...
 
Commits (4)
nginx (1.16.1-1bionic0) bionic; urgency=medium
* Non-maintainer upload.
* New upstream stable release 1.16.1
-- Filip Chabik <hadret@gmail.com> Wed, 21 Aug 2019 12:49:39 +0000
nginx (1.16.0-0bionic0) bionic; urgency=medium
* Non-maintainer upload
* New upstream stable release (1.16.0)
* New upstream stable release 1.16.0
-- Filip Chabik <hadret@gmail.com> Fri, 26 Apr 2019 13:11:48 +0000
......
......@@ -11,8 +11,10 @@ Build-Depends: debhelper (>= 10),
libgd-dev,
libgeoip-dev,
libhiredis-dev,
libldap2-dev,
liblua5.1-0-dev [!i386 !amd64 !kfreebsd-i386 !armel !armhf !powerpc !powerpcspe !mips !mipsel],
libluajit-5.1-dev [i386 amd64 kfreebsd-i386 armel armhf powerpc powerpcspe mips mipsel],
libmaxminddb-dev,
libmhash-dev,
libpam0g-dev,
libpcre3-dev,
......@@ -68,11 +70,10 @@ Description: small, powerful, scalable web/proxy server - common files
Package: nginx-core
Architecture: any
Depends: iproute2,
libnginx-mod-http-geoip (= ${binary:Version}),
libnginx-mod-http-geoip2 (= ${binary:Version}),
libnginx-mod-http-image-filter (= ${binary:Version}),
libnginx-mod-http-xslt-filter (= ${binary:Version}),
libnginx-mod-mail (= ${binary:Version}),
libnginx-mod-stream (= ${binary:Version}),
nginx-common (= ${source:Version}),
${misc:Depends},
${shlibs:Depends}
......@@ -86,7 +87,7 @@ Description: nginx web/proxy server (standard version)
and as a proxy to reduce the load on back-end HTTP or mail servers.
.
This package provides a version of nginx identical to that of nginx-full,
but without any third-party modules, and only modules in the original
but without any third-party modules, and only modules in the original
nginx code base.
.
STANDARD HTTP MODULES: Core, Access, Auth Basic, Auto Index, Browser, Empty
......@@ -103,16 +104,20 @@ Description: nginx web/proxy server (standard version)
Package: nginx-full
Architecture: any
Depends: iproute2,
libnginx-mod-http-auth-ldap (= ${binary:Version}),
libnginx-mod-http-auth-pam (= ${binary:Version}),
libnginx-mod-http-dav-ext (= ${binary:Version}),
libnginx-mod-http-echo (= ${binary:Version}),
libnginx-mod-http-geoip (= ${binary:Version}),
libnginx-mod-http-geoip2 (= ${binary:Version}),
libnginx-mod-http-image-filter (= ${binary:Version}),
libnginx-mod-http-stream-server-traffic-status (= ${binary:Version}),
libnginx-mod-http-subs-filter (= ${binary:Version}),
libnginx-mod-http-upstream-fair (= ${binary:Version}),
libnginx-mod-http-upsync (= ${binary:Version}),
libnginx-mod-http-xslt-filter (= ${binary:Version}),
libnginx-mod-http-vhost-traffic-status (= ${binary:Version}),
libnginx-mod-mail (= ${binary:Version}),
libnginx-mod-stream (= ${binary:Version}),
libnginx-mod-stream-server-traffic-status (= ${binary:Version}),
nginx-common (= ${source:Version}),
${misc:Depends},
${shlibs:Depends}
......@@ -174,23 +179,27 @@ Description: nginx web/proxy server (basic version)
Package: nginx-extras
Architecture: any
Depends: iproute2,
libnginx-mod-http-auth-ldap (= ${binary:Version}),
libnginx-mod-http-auth-pam (= ${binary:Version}),
libnginx-mod-http-cache-purge (= ${binary:Version}),
libnginx-mod-http-dav-ext (= ${binary:Version}),
libnginx-mod-http-echo (= ${binary:Version}),
libnginx-mod-http-fancyindex (= ${binary:Version}),
libnginx-mod-http-geoip (= ${binary:Version}),
libnginx-mod-http-geoip2 (= ${binary:Version}),
libnginx-mod-http-headers-more-filter (= ${binary:Version}),
libnginx-mod-http-image-filter (= ${binary:Version}),
libnginx-mod-http-lua (= ${binary:Version}),
libnginx-mod-http-perl (= ${binary:Version}),
libnginx-mod-http-stream-server-traffic-status (= ${binary:Version}),
libnginx-mod-http-subs-filter (= ${binary:Version}),
libnginx-mod-http-uploadprogress (= ${binary:Version}),
libnginx-mod-http-upstream-fair (= ${binary:Version}),
libnginx-mod-http-upsync (= ${binary:Version}),
libnginx-mod-http-xslt-filter (= ${binary:Version}),
libnginx-mod-http-vhost-traffic-status (= ${binary:Version}),
libnginx-mod-mail (= ${binary:Version}),
libnginx-mod-nchan (= ${binary:Version}),
libnginx-mod-stream (= ${binary:Version}),
libnginx-mod-stream-server-traffic-status (= ${binary:Version}),
nginx-common (= ${source:Version}),
${misc:Depends},
${shlibs:Depends}
......@@ -223,11 +232,11 @@ Description: nginx web/proxy server (extended version)
Headers More, Embedded Lua, HTTP Substitutions, Nchan, Upload Progress,
Upstream Fair Queue.
