summaryrefslogtreecommitdiffstats
path: root/meta-webserver/recipes-httpd/nginx/nginx.inc
Commit message (Collapse)AuthorAgeFilesLines
* nginx: fix CVE-2021-3618Joe Slater2021-08-211-0/+1
| | | | | | | | | | | | | | | | | | | | | Source: meta-openembedded.ort MR: 112731 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-webserver/recipes-httpd/nginx?id=f92dbcc4c2723e6ff4e308c8a2e6dc228a6cd7d5 ChangeID: dd3295b606d73e01dd09291d85d529dea17a1a9e Description: Backport with no change a patch from version 1.21.0. This patch was not cherry-picked by nginx to version 1.20.1. Information about this CVE comes from https://ubuntu.com/security/CVE-2021-3618. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f92dbcc4c2723e6ff4e308c8a2e6dc228a6cd7d5) [refesh patch for Dunfell context] Signed-off-by: Armin Kuster <akuster@mvista.com>
* nginx: fix CVE-2021-23017Changqing Li2021-07-101-0/+1
| | | | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 82385049035a3a4a81b18af099d2131b46802965) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: remove /var/log/nginx when do_installYi Zhao2020-05-171-1/+3
| | | | | | | | | | Remove directory /var/log/nginx when do_install because it is created by volatiles file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 6e9f393605eed1e5f4e317536b1463b83b978bad) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: fix error during service startupChangqing Li2020-02-261-0/+1
| | | | | | | | | fix below error: nginx.service: failed to parse pid from file /run/nginx/nginx.pid: invalid argument Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: fix install pathsGaylord Charles2019-11-171-2/+2
| | | | | | | | | | | This patch fixes Nginx install paths. I tried to build the native variant for testing purpose and had errors. - Use path variable instead of /usr - Replace the absolute path symlink with a relative one Signed-off-by: Gaylord CHARLES <gaylord.charles@veo-labs.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: fix kill path in nginx systemd unit filenick83ola2019-05-271-1/+1
| | | | | | | the kill utility is located in /bin/kill -> use base_bindir instead of bindir Signed-off-by: Nicola Lunghi <nick83ola@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: add PACKAGECONFIG[http-auth-request]nick83ola2019-05-271-0/+1
| | | | | Signed-off-by: Nicola Lunghi <nick83ola@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: add default proxy_paramsAndré Draszik2019-01-191-0/+3
| | | | | | | | | | | | | As per Debian packaging - to use it, see https://wiki.debian.org/Nginx/DirectoryStructure#Extra_Parameters This file is most commonly included when Nginx is acting as a reverse proxy: include /etc/nginx/proxy_params; proxy_pass http://localhost:8000; Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: configuration updateAndré Draszik2019-01-191-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Restructure the main configuration file to simplify custom configuration: * support inclusion of configuration fragments from subdirectories: - /etc/nginx/modules-enabled/*.conf - /etc/nginx/conf.d/*.conf - /etc/nginx/sites-enabled/* * default site (port 80): - move into /etc/nginx/sites-available/default_server and enable via symlink in /etc/nginx/sites-enabled/ - listen on IPv6 - drop unneeded example fragments * configure and enable gzip * update TLS settings to drop SSLv3 and enable TLSv1.3 for some safer defaults * update remaining bits to follow Debian standard configuration https://salsa.debian.org/nginx-team/nginx/blob/62a54a8ba66ee6cc1b4f8a33dab9a6f27a3fdac4/debian/conf/nginx.conf * drop unneeded example configuration bits from /etc/nginx/*.default These changes, in particular the configuration fragment support allow to easily customise nginx based on individual requirements. In addition, it is now possible for other recipes / packages to drop fragments into the respective directories in /etc/nginx without having to meddle with /etc/nginx/nginx.conf Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: update systemd unit using nginx recommendationAndré Draszik2019-01-191-0/+1
| | | | | | | | | | | | | | | | | | Our systemd unit doesn't follow the official recommendation, see https://www.nginx.com/resources/wiki/start/topics/examples/systemd/ Most importantly: * it should start after some additional specific targets/units * using PrivateTmp is a useful security feature, in particular to avoid cross domain scripting via the temp folder * using systemd's $MAINPID, we can distinguish between multiple running nginx instances correctly Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: add PACKAGECONFIG[ssl]Max Kellermann2018-09-241-2/+4
| | | | | Signed-off-by: Max Kellermann <max.kellermann@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: enable thread pools by defaultDerek Straka2018-07-121-0/+1
| | | | | | | The thread pool feature can be enabled without significant extra binary size. Thread pools can increase performance by an order of magnitude on some configurations Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: use oe.utils.conditional instead of deprecated base_conditionalMartin Jansa2018-02-011-1/+1
| | | | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: correctly set the endianness of the targetDerek Straka2017-12-111-1/+2
| | | | | | | | Add an inherit for siteinfo to get access to SITEINFO_ENDIANNESS Add a patch to have nginx actually use the user provided --with-endian Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Nginx: use PACKAGECONFIG variables in configureSzombathelyi György2017-09-181-1/+1
| | | | | Signed-off-by: Gyorgy Szombathelyi <gyurco@freemail.hu> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: depend on zlib instead of gzipPascal Bach2017-06-121-1/+1
| | | | | | | nginx requires zlib not gzip for compression. Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: make sure the user is correctly set for the volatile directoriesPascal Bach2017-03-311-0/+1
| | | | | Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: set sane defaults for temp directoriesPascal Bach2017-03-311-0/+5
| | | | | | | | | | Currently the build directiories en up in /usr/*_temp which is not what most users will expect. This changes the default location to /tmp/nginx/*_tmp. The location can still be overridden in the nginx.conf file. Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: handle systemd service fileAlexandre Belloni2017-02-131-1/+3
| | | | | | | | Inherit the systemd class so the service file is properly handled. Note that by default, the service file will be installed but not enabled. Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx.inc: use 4 spaces for indentationMartin Jansa2016-08-221-96/+98
| | | | | | * like any other sane recipes do Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: optimize systemd unit fileSzombathelyi György2016-08-221-1/+4
| | | | | | | | | - Call the nginx binary directly, no need to wrap the SysV init file. - Create /var/log/nginx with tmpfiles, like volatiles without systemd. - Run nginx with ${NGINX_USER} (user ${NGINX_USER} in nginx.conf) Signed-off-by: Gyorgy Szombathelyi <gyurco@freemail.hu> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: PACKAGECONFIG for httpv2Szombathelyi György2016-08-221-0/+2
| | | | | Signed-off-by: Gyorgy Szombathelyi <gyurco@freemail.hu> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: add the LDFLAGS to the link argumentsDerek Straka2016-08-151-0/+3
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* meta-webserver: use bb.utils.contains() instead of base_contains()Ross Burton2016-04-281-1/+1
| | | | | | | | base_contains() is a compatibility wrapper and may warn in the future, so replace all instances with bb.utils.contains(). Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: add stable version 1.8.1 as alternative to the mainline version 1.9.xPascal Bach2016-03-251-1/+1
| | | | | | | | | | The 1.8 branch is the current stable branch of nginx. This means the branch doesn't get new features, but is still supported with bugfixes. Depending on the use case it is more suitable to use on an embedded device than the 1.9 branch which adds new features with every release. Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
* nginx: split parts out of the recipe into nginx.incPascal Bach2016-03-251-0/+137
nginx has two maintained branches. - stable: is the long term maintained branch where only bugfixes occur - mainline: is the branch where new features get added This change is in preparation to support these two branches. Signed-off-by: Pascal Bach <pascal.bach@siemens.com>