Learn about Centmin Mod LEMP Stack today
Become a Member

Nginx Freenginx

Discussion in 'Nginx and PHP-FPM news & discussions' started by buik, Feb 15, 2024.

  1. buik

    buik “The best traveler is one without a camera.”

    1,982
    517
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,644
    Local Time:
    3:18 PM
    After Angie, another Nginx fork: Freenginx is released, by former lead developer: Maxim Dounin.

    Also the same reason why Nginx has been almost unreleased for years in terms of features and options. Since most of the original Nginx developers are out (Nginx is originally a Russian company).


    One point of surprise, though. Maxim is now using the name ....Nginx, which is a brand name, for his own company. He could get a problem with that to Nginx brand holder: F5.
     
  2. eva2000

    eva2000 Administrator Staff Member

    52,769
    12,078
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,605
    Local Time:
    11:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Wow sad unfortunate situation [nginx-announce] announcing freenginx.org. But grateful for his dedication to Nginx!

    Yeah tricky situation.

    Thanks for the heads up. Busy with client work so will have to look at Freenginx a bit later. Looks like Freenginx code right now is same just different download urls and Mercurial source control repo. So can add optional Freenginx support to Centmin Mod just like I did for Angie Nginx fork https://community.centminmod.com/th...-that-was-forked-from-nginx.24378/#post-98352
     
  3. eva2000

    eva2000 Administrator Staff Member

    52,769
    12,078
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,605
    Local Time:
    11:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  4. eva2000

    eva2000 Administrator Staff Member

    52,769
    12,078
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,605
    Local Time:
    11:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Looks like made the news on Phoronix too https://www.phoronix.com/news/Nginx-Forked-To-Freenginx and their comments https://www.phoronix.com/forums/node/1443374

    https://www.phoronix.com/forums/for...b-server-into-freenginx?p=1443452#post1443452

    Knowing this info and why Official Nginx 1.25.4 was released today, I'm siding with F5 on this as I would want to know of security bugs even if Nginx HTTP/3 is experimental code still. Would also make me cautious using Maxim's Freenginx fork if his philosophy is not to assign CVE security labels to Nginx code that he thinks is experimental
     
  5. eva2000

    eva2000 Administrator Staff Member

    52,769
    12,078
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,605
    Local Time:
    11:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Added to 130.00beta01 optional freenginx forked Nginx support via variable FREENGINX_INSTALL='y' that you can optionally set in the persistent config file /etc/centminmod/custom_config.inc (disabled by default), which will have Nginx version build tagged with -freengx :)

     
  6. eva2000

    eva2000 Administrator Staff Member

    52,769
    12,078
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,605
    Local Time:
    11:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    More info at Nginx core developer quits project in security dispute, starts “freenginx” fork

    Also comment on ARS article from a person familar with CNA
     
  7. eva2000

    eva2000 Administrator Staff Member

    52,769
    12,078
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,605
    Local Time:
    11:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Freenginx: Core Nginx developer announces fork | Hacker News

     
  8. buik

    buik “The best traveler is one without a camera.”

    1,982
    517
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,644
    Local Time:
    3:18 PM
    Very neat what he did those 2 years. If I were him I would never ever have done the same: Being fired and then continuing the same work voluntarily.

    And as for the brand name. The website and domain are hosted in Europe. F5 (American), can do little in Russia. But Europe is a different story. Curious to see how that will play out.
     
  9. eva2000

    eva2000 Administrator Staff Member

    52,769
    12,078
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,605
    Local Time:
    11:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Copyright holders have at their discretion the right to or not to pursue their rights. Not sure it would be wise to pursue Maxim legally for use of Nginx name and risk pissing off the Nginx developer/contributor/own staff/ community and users.