Package: libnginx-mod-http-geoip
Package: libnginx-mod-http-geoip2
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}
Description: GeoIP HTTP module for Nginx
The ngx_http_geoip module creates variables with values depending on the
Description: GeoIP2 HTTP module for Nginx
The ngx_http_geoip2 module creates variables with values depending on the
client IP address, using the precompiled MaxMind databases.
.
Those variables include country, region, city, latitude, longitude, postal
......@@ -262,16 +271,6 @@ Description: Mail module for Nginx
The module supports proxying all the standard mail protocols such as IMAP,
POP3 & SMTP.
Package: libnginx-mod-stream
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}
Description: Stream module for Nginx
The nginx_stream module adds stream proxy support to nginx.
.
Stream module supports loadbalancing & proxying to TCP servers. The module
also supports ACLs/connection limiting and configuring multiple operational
parameters.
Package: libnginx-mod-http-perl
Architecture: any
Depends: ${misc:Depends}, ${perl:Depends}, ${shlibs:Depends}
......@@ -430,3 +429,48 @@ Description: RTMP support for Nginx
- Stream relay support via a push or pull model;
- Integrated stream recording;
- and more.
Package: libnginx-mod-http-vhost-traffic-status
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}
Description: virtual host traffic status module for Nginx
VTS provides access to virtual host status information. It contains the
current status such as servers, upstreams, caches. This is similar to
the live activity monitoring of nginx plus.
.
VTS provides access to virtual host status information.
Package: libnginx-mod-http-auth-ldap
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}
Description: LDAP authentication module for Nginx
The nginx_http_auth_ldap module enables authentication using LDAP.
.
The module uses LDAP as a backend for simple http authentication. It
also allows one to use multiple LDAP servers.
Package: libnginx-mod-http-upsync
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}
Description: dynamic upstreams via consul or etcd for Nginx
Sync upstreams from consul or etcd, dynamically modify backend servers
attributes like weight, max_fails etc. without the need to reload nginx.
Package: libnginx-mod-http-stream-server-traffic-status
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends},
libnginx-mod-stream-server-traffic-status (= ${binary:Version}),
Description: stream server traffic status core module for Nginx
STS module provides access to stream server traffic status information.
It provides support for implementing stream server stats, filters,
limits and embedded variables.
.
This package provides core module necessary to run STS.
Package: libnginx-mod-stream-server-traffic-status
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends},
libnginx-mod-http-stream-server-traffic-status (= ${binary:Version}),
Description: stream server traffic status module for Nginx
STS module provides access to stream server traffic status information.
It provides support for implementing display and control of stream
server stats and
.
This package provides second module necessary to run STS.
