Commit Graph

260 Commits

Author SHA1 Message Date
Emily
db3182a65d nginxModules.brotli: v0.1.2 -> unstable
The fork was merged back upstream but has yet to see a formal release.
2020-02-04 19:30:40 -06:00
Will Dietz
92d29418b3
nginxMainline: 1.17.3 -> 1.17.8
http://nginx.org/en/CHANGES
2020-01-21 11:02:11 -06:00
Ryan Mulligan
6de8b8f144
Merge pull request #61722 from Izorkin/pinba-nginx
nginxModules.pinba: init at 13.05.2019
2020-01-04 07:58:18 -08:00
Frederik Rietdijk
7aa2b0215b Merge master into staging-next 2020-01-03 10:25:14 +01:00
Robin Gloster
6ca6ac796b
treewide: configureFlags is a flat list 2019-12-31 01:37:49 +01:00
Robin Gloster
5f2b92e3ec
treewide: NIX_*_COMPILE -> string 2019-12-31 00:13:29 +01:00
aszlig
ccf55bead1
nginx: Clear Last-Modified if ETag is from store
This is what I've suspected a while ago[1]:

> Heads-up everyone: After testing this in a few production instances,
> it seems that some browsers still get cache hits for new store paths
> (and changed contents) for some reason. I highly suspect that it might
> be due to the last-modified header (as mentioned in [2]).
>
> Going to test this with last-modified disabled for a little while and
> if this is the case I think we should improve that patch by disabling
> last-modified if serving from a store path.

Much earlier[2] when I reviewed the patch, I wrote this:

> Other than that, it looks good to me.
>
> However, I'm not sure what we should do with Last-Modified header.
> From RFC 2616, section 13.3.4:
>
> - If both an entity tag and a Last-Modified value have been
>   provided by the origin server, SHOULD use both validators in
>   cache-conditional requests. This allows both HTTP/1.0 and
>   HTTP/1.1 caches to respond appropriately.
>
> I'm a bit nervous about the SHOULD here, as user agents in the wild
> could possibly just use Last-Modified and use the cached content
> instead.

Unfortunately, I didn't pursue this any further back then because
@pbogdan noted[3] the following:

> Hmm, could they (assuming they are conforming):
>
>  * If an entity tag has been provided by the origin server, MUST
>    use that entity tag in any cache-conditional request (using If-
>    Match or If-None-Match).

Since running with this patch in some deployments, I found that both
Firefox and Chrome/Chromium do NOT re-validate against the ETag if the
Last-Modified header is still the same.

So I wrote a small NixOS VM test with Geckodriver to have a test case
which is closer to the real world and I indeed was able to reproduce
this.

Whether this is actually a bug in Chrome or Firefox is an entirely
different issue and even IF it is the fault of the browsers and it is
fixed at some point, we'd still need to handle this for older browser
versions.

Apart from clearing the header, I also recreated the patch by using a
plain "git diff" with a small description on top. This should make it
easier for future authors to work on that patch.

[1]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-495072764
[2]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-451644084
[3]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-451646135

Signed-off-by: aszlig <aszlig@nix.build>
2019-12-30 14:30:36 +01:00
Izorkin
edddf0ac47 nginxModules.pinba: init at 13.05.2019 2019-12-11 10:06:55 +03:00
Jörg Thalheim
571ed9d22e
nginx: reference tests 2019-11-29 12:27:55 +00:00
tekeri
a5f26644d4 Add nginx perl modules (#73198)
* nginx: enable perl_module if perl is given

* nginx: move `perl = null` to toplevel
2019-11-27 17:08:56 +00:00
Franz Pletz
de85797565
Merge remote-tracking branch 'origin/master' into gcc-8 2019-09-03 22:15:07 +02:00
Robin Gloster
616b8343c4
Merge remote-tracking branch 'upstream/master' into gcc-8 2019-08-25 18:55:46 +02:00
Vladimír Čunát
2e6bf42a22
Merge branch 'master' into staging-next
There ver very many conflicts, basically all due to
name -> pname+version.  Fortunately, almost everything was auto-resolved
by kdiff3, and for now I just fixed up a couple evaluation problems,
as verified by the tarball job.  There might be some fallback to these
conflicts, but I believe it should be minimal.

