Welcome to Centmin Mod Community
Register Now

Beta Branch downgrade back to nginx lua module 0.9.20

Discussion in 'Centmin Mod Github Commits' started by eva2000, Jan 20, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    30,914
    6,909
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,405
    Local Time:
    5:18 PM
    Nginx 1.13.x
    MariaDB 5.5
    downgrade back to nginx lua module 0.9.20

    0.10.0 has an error during nginx compilation

    Code:
    ccache /usr/bin/clang -ferror-limit=0 -c -I/usr/local/include/luajit-2.1  -pipe  -O -Wall -Wextra -Wpointer-arith -Wconditional-uninitialized -Wno-unused-parameter -Werror -g -m64 -mtune=native -mfpmath=sse -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare -Wno-string-plus-int -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion  -DNDK_SET_VAR -DNDK_UPSTREAM_LIST -DNDK_SET_VAR  -I src/core -I src/event -I src/event/modules -I src/os/unix -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/third_party/chromium/src -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/third_party/google-sparsehash/src -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/third_party/google-sparsehash/gen/arch/linux/x64/include -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/third_party/protobuf/src -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/third_party/re2/src -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/out/Release/obj/gen -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/out/Release/obj/gen/protoc_out/instaweb -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/third_party/apr/src/include -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/third_party/aprutil/src/include -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/third_party/apr/gen/arch/linux/x64/include -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/third_party/aprutil/gen/arch/linux/x64/include -I ../ngx_devel_kit-0.2.19/objs -I objs/addon/ndk -I /usr/local/include/luajit-2.1 -I ../lua-nginx-module-0.10.0/src/api -I ../nginx_upstream_check_module-0.3.0 -I ../pcre-8.38 -I ../libressl-2.2.5/.openssl/include -I objs -I src/http -I src/http/modules -I src/http/v2 -I ../ngx_devel_kit-0.2.19/src -I src/mail -I src/stream \
                    -o objs/addon/src/ngx_http_lua_module.o \
                    ../lua-nginx-module-0.10.0/src/ngx_http_lua_module.c
    ../lua-nginx-module-0.10.0/src/ngx_http_lua_module.c:897:9: error: implicit declaration of function 'SSL_CTX_set_cert_cb' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
            SSL_CTX_set_cert_cb(sscf->ssl.ctx, ngx_http_lua_ssl_cert_handler, NULL);
            ^
    1 error generated.
    make[1]: *** [objs/addon/src/ngx_http_lua_module.o] Error 1
    make[1]: Leaving directory `/svr-setup/nginx-1.9.9'
    make: *** [install] Error 2
    
    Continue reading...

    123.09beta01 branch
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,914
    6,909
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,405
    Local Time:
    5:18 PM
    Nginx 1.13.x
    MariaDB 5.5
    seems related to a few changes openresty did to the nginx core via patches for their nginx lua module 0.10.0 new features Google Groups & feature: applied the ssl_cert_cb_yield patch to the NGINX core to all… · openresty/ngx_openresty@c0c2f88 · GitHub and actual patch ngx_openresty/nginx-1.9.7-ssl_cert_cb_yield.patch at master · openresty/ngx_openresty · GitHub

    Looks like LibreSSL doesn't support SSL_CTX_set_cert_cb like OpenSSL 1.0.2+. OpenSSL i can find references to it https://github.com/openssl/openssl/search?utf8=✓&q=SSL_CTX_set_cert_cb but no reference in LibreSSL code https://github.com/libressl-portable/portable/search?utf8=✓&q=SSL_CTX_set_cert_cb
     
    Last edited: Jan 20, 2016
  3. eva2000

    eva2000 Administrator Staff Member

    30,914
    6,909
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,405
    Local Time:
    5:18 PM
    Nginx 1.13.x
    MariaDB 5.5
    downgraded nginx lua module back from 0.10.0 to 0.9.20
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,914
    6,909
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,405
    Local Time:
    5:18 PM
    Nginx 1.13.x
    MariaDB 5.5
    If you really need to use the newer features in OpenResty's Nginx Lua 0.10.0 version, you can use centmin mod persistent config file to override the centmin.sh variables to switch back from LibreSSL to OpenSSL integration into Nginx and to set the Nginx lua version variable to 0.10.0

    Create or append to your persistent config at /etc/centminmod/custom_config.inc the following variable settings
    Code:
    LIBRESSL_SWITCH='n'
    ORESTY_LUANGINXVER='0.10.0'
    
    Then run centmin.sh menu option 4 to recompile nginx
    However, not clear if i need to patch nginx core too ngx_openresty/nginx-1.9.7-ssl_cert_cb_yield.patch at master · openresty/ngx_openresty · GitHub so more testing needed if using lua-nginx-module 0.10.0

    patch does apply cleanly on nginx 1.9.9 though :D

    Code:
    cd /svr-setup/nginx-1.9.9
    wget https://github.com/openresty/ngx_openresty/raw/master/patches/nginx-1.9.7-ssl_cert_cb_yield.patch
    patch -p1 < nginx-1.9.7-ssl_cert_cb_yield.patch
    patching file src/event/ngx_event_openssl.c
    Then of course, need to re-run centmin.sh menu option 4 to recompile nginx
     
    Last edited: Jan 20, 2016
  5. eva2000

    eva2000 Administrator Staff Member

    30,914
    6,909
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,405
    Local Time:
    5:18 PM
    Nginx 1.13.x
    MariaDB 5.5
    Possibility of this patch being added to nginx mainline core as agentzh posted it in Nginx development forums at [PATCH] SSL: handled SSL_CTX_set_cert_cb() callback yielding.

     
  6. Saumya Majumder

    Saumya Majumder Member

    60
    3
    8
    Mar 16, 2016
    Ratings:
    +12
    Local Time:
    12:48 PM
    1.9.12
    10.0.24
    Hi @eva2000 is there any eta for when centminmod 0.9 is going t be released? Actually I'm relly exited for the letsencrypt support in it. Looking forward to using letsencrypt on my site with the new centminmod :)

    Good luck. Keep up the good work.
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,914
    6,909
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,405
    Local Time:
    5:18 PM
    Nginx 1.13.x
    MariaDB 5.5
    123.09beta01 is still in testing see my replies at Timeline / Roadmap | Centmin Mod Community

    FYI 123.09beta01 branch specifically doesn't contain letsencrypt integration as that is being done in a separate branch altogether right now.
     
  8. Saumya Majumder

    Saumya Majumder Member

    60
    3
    8
    Mar 16, 2016
    Ratings:
    +12
    Local Time:
    12:48 PM
    1.9.12
    10.0.24
    @eva2000 thats fine, but I hope when v0.9 will be out of beta and will be released publicly, it will have the letsencrypt functionality built-in. right?
     
  9. eva2000

    eva2000 Administrator Staff Member

    30,914
    6,909
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,405
    Local Time:
    5:18 PM
    Nginx 1.13.x
    MariaDB 5.5
    Depends on maturity of official letsencrypt client, it recently changed it's name to certbot and changed alot of code and the 2nd bash based client i added le.sh also changed it's name to acme.sh so many changes to test and re-test. Rushing things could break future compatibility and operation as these clients' code continue to evolve and change :)
     
  10. Saumya Majumder

    Saumya Majumder Member

    60
    3
    8
    Mar 16, 2016
    Ratings:
    +12
    Local Time:
    12:48 PM
    1.9.12
    10.0.24
    So, no promises for letsencrypt support on Centminmod 0.9. :( I understand your point, but still feeling sad :(

    Anyways thanks again for doing some awesome work here.
     
    • Like Like x 1