#!/usr/bin/perl -w
use File::Basename;
# Guess module name
$module = basename($0, '.nginx');
$module =~ s/^libnginx-mod-//;
$modulepath = $module;
$modulepath =~ s/-/_/g;
print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n";
print "mod debian/libnginx-mod.conf/mod-${module}.conf\n";
#!/usr/bin/perl -w
use File::Basename;
# Guess module name
$module = basename($0, '.nginx');
$module =~ s/^libnginx-mod-//;
$modulepath = $module;
$modulepath =~ s/-/_/g;
print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n";
print "mod debian/libnginx-mod.conf/mod-${module}.conf\n";
#!/usr/bin/perl -w
use File::Basename;
# Guess module name
$module = basename($0, '.nginx');
$module =~ s/^libnginx-mod-//;
$modulepath = $module;
$modulepath =~ s/-/_/g;
print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n";
print "mod debian/libnginx-mod.conf/mod-${module}.conf\n";
#!/usr/bin/perl -w
use File::Basename;
# Guess module name
$module = basename($0, '.nginx');
$module =~ s/^libnginx-mod-//;
$modulepath = $module;
$modulepath =~ s/-/_/g;
print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n";
print "mod debian/libnginx-mod.conf/mod-${module}.conf\n";
load_module modules/ngx_http_auth_ldap_module.so;
load_module modules/ngx_http_geoip_module.so;
load_module modules/ngx_http_geoip2_module.so;
load_module modules/ngx_stream_server_traffic_status_module.so;
load_module modules/ngx_http_upsync_module.so;
load_module modules/ngx_http_vhost_traffic_status_module.so;
load_module modules/ngx_http_stream_server_traffic_status_module.so;
load_module modules/ngx_stream_module.so;
......@@ -5,7 +5,7 @@ Files-Excluded: .gitignore .gitattributes .travis.yml
Module: http-ndk
Homepage: https://github.com/simpl/ngx_devel_kit/
Version: 0.3.0
Version: 0.3.1
Module: http-auth-pam
Homepage: https://github.com/stogh/ngx_http_auth_pam_module
......@@ -18,7 +18,7 @@ Files-Excluded: .gitignore .gitattributes .travis.yml
Module: http-lua
Homepage: https://github.com/openresty/lua-nginx-module
Version: 0.10.14
Version: 0.10.15
Patch:
openssl-1.1.0.patch
discover-luajit-2.1.patch
......@@ -34,7 +34,7 @@ Patch:
Module: nchan
Homepage: https://github.com/slact/nchan
Version: 1.2.5
Version: 1.2.6
Files-Excluded: dev nchan_logo.png NchanSubscriber.js
Module: http-uploadprogress
......@@ -43,11 +43,8 @@ Files-Excluded: test
Version: 0.9.2
Module: http-cache-purge
Homepage: https://github.com/FRiCKLE/ngx_cache_purge/
Version: 2.3
Patch:
dynamic-module.patch
segfault-1.11.6.patch
Homepage: https://github.com/nginx-modules/ngx_cache_purge
Version: 2.5
Module: http-dav-ext
Homepage: https://github.com/arut/nginx-dav-ext-module
......@@ -68,3 +65,31 @@ Homepage: https://github.com/arut/nginx-rtmp-module
Files-Excluded: test
Version: 1.2.1
Module: http-upsync
Homepage: https://github.com/weibocom/nginx-upsync-module
Version: v2.1.0
Module: http-vhost-traffic-status
Homepage: https://github.com/vozlt/nginx-module-vts
Version: 0.1.18
Module: http-auth-ldap
Homepage: https://github.com/kvspb/nginx-auth-ldap
Version: master
Module: http-upstream-check
Homepage: https://github.com/xiaokai-wang/nginx_upstream_check_module
Version: 219131a
Module: http-geoip2
Homepage: https://github.com/leev/ngx_http_geoip2_module
Version: 3.2
Module: stream-server-traffic-status
Homepage: https://github.com/vozlt/nginx-module-stream-sts
Version: v0.1.1
Module: http-stream-server-traffic-status
Homepage: https://github.com/vozlt/nginx-module-sts
Version: v0.1.1
/**
* Copyright (C) 2011-2013 Valery Komarov <komarov@valerka.net>
* Copyright (C) 2013 Jiri Hruska <jirka@fud.cz>
* Copyright (C) 2015-2016 Victor Hahn Castell <victor.hahn@flexoptix.net>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
# LDAP Authentication module for nginx
LDAP module for nginx which supports authentication against multiple LDAP servers.
# How to install
## FreeBSD
```bash
cd /usr/ports/www/nginx && make config install clean
```
Check HTTP_AUTH_LDAP options
```
[*] HTTP_AUTH_LDAP 3rd party http_auth_ldap module
```
## Linux
```bash
cd ~ && git clone https://github.com/kvspb/nginx-auth-ldap.git
```
in nginx source folder
```bash
./configure --add-module=path_to_http_auth_ldap_module
make install
```
# Example configuration
Define list of your LDAP servers with required user/group requirements:
```bash
http {
ldap_server test1 {
url ldap://192.168.0.1:3268/DC=test,DC=local?sAMAccountName?sub?(objectClass=person);
binddn "TEST\\LDAPUSER";
binddn_passwd LDAPPASSWORD;
group_attribute uniquemember;
group_attribute_is_dn on;
require valid_user;
}
ldap_server test2 {
url ldap://192.168.0.2:3268/DC=test,DC=local?sAMAccountName?sub?(objectClass=person);
binddn "TEST\\LDAPUSER";
binddn_passwd LDAPPASSWORD;
group_attribute uniquemember;
group_attribute_is_dn on;
require valid_user;
}
}
```
And add required servers in correct order into your location/server directive:
```bash
server {
listen 8000;
server_name localhost;
auth_ldap "Forbidden";
auth_ldap_servers test1;
auth_ldap_servers test2;
location / {
root html;
index index.html index.htm;
}
}
```
# Available config parameters
## url
expected value: string
Available URL schemes: ldap://, ldaps://
## binddn
expected value: string
## binddn_passwd
expected value: string
## group_attribute
expected value: string
## group_attribute_is_dn
expected value: on or off, default off
## require
expected value: valid_user, user, group
## satisfy
expected value: all, any
## max_down_retries_count
expected value: a number, default 0
Retry count for attempting to reconnect to an LDAP server if it is considered
"DOWN". This may happen if a KEEP-ALIVE connection to an LDAP server times
out or is terminated by the server end after some amount of time.