Hydra nixpkgs: ?compare=1538299
2019-08-24 08:55:37 +02:00
Robin Gloster
4e60b0efae
treewide: update globin's maintained drvs 2019-08-20 19:36:05 +02:00
volth
c814d72b51 treewide: name -> pname 2019-08-17 10:54:38 +00:00
Izorkin
83381bec9c nginxMainline: 1.17.2 -> 1.17.3 2019-08-13 21:31:57 +03:00
Izorkin
aec55db737 nginxStable: 1.16.0 -> 1.16.1 2019-08-13 21:30:08 +03:00
Izorkin
293e5d8365 nginxMainline: 1.16.0 -> 1.17.2 2019-07-24 21:09:22 +03:00
Franz Pletz
c051374da2
nginx: fix build with gcc8 2019-06-17 07:06:02 +02:00
Izorkin
872f056bb4 nginxModules.lua: 0.10.14 -> 0.10.15 2019-05-13 12:37:14 +03:00
Izorkin
fa3f68edab nginxModules.http_proxy_connect_module: 16.04.2019 -> 06.05.2019 2019-05-13 12:37:10 +03:00
Jörg Thalheim
0816c69173
nginxModules: update and add nginx modules (#59949)
nginxModules: update and add nginx modules
2019-05-13 10:15:09 +01:00
Izorkin
619aa5c97f nginxMainline: 1.15.12 -> 1.16.0 2019-04-30 07:56:29 +03:00
Izorkin
65a736064a nginxStable: 1.14.2 -> 1.16.0 2019-04-30 07:56:23 +03:00
Yurii Izorkin
5ba8811758 nginxMainline: 1.15.10 -> 1.15.12 (#59950) 2019-04-22 00:08:08 +02:00
Izorkin
452cf0b3e2 nginxModules.naxsi: init at 0.56 2019-04-21 11:10:49 +03:00
Izorkin
6600d00ed1 nginxModules.video-thumbextractor: init at 0.9.0 2019-04-21 10:32:46 +03:00
Izorkin
f6525448a5 nginxModules.sorted-querystring: init at 0.3 2019-04-21 10:30:29 +03:00
Izorkin
b329187524 nginxModules.limit-speed: init at 21.05.2014 2019-04-21 10:27:31 +03:00
Izorkin
13c938ac1e nginxModules.subsFilter: 0.6.4 -> 13.04.2016 2019-04-21 10:21:44 +03:00
Izorkin
d1dff5a9ec nginxModules.upstream-tarantool: 2.7 -> 2.7.1 2019-04-20 23:11:08 +03:00
Izorkin
6a154d00c3 nginxModules.upstream-check: 10.11.2017 -> 12.08.2018 2019-04-20 23:08:55 +03:00
Izorkin
d66b94da62 nginxModules.coolkit: init at 0.2 2019-04-20 22:35:55 +03:00
Izorkin
80666e68b2 nginxModules.slowfs-cache: init at 1.10 2019-04-20 22:29:29 +03:00
Izorkin
8c1131ef28 nginxModules.lua: 0.10.13 -> 0.10.14 2019-04-20 22:29:29 +03:00
Izorkin
89a73423ab nginxModules.mpeg-ts: init at 0.1.1 2019-04-20 22:29:24 +03:00
Izorkin
c940a7caa0 nginxModules.live: init at 18.11.2018 2019-04-20 21:46:45 +03:00
Izorkin
b0dc2d6106 nginxModules.dav: 0.1.0 -> 3.0.0 2019-04-20 21:40:09 +03:00
Izorkin
7a5d938067 nginxModules.http_proxy_connect_module: 05.09.2018 -> 16.04.2019 2019-04-20 21:33:18 +03:00
aszlig
1f24685d93
nginx/etag-patch: Use Nix store dir from build env
So far, the Nix store directory was hardcoded and if someone uses a
different Nix store directory the patch won't work. Of course, this is
pretty uncommon, but by not only substituting the store directory but
also the length of it we also save a few calls to ngx_strlen(), which
should save us a few cycles.

