How to compile nginx-http-shibboleth against 1.26.3

Hello there :wave:

My issue:
Can compile nginx-http-shibboleth against 1.26.3 with pkg-oss.
Yet nginx.service demands exactly fitting module versions.

How I encountered the problem:
Well: ./build_module.sh -v 1.26.3 https://github.com/nginx-shib/nginx-http-shibboleth.git produces the 1.27.1 module

Solutions I’ve tried:
Tried altering pkg-oss (changing nginx version or URL in Makefile, as well as in version file in compiling/pkg-oss-4e0f19ed237a/contrib/src/nginx/version and a few other things), yet no luck, module binary alway has the same hash as 1.27.1

Can’t roll back either since the version of nginx I need is not available any more, don’t have a package at hand, and couldn’t find any 1.26.2 .debs anywhere. (not in apt cache either sadly)

My config:
ubuntu 20.04, nginx as web server a ton of dynamic modules installed an configured.


Any chance pkg-oss will support 1.26.3 in the near future?
Or if someone has a workaround where I dont have to compüile nginx with all the modules statically, please let me know! :pray:

Greetings
thomas

Found a way, if you need that too, see: https://stackoverflow.com/staging-ground/79471170

hi @tkvisol
please share a solution here as the link is broken. I faced with the same issue.
Thank you

tl;dr
Use apt and apt-src packages (script below)

Found out how to build in docker.
Because this is just some isolated bash execution, one can do it in bash.
But I’m limited in my time so i did not test the following but gave the Dockerfile to an a LLM to make a bash script out of it:

#!/bin/bash

set -e  # Exit on error
set -o pipefail  # Catch errors in piped commands

# Ensure required environment variables are set
if [[ -z "$NGINX_VERSION" ]]; then
    echo "Error: NGINX_VERSION is not set"
    exit 1
fi

# Enable deb-src in sources.list
sed -Ei 's/^# deb-src /deb-src /' /etc/apt/sources.list

# Update and install necessary dependencies
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
    apt-transport-https \
    ca-certificates \
    git \
    libxslt-dev \
    libgd-dev \
    libgeoip-dev \
    libperl-dev \
    software-properties-common \
    gpg-agent

# Add the Ondřej Surý repository for Nginx sources
LC_ALL=C.UTF-8 add-apt-repository --yes --enable-source ppa:ondrej/nginx

# Install build dependencies for nginx-extras
apt-get update
apt-get build-dep -y nginx-extras="$NGINX_VERSION"

# Download nginx-extras source code
apt-get source nginx-extras="$NGINX_VERSION"

# Clone the Shibboleth module repository
git clone https://github.com/nginx-shib/nginx-http-shibboleth.git

# Enter the Nginx source directory
cd nginx-$NGINX_VERSION

# Configure Nginx build with the required modules
./configure \
    --with-cc-opt='-g -O2 -ffile-prefix-map=/build/nginx-xQvXCS/nginx-${NGINX_VERSION}=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' \
    --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -fPIC' \
    --prefix=/usr/share/nginx \
    --conf-path=/etc/nginx/nginx.conf \
    --http-log-path=/var/log/nginx/access.log \
    --error-log-path=stderr \
    --lock-path=/var/lock/nginx.lock \
    --pid-path=/run/nginx.pid \
    --modules-path=/usr/lib/nginx/modules \
    --http-client-body-temp-path=/var/lib/nginx/body \
    --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
    --http-proxy-temp-path=/var/lib/nginx/proxy \
    --http-scgi-temp-path=/var/lib/nginx/scgi \
    --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
    --with-compat \
    --with-debug \
    --with-pcre-jit \
    --with-http_ssl_module \
    --with-http_stub_status_module \
    --with-http_realip_module \
    --with-http_auth_request_module \
    --with-http_v2_module \
    --with-http_v3_module \
    --with-http_dav_module \
    --with-http_slice_module \
    --with-threads \
    --with-http_addition_module \
    --with-http_flv_module \
    --with-http_gunzip_module \
    --with-http_gzip_static_module \
    --with-http_mp4_module \
    --with-http_random_index_module \
    --with-http_secure_link_module \
    --with-http_sub_module \
    --with-mail_ssl_module \
    --with-stream_ssl_module \
    --with-stream_ssl_preread_module \
    --with-stream_realip_module \
    --with-http_geoip_module=dynamic \
    --with-http_image_filter_module=dynamic \
    --with-http_perl_module=dynamic \
    --with-http_xslt_module=dynamic \
    --with-mail=dynamic \
    --with-stream=dynamic \
    --with-stream_geoip_module=dynamic \
    --add-dynamic-module=../nginx-http-shibboleth/

# Compile Nginx with the module
make CFLAGS="-Wno-error=deprecated-declarations"

# Output location of the compiled module
echo "Build complete. Module is located at: $(pwd)/objs/ngx_http_shibboleth_module.so"

Here’s a link that should work: nginx - Is there a way to compile ngx_http_shibboleth_module.so a dynamically loaded module without pkg-oss? - Stack Overflow

Anyway I hope this works for you.

1 Like

hi @tkvisol
I found another way:
I used latest build_module.sh pkg-oss/build_module.sh at cd252a6a7e7a34eb9c998007f0cddce6221f9063 · nginx/pkg-oss · GitHub instead of http://hg.nginx.org/pkg-oss/raw-file/default/build_module.sh
Anyway thank you!

Ah thats why the other pkg-oss was out of date.
Thank you very much!

1 Like