This can usually help with the following error:
```
http_auth_ldap: ldap_result() failed (-1: Can't contact LDAP server)
```
## connections
expected value: a number greater than 0
## ssl_check_cert
expected value: on or off, default off
Verify the remote certificate for LDAPs connections. If disabled, any remote certificate will be
accepted which exposes you to possible man-in-the-middle attacks. Note that the server's
certificate will need to be signed by a proper CA trusted by your system if this is enabled.
See below how to trust CAs without installing them system-wide.
This options needs OpenSSL >= 1.0.2; it is unavailable if compiled with older versions.
## ssl_ca_file
expected value: file path
Trust the CA certificate in this file (see ssl_check_cert above).
## ssl_ca_dir
expected value: directory path
Trust all CA certificates in this directory (see ssl_check_cert above).
Note that you need to provide hash-based symlinks in the directory for this to work;
you'll basically need to run OpenSSL's c_rehash command in this directory.
## referral
expected value: on, off
LDAP library default is on. This option disables usage of referral messages from
LDAP server. Usefull for authenticating against read only AD server without access
to read write.
ngx_addon_name=ngx_http_auth_ldap_module
LDAP_REQUIRED_LIBS="-lldap"
case "$NGX_PLATFORM" in
Darwin:*|FreeBSD:*|Linux:*|SunOS:*)
LDAP_REQUIRED_LIBS="$LDAP_REQUIRED_LIBS -llber"
;;
esac
if test -n "$ngx_module_link"; then
ngx_module_type=HTTP
ngx_module_name=ngx_http_auth_ldap_module
ngx_module_incs=
ngx_module_deps=
ngx_module_srcs="$ngx_addon_dir/ngx_http_auth_ldap_module.c"
ngx_module_libs="$LDAP_REQUIRED_LIBS"
. auto/module
else
HTTP_MODULES="$HTTP_MODULES ngx_http_auth_ldap_module"
NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_auth_ldap_module.c"
CORE_LIBS="$CORE_LIBS $LDAP_REQUIRED_LIBS"
fi
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# define ldap server
ldap_server ad_1 {
# user search base.
url "ldap://<YOUR LDAP SERVER>:3268/OU=Offices,DC=company,DC=com?sAMAccountName?sub?(objectClass=person)";
# bind as
binddn "CN=Operator,OU=Service Accounts,DC=company,DC=com";
# bind pw
binddn_passwd <PUT Operator's PASSWORD HERE>;
# group attribute name which contains member object
group_attribute member;
# search for full DN in member object
group_attribute_is_dn on;
# matching algorithm (any / all)
satisfy any;
# list of allowed groups
require group "CN=Admins,OU=My Security Groups,DC=company,DC=com";
require group "CN=New York Users,OU=My Security Groups,DC=company,DC=com";
# list of allowed users
# require 'valid_user' cannot be used together with 'user' as valid user is a superset
# require valid_user;
require user "CN=Batman,OU=Users,OU=New York Office,OU=Offices,DC=company,DC=com";
require user "CN=Robocop,OU=Users,OU=New York Office,OU=Offices,DC=company,DC=com";
}
}
server {
listen 8081;
server_name localhost;
location / {
# adding ldap authentication
auth_ldap "Closed content";
auth_ldap_servers ad_1;
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
This diff is collapsed.
# astylerc
align-pointer=name
align-reference=name
break-after-logical
#indent=spaces=2
max-code-length=120
style=google
suffix=none
# Indent
indent-preproc-block
# Padding
pad-header
unpad-paren
# Formatting:
add-brackets
#convert-tabs
# Output:
formatted
\ No newline at end of file
#!/bin/sh
# Search in the script folder
pushd "$(dirname $0)" >/dev/null
CWD="$(pwd -P)"
popd >/dev/null
FILES='ngx_cache_purge_module.c'
# The file format in accordance with the style defined in .astylerc
astyle -v --options='.astylerc' ${FILES} || (echo 'astyle failed'; exit 1);