Signed-off-by: aszlig <aszlig@nix.build>
2019-04-18 10:07:55 +02:00
aszlig
af5a3ce474
nginx: Fix memleak in nix-etag patch
The original patch introduced a new "real" variable which gets populated
(and allocated) via ngx_realpath(). It's properly freed in error
conditions but it won't be freed if ngx_http_set_etag returns
successfully.

Adding another ngx_free() just before returning fixes that memory leak.

I also fixed a small indentation issue along the way.

Signed-off-by: aszlig <aszlig@nix.build>
2019-04-18 09:40:13 +02:00
Yegor Timoshenko
1da8eec00f
nginx: handle impure symlinks in ETag patch 2019-04-18 09:40:11 +02:00
Yegor Timoshenko
f03302b636
nginx: check for realpath() == NULL in ETag patch
Thanks to Gabriel Ebner!
2019-04-18 09:40:09 +02:00
Yegor Timoshenko
135d54f535
nginx: if root is in Nix store, use path's hash as ETag
Resolves #25485. Usage example:

$ realpath /var/www
/nix/store/wnrhnnpdj3x50j5xz38zp1qxs1ygwccw-site
$ curl --head localhost
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Sep 2018 06:09:25 GMT
Content-Type: text/html
Content-Length: 50
Last-Modified: Thu, 01 Jan 1970 00:00:01 GMT
Connection: keep-alive
ETag: "wnrhnnpdj3x50j5xz38zp1qxs1ygwccw"
Accept-Ranges: bytes
2019-04-18 09:40:06 +02:00
Franz Pletz
4c0d1ae7be
nginxMainline: 1.15.9 -> 1.15.10 2019-04-02 12:02:39 +02:00
Maximilian Bosch
37867dba74
nginxModules.http_proxy_connect_module: init
This adds the nginx module `ngx_http_proxy_connect_module` which allows
to tunnel HTTPS through an nginx proxy[1].

As this module contained patches for several nginx version, some minor
adjustments were needed:

* Allowed each entry in `nginxModules` to provide patches.

* Added an optional `supports` attribute to ensure that each module can
  determine if it supports the currently built nginx version (e.g. stable
  1.14 ATM or mainline 1.15 ATM).

[1] https://github.com/chobits/ngx_http_proxy_connect_module
2019-03-29 23:53:09 +01:00
Benjamin Smith
f4d24273e5 nginx: add http subs filter module (#56546) 2019-03-13 02:16:40 +02:00
Alyssa Ross
2576d09716 nginxMainline: 1.15.8 -> 1.15.9 (#56416) 2019-02-28 22:13:35 +01:00
Vincent Bernat
33802e9ed8 nginx: expose list of additional modules (#53897)
Currently, it seems there is no easy way to override package to add
modules. For example, if we want to add the `ipscrub` module, we can
do:

    pkgs.nginxStable.override {
      modules = [ pkgs.nginxModules.ipscrub ];
    };

But, then, we loose `rtmp`, `dav` and `moreheaders` which are defined
in `all-packages.nix`. With this modification, we can now do:

    pkgs.nginxStable.override {
      modules = pkg.nginxStable.passthru.modules ++ [ pkgs.nginxModules.ipscrub ];
    };
2019-01-31 02:15:14 +02:00
Franz Pletz
9ea5b2c052
nginxMainline: 1.15.7 -> 1.15.8 2019-01-11 07:55:25 +01:00