_geoip_module=dynamic \
--add-dynamic-module=../nginx-http-shibboleth/
# Compile Nginx with the module
make CFLAGS="-Wno-error=deprecated-declarations"
# Output location of the compiled module
echo "Build complete. Module is located at: $(pwd)/objs/ngx_http_shibboleth_module.so"