# To correct this, the issuance dos2unix on each file
# sometimes adds in Windows as a string-endins (\r\n).
dos2unix --quiet ${FILES} || (echo 'dos2unix failed'; exit 2);
\ No newline at end of file
*.t linguist-language=Text
\ No newline at end of file
sudo: required
os: linux
dist: trusty
language: c
compiler:
- gcc
- clang
cache:
apt: true
directories:
- download-cache
env:
global:
- JOBS=4
- NGINX_PREFIX=/opt/nginx
matrix:
- NGINX_VERSION=1.14.0
- NGINX_VERSION=1.15.2
before_install:
- mkdir --parents download-cache
- sudo apt-get update -qq
- sudo apt-get install -qq zlib1g-dev libpcre3-dev cpanminus
# Get OpenSSL 1.0.2 from Ubuntu Xenial
# https://packages.ubuntu.com/xenial-updates/libssl1.0.0
- test -f download-cache/libssl1.0.0_1.0.2g-1ubuntu4.13_amd64.deb || wget -O download-cache/libssl1.0.0_1.0.2g-1ubuntu4.13_amd64.deb "http://de.archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.0.0_1.0.2g-1ubuntu4.13_amd64.deb"
# https://packages.ubuntu.com/xenial/libssl-dev
- test -f download-cache/libssl-dev_1.0.2g-1ubuntu4.13_amd64.deb || wget -O download-cache/libssl-dev_1.0.2g-1ubuntu4.13_amd64.deb "http://de.archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_1.0.2g-1ubuntu4.13_amd64.deb"
- sudo dpkg -i download-cache/libssl*_amd64.deb
# Test::Nginx
- git clone https://github.com/openresty/test-nginx.git test-nginx
- cd test-nginx/ && sudo cpanm . && cd ..
# NGINX source
- test -f download-cache/nginx-$NGINX_VERSION.tar.gz || wget -O download-cache/nginx-$NGINX_VERSION.tar.gz http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz
install:
- tar -xzf download-cache/nginx-${NGINX_VERSION}.tar.gz
- cd nginx-${NGINX_VERSION}/
- ./configure --prefix=${NGINX_PREFIX} --with-debug --with-http_ssl_module --add-module=${PWD}/..
- make -j${JOBS}
- sudo make install
- cd ..
- export PATH="${NGINX_PREFIX}/sbin:$PATH"
# - export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}
script:
- nginx -V
- ldd $(which nginx)
- prove t
2018-08-04 VERSION 2.5
* feat/docs: cache_purge_response_type directive, selecting response type (html|json|xml|text)
* break: changed status of HTTP code 404 (Not Found) to 412 (Precondition Failed)
* fix: remove path information of response body (#4, 3a8c08a, #11)
2017-02-21 VERSION 2.4.1
* Fix compatibility with nginx-1.11.6+, Sułowicz Paweł
2016-11-20 VERSION 2.4
* Fix compatibility with nginx-1.7.12+.
* explain the purge logic
* feat(purge all): Include option to purge all the cached files
This option can be slow if a lot of content is cached, or if the
storage used for the cache is slow. But you really should be using
RAM as your cache storage.
* feat(partial keys): Support partial keys to purge multiple keys.
Put an '*' at the end of your purge cache URL.
e.g:
proxy_cache_key $scheme$host$uri$is_args$args$cookie_JSESSIONID;
curl -X PURGE https://example.com/pass*
This will remove every cached page whose key cache starting with:
httpsexample.com/pass*
Be careful not passing any value for the values after the $uri, or put
it at the end of your cache key.
* Convert a config file to build a dynamic module
2014-12-23 VERSION 2.3
* Fix compatibility with nginx-1.7.9+.
......
About
=====
`ngx_cache_purge` is `nginx` module which adds ability to purge content from
`FastCGI`, `proxy`, `SCGI` and `uWSGI` caches.
`FastCGI`, `proxy`, `SCGI` and `uWSGI` caches. A purge operation removes the
content with the same cache key as the purge request has.
Sponsors
......@@ -18,7 +19,7 @@ Configuration directives (same location syntax)
===============================================
fastcgi_cache_purge
-------------------
* **syntax**: `fastcgi_cache_purge on|off|<method> [from all|<ip> [.. <ip>]]`
* **syntax**: `fastcgi_cache_purge on|off|<method> [purge_all] [from all|<ip> [.. <ip>]]`
* **default**: `none`
* **context**: `http`, `server`, `location`
......@@ -27,7 +28,7 @@ Allow purging of selected pages from `FastCGI`'s cache.
proxy_cache_purge
-----------------
* **syntax**: `proxy_cache_purge on|off|<method> [from all|<ip> [.. <ip>]]`
* **syntax**: `proxy_cache_purge on|off|<method> [purge_all] [from all|<ip> [.. <ip>]]`
* **default**: `none`
* **context**: `http`, `server`, `location`
......@@ -36,7 +37,7 @@ Allow purging of selected pages from `proxy`'s cache.