    I 100% understand his feelings as almost exact similar situation happened to me recently when a 12+ years old working client relationship ended with my client passing away and having eventually been taken advantage of by his relative who didn't pay me for my work in saving the server and site from overdue web hosting bill termination when no known relatives had been found yet and even wanted to take false unsubstantiated legal action against me. I did it anyway knowing there was a possibility of such outcome as 12yrs is a long time working on my deceased client's server and I considered it almost apart of set of babies and had a attachment to seeing them survive and continue in the way I designed and configured it for.
     
  10. atomi

    atomi Member

    36
    10
    8
    Jul 14, 2018
    Ratings:
    +23
    Local Time:
    4:18 PM
    1.27.x
    10
    Freenginx 1.25.4 was released yesterday and the latest beta seems to work just fine with it

    Code:
    nginx version: nginx/1.25.4 (210224-203505-almalinux8-lxc-03cbe97-br-a71f931-freengx)
    built with OpenSSL 1.1.1w+quic  11 Sep 2023
    TLS SNI support enabled
     
  11. eva2000

    eva2000 Administrator Staff Member

    52,769
    12,078
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,605
    Local Time:
    11:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Thanks for heads up. Notice the differences in Change logs! Clearly Maxmim doesn't like HTTP/3 security bugs being labelled with CVEs :LOL: Personally I prefer CVE labelled security classed bugs for Nginx HTTP/3 :)

    http://freenginx.org/en/CHANGES

    Code (Text):
    Changes with freenginx 1.25.4                                    20 Feb 2024
    
       *) Change: now the "freenginx" name is used in responses.
    
       *) Bugfix: "open socket left" alerts might appear in logs during worker
          processes shutdown when using AIO.
    
       *) Bugfix: a segmentation fault might occur in a worker process if AIO
          was used in subrequests.
    
       *) Bugfix: a segmentation fault might occur in a worker process if the
          "image_filter" directive was used, and errors with code 415 were
          redirected with the "error_page" directive.
    
       *) Bugfix: a segmentation fault might occur in a worker process when
          handling cached responses with the "X-Accel-Redirect" header.
          Thanks to Jiří Setnička.
    
       *) Bugfix: a segmentation fault might occur in a worker process when
          using HTTP/3.
    
       *) Bugfixes and improvements in HTTP/3.
    


    Nginx http://nginx.org/en/CHANGES

    Code (Text):
    Changes with nginx 1.25.4                                        14 Feb 2024
    
       *) Security: when using HTTP/3 a segmentation fault might occur in a
          worker process while processing a specially crafted QUIC session
          (CVE-2024-24989, CVE-2024-24990).
    
       *) Bugfix: connections with pending AIO operations might be closed
          prematurely during graceful shutdown of old worker processes.
    
       *) Bugfix: socket leak alerts no longer logged when fast shutdown was
          requested after graceful shutdown of old worker processes.
    
       *) Bugfix: a socket descriptor error, a socket leak, or a segmentation
          fault in a worker process (for SSL proxying) might occur if AIO was
          used in a subrequest.
    
       *) Bugfix: a segmentation fault might occur in a worker process if SSL
          proxying was used along with the "image_filter" directive and errors
          with code 415 were redirected with the "error_page" directive.
    
       *) Bugfixes and improvements in HTTP/3.
    
     
  12. atomi

    atomi Member

    36
    10
    8
    Jul 14, 2018
    Ratings:
    +23
    Local Time:
    4:18 PM
    1.27.x
    10
    Freenginx released 1.27.1 and wanted to give it a try but it wasnt so easy with the latest 130.00beta01.b632.
    I guess they have changed download name from "nginx-" to "freenginx-" and that resulted 404 error.
    Well I thought I will just update package name in 'downloadlinks.inc' but it didnt help since 'nginx_upgrade.inc' has download link in line 811. Then I updated it and the extract command just to find its extracted to different directory which will cause issues while patching etc so in the end I just manually downloaded file from freenginx.org then extracted the file and renamed "freenginx-1.27.1" directory to "nginx-1.27.1". After this I was able to compile the latest freenginx with http3.
    Code:
    # nginx -V
    nginx version: freenginx/1.27.1 (080624-145344-centos7-lxc-70631b1-br-a71f931-freengx)
    built by gcc 11.2.1 20220127 (Red Hat 11.2.1-9) (GCC)
    built with OpenSSL 1.1.1w+quic  11 Sep 2023
    TLS SNI support enabled
     