scgi_cache_purge
----------------
* **syntax**: `scgi_cache_purge on|off|<method> [from all|<ip> [.. <ip>]]`
* **syntax**: `scgi_cache_purge on|off|<method> [purge_all] [from all|<ip> [.. <ip>]]`
* **default**: `none`
* **context**: `http`, `server`, `location`
......@@ -45,7 +46,7 @@ Allow purging of selected pages from `SCGI`'s cache.
uwsgi_cache_purge
-----------------
* **syntax**: `uwsgi_cache_purge on|off|<method> [from all|<ip> [.. <ip>]]`
* **syntax**: `uwsgi_cache_purge on|off|<method> [purge_all] [from all|<ip> [.. <ip>]]`
* **default**: `none`
* **context**: `http`, `server`, `location`
......@@ -89,6 +90,29 @@ uwsgi_cache_purge
Sets area and key used for purging selected pages from `uWSGI`'s cache.
Configuration directives (Optional)
===================================================
cache_purge_response_type
-----------------
* **syntax**: `cache_purge_response_type html|json|xml|text`
* **default**: `html`
* **context**: `http`, `server`, `location`
Sets a response type of purging result.
Partial Keys
============
Sometimes it's not possible to pass the exact key cache to purge a page. For example; when the content of a cookie or the params are part of the key.
You can specify a partial key adding an asterisk at the end of the URL.
curl -X PURGE /page*
The asterisk must be the last character of the key, so you **must** put the $uri variable at the end.
Sample configuration (same location syntax)
===========================================
......@@ -106,6 +130,22 @@ Sample configuration (same location syntax)
}
Sample configuration (same location syntax - purge all cached files)
====================================================================
http {
proxy_cache_path /tmp/cache keys_zone=tmpcache:10m;
server {
location / {
proxy_pass http://127.0.0.1:8000;
proxy_cache tmpcache;
proxy_cache_key $uri$is_args$args;
proxy_cache_purge PURGE purge_all from 127.0.0.1;
}
}
}
Sample configuration (separate location syntax)
===============================================
http {
......@@ -126,6 +166,61 @@ Sample configuration (separate location syntax)
}
}
Sample configuration (Optional)
===============================================
http {
proxy_cache_path /tmp/cache keys_zone=tmpcache:10m;
cache_purge_response_type text;
server {
cache_purge_response_type json;
location / { #json
proxy_pass http://127.0.0.1:8000;
proxy_cache tmpcache;
proxy_cache_key $uri$is_args$args;
}
location ~ /purge(/.*) { #xml
allow 127.0.0.1;
deny all;
proxy_cache_purge tmpcache $1$is_args$args;
cache_purge_response_type xml;
}
location ~ /purge2(/.*) { # json
allow 127.0.0.1;
deny all;
proxy_cache_purge tmpcache $1$is_args$args;
}
}
server {
location / { #text
proxy_pass http://127.0.0.1:8000;
proxy_cache tmpcache;
proxy_cache_key $uri$is_args$args;
}
location ~ /purge(/.*) { #text
allow 127.0.0.1;
deny all;
proxy_cache_purge tmpcache $1$is_args$args;
}
location ~ /purge2(/.*) { #html
allow 127.0.0.1;
deny all;
proxy_cache_purge tmpcache $1$is_args$args;
cache_purge_response_type html;
}
}
}
Testing
=======
......
Features that __will not__ be added to `ngx_cache_purge`:
* Support for prefixed purges (`/purge/images/*`).
Reason: Impossible with current cache implementation.
* Support for wildcard/regex purges (`/purge/*.jpg`).
Reason: Impossible with current cache implementation.
......@@ -15,7 +15,17 @@ if [ "$HTTP_UWSGI" = "YES" ]; then
fi
ngx_addon_name=ngx_http_cache_purge_module
HTTP_MODULES="$HTTP_MODULES ngx_http_cache_purge_module"
NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_cache_purge_module.c"
CACHE_PURGE_SRCS="$ngx_addon_dir/ngx_cache_purge_module.c"
if [ -n "$ngx_module_link" ]; then
ngx_module_type=HTTP
ngx_module_name="$ngx_addon_name"
ngx_module_srcs="$CACHE_PURGE_SRCS"
. auto/module
else
HTTP_MODULES="$HTTP_MODULES $ngx_addon_name"
NGX_ADDON_SRCS="$NGX_ADDON_SRCS $CACHE_PURGE_SRCS"
fi
have=NGX_CACHE_PURGE_MODULE . auto/have
......@@ -92,10 +92,10 @@ qr/\[(warn|error|crit|alert|emerg)\]/
--- config eval: $::config
--- request
PURGE /purge/proxy/passwd
--- error_code: 404
--- error_code: 412
--- response_headers
Content-Type: text/html
--- response_body_like: 404 Not Found
--- response_body_like: 412 Precondition Failed
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
......
......@@ -94,10 +94,10 @@ qr/\[(warn|error|crit|alert|emerg)\]/
--- config eval: $::config
--- request
PURGE /purge/proxy/passwd
--- error_code: 404
--- error_code: 412
--- response_headers
Content-Type: text/html
--- response_body_like: 404 Not Found
--- response_body_like: 412 Precondition Failed
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
......
......@@ -124,10 +124,10 @@ qr/\[(warn|error|crit|alert|emerg)\]/
--- config eval: $::config
--- request
PURGE /proxy/passwd
--- error_code: 404
--- error_code: 412
--- response_headers
Content-Type: text/html
--- response_body_like: 404 Not Found
--- response_body_like: 412 Precondition Failed
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
......@@ -190,10 +190,10 @@ qr/\[(warn|error|crit|alert|emerg)\]/
--- config eval: $::config_allowed
--- request
PURGE /proxy/passwd
--- error_code: 404
--- error_code: 412
--- response_headers
Content-Type: text/html
--- response_body_like: 404 Not Found
--- response_body_like: 412 Precondition Failed
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
......
......@@ -127,10 +127,10 @@ qr/\[(warn|error|crit|alert|emerg)\]/
--- config eval: $::config
--- request
PURGE /proxy/passwd
--- error_code: 404
--- error_code: 412
--- response_headers
Content-Type: text/html
--- response_body_like: 404 Not Found
--- response_body_like: 412 Precondition Failed
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
......@@ -193,10 +193,10 @@ qr/\[(warn|error|crit|alert|emerg)\]/
--- config eval: $::config_allowed
--- request
PURGE /proxy/passwd
--- error_code: 404
--- error_code: 412
--- response_headers
Content-Type: text/html
--- response_body_like: 404 Not Found
--- response_body_like: 412 Precondition Failed
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
......
# vi:filetype=perl
use lib 'lib';
use Test::Nginx::Socket;
repeat_each(1);
plan tests => 32;
our $http_config = <<'_EOC_';
proxy_cache_path /tmp/ngx_cache_purge_cache keys_zone=test_cache:10m;
proxy_temp_path /tmp/ngx_cache_purge_temp 1 2;
_EOC_
our $config = <<'_EOC_';
location /proxy {
proxy_pass $scheme://127.0.0.1:$server_port/etc/passwd;
proxy_cache test_cache;
proxy_cache_key $uri$is_args$args;
proxy_cache_valid 3m;
add_header X-Cache-Status $upstream_cache_status;
proxy_cache_purge PURGE purge_all from 1.0.0.0/8 127.0.0.0/8 3.0.0.0/8;
}
location = /etc/passwd {
root /;
}
_EOC_
worker_connections(128);
no_shuffle();
run_tests();
no_diff();
__DATA__
=== TEST 1: prepare passwd
--- http_config eval: $::http_config
--- config eval: $::config
--- request
GET /proxy/passwd
--- error_code: 200
--- response_headers
Content-Type: text/plain
--- response_body_like: root
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
=== TEST 2: prepare shadow
--- http_config eval: $::http_config
--- config eval: $::config
--- request
GET /proxy/shadow
--- error_code: 200
--- response_headers
Content-Type: text/plain
--- response_body_like: root
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
=== TEST 3: get from cache passwd
--- http_config eval: $::http_config
--- config eval: $::config
--- request
GET /proxy/passwd
--- error_code: 200
--- response_headers
Content-Type: text/plain
X-Cache-Status: HIT
--- response_body_like: root
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
=== TEST 4: get from cache shadow
--- http_config eval: $::http_config
--- config eval: $::config
--- request
GET /proxy/shadow
--- error_code: 200
--- response_headers
Content-Type: text/plain
X-Cache-Status: HIT
--- response_body_like: root
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
=== TEST 5: purge from cache
--- http_config eval: $::http_config
--- config eval: $::config
--- request
PURGE /proxy/any
--- error_code: 200
--- response_headers
Content-Type: text/html
--- response_body_like: Successful purge
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
=== TEST 6: get from empty cache passwd
--- http_config eval: $::http_config
--- config eval: $::config
--- request
GET /proxy/passwd
--- error_code: 200
--- response_headers
Content-Type: text/plain
X-Cache-Status: MISS
--- response_body_like: root
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
=== TEST 7: get from empty cache shadow
--- http_config eval: $::http_config
--- config eval: $::config
--- request
GET /proxy/shadow
--- error_code: 200
--- response_headers
Content-Type: text/plain
X-Cache-Status: MISS
--- response_body_like: root
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
# vi:filetype=perl
use lib 'lib';
use Test::Nginx::Socket;
repeat_each(1);
plan tests => 41;
our $http_config = <<'_EOC_';
proxy_cache_path /tmp/ngx_cache_purge_cache keys_zone=test_cache:10m;
proxy_temp_path /tmp/ngx_cache_purge_temp 1 2;
_EOC_