  13. eva2000

    eva2000 Administrator Staff Member

    52,769
    12,078
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,605
    Local Time:
    11:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Just set in persistent config file /etc/centminmod/custom_config.inc
    Code (Text):
    FREENGINX_INSTALL='y'

    Then run centmin.sh menu option 4 and input desired freenginx version :D
     
  14. atomi

    atomi Member

    36
    10
    8
    Jul 14, 2018
    Ratings:
    +23
    Local Time:
    4:18 PM
    1.27.x
    10
    Yes, I had that added but it didnt work. I think its broken in all freenginx versions
     
  15. eva2000

    eva2000 Administrator Staff Member

    52,769
    12,078
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,605
    Local Time:
    11:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Ah i see what you mean they changed the name of the file downloaded too Index of /download/ from nginx- to freenginx- will need to update 130.00beta01 then :)
     
  16. eva2000

    eva2000 Administrator Staff Member

    52,769
    12,078
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,605
    Local Time:
    11:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    updated 130.00beta01 with fix you can pull down via cmupdate command

    persistent config file using /etc/centminmod/custom_config.inc the variables to switch from official Nginx to forked freenginx and to use system OpenSSL on AlmaLinux 9 instead of compiling OpenSSL

    Code (Text):
    FREENGINX_INSTALL=y
    OPENSSL_SYSTEM_USE=y

     
  17. atomi

    atomi Member

    36
    10
    8
    Jul 14, 2018
    Ratings:
    +23
    Local Time:
    4:18 PM
    1.27.x
    10
    I tested with the same box that had issues yesterday.
    After cmupdate I got version 130.00beta01.b635 but nginx update from menu 4 didnt work but went back to main menu. Luckily got small hint whats wrong when I first time ran ./centmin.sh and fixed it by changing line 632 from /usr/local/src/centminmod/inc/nginx_upgrade.inc

    Old
    Code:
    if [[ "$ngver" = 'quic' || "$NGINX_QUIC_SUPPORT" = [yY] ]]
    New
    Code:
    if [[ "$ngver" = 'quic' || "$NGINX_QUIC_SUPPORT" = [yY] ]]; then
    After this change I was able to compile the latest freenginx without any issues. Thanks again for these changes and new PHP security updates!
     
    Last edited: Jun 9, 2024
  18. eva2000

    eva2000 Administrator Staff Member

    52,769
    12,078
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,605
    Local Time:
    11:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah the nginx_upgrade.inc bug was fixed in latest 130.00beta01 update :)
     
  19. atomi

    atomi Member

    36
    10
    8
    Jul 14, 2018
    Ratings:
    +23
    Local Time:
    4:18 PM
    1.27.x
    10
    Not sure if this should work but tried install the latest freenginx with fresh 140.00beta01 installation by adding following parameters to custom_config.inc
    Code:
    FREENGINX_INSTALL='y'
    NGINX_VERSION='1.27.1'
    installer failed without any working nginx because if I understand correctly by looking code from this file its not possible install freenginx from start? probably failed since there is no 1.27.1 nginx version
    /usr/local/src/centminmod/inc/nginx_install.inc
     
  20. eva2000

    eva2000 Administrator Staff Member

    52,769
    12,078
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,605
    Local Time:
    11:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    FREENGINX_INSTALL='y' works with FREENGINX_VERSION='1.27.1' not NGINX_VERSION='1.27.1' as official Nginx versions may not align with Freenginx versions. That would be one reason. The other is as you say FREENGINX_INSTALL='y' only works on centmin.sh menu option 4 upgrade runs and not initial install runs right now and work on such will be in future Centmin Mod 140.00beta01