our $config = <<'_EOC_';
location /proxy {
proxy_pass $scheme://127.0.0.1:$server_port/etc/passwd;
proxy_cache test_cache;
proxy_cache_key $uri$is_args$args;
proxy_cache_valid 3m;
add_header X-Cache-Status $upstream_cache_status;
proxy_cache_purge PURGE from 1.0.0.0/8 127.0.0.0/8 3.0.0.0/8;
}
location = /etc/passwd {
root /;
}
_EOC_
worker_connections(128);
no_shuffle();
run_tests();
no_diff();
__DATA__
=== TEST 1: prepare passwd
--- http_config eval: $::http_config
--- config eval: $::config
--- request
GET /proxy/passwd
--- error_code: 200
--- response_headers
Content-Type: text/plain
--- response_body_like: root
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
=== TEST 2: prepare passwd2
--- http_config eval: $::http_config
--- config eval: $::config
--- request
GET /proxy/passwd2
--- error_code: 200
--- response_headers
Content-Type: text/plain
--- response_body_like: root
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
=== TEST 3: prepare shadow
--- http_config eval: $::http_config
--- config eval: $::config
--- request
GET /proxy/shadow
--- error_code: 200
--- response_headers
Content-Type: text/plain
--- response_body_like: root
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
=== TEST 4: get from cache passwd
--- http_config eval: $::http_config
--- config eval: $::config
--- request
GET /proxy/passwd
--- error_code: 200
--- response_headers
Content-Type: text/plain
X-Cache-Status: HIT
--- response_body_like: root
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
=== TEST 5: get from cache passwd2
--- http_config eval: $::http_config
--- config eval: $::config
--- request
GET /proxy/passwd2
--- error_code: 200
--- response_headers
Content-Type: text/plain
X-Cache-Status: HIT
--- response_body_like: root
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
=== TEST 6: purge from cache
--- http_config eval: $::http_config
--- config eval: $::config
--- request
PURGE /proxy/pass*
--- error_code: 200
--- response_headers
Content-Type: text/html
--- response_body_like: Successful purge
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
=== TEST 7: get from empty cache passwd
--- http_config eval: $::http_config
--- config eval: $::config
--- request
GET /proxy/passwd
--- error_code: 200
--- response_headers
Content-Type: text/plain
X-Cache-Status: MISS
--- response_body_like: root
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
=== TEST 8: get from empty cache passwd2
--- http_config eval: $::http_config
--- config eval: $::config
--- request
GET /proxy/passwd2
--- error_code: 200
--- response_headers
Content-Type: text/plain
X-Cache-Status: MISS
--- response_body_like: root
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
=== TEST 9: get from cache shadow
--- http_config eval: $::http_config
--- config eval: $::config
--- request
GET /proxy/shadow
--- error_code: 200
--- response_headers
Content-Type: text/plain
X-Cache-Status: HIT
--- response_body_like: root
--- timeout: 10
--- no_error_log eval
qr/\[(warn|error|crit|alert|emerg)\]/
This diff is collapsed.
Copyright (c) 2014, Lee Valentine <lee@leev.net>
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this
list of conditions and the following disclaimer in the documentation and/or
other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Description
===========
**ngx_http_geoip2_module** - creates variables with values from the maxmind geoip2 databases based on the client IP (default) or from a specific variable (supports both IPv4 and IPv6)
The module now supports nginx streams and can be used in the same way the http module can be used.
## Installing
First install [libmaxminddb](https://github.com/maxmind/libmaxminddb) as described in its [README.md
file](https://github.com/maxmind/libmaxminddb/blob/master/README.md#installing-from-a-tarball).
#### Download nginx source
```
wget http://nginx.org/download/nginx-VERSION.tar.gz
tar zxvf nginx-VERSION.tar.gz
cd nginx-VERSION
```
##### To build as a dynamic module (nginx 1.9.11+):
```
./configure --add-dynamic-module=/path/to/ngx_http_geoip2_module
make
make install
```
This will produce ```objs/ngx_http_geoip2_module.so```. It can be copied to your nginx module path manually if you wish.
Add the following line to your nginx.conf:
```
load_module modules/ngx_http_geoip2_module.so;
```
##### To build as a static module:
```
./configure --add-module=/path/to/ngx_http_geoip2_module
make
make install
```
## Download Maxmind GeoLite2 Database (optional)
The free GeoLite2 databases are available from [Maxminds website](http://dev.maxmind.com/geoip/geoip2/geolite2/)
[GeoLite2 City](http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz)
[GeoLite2 Country](http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.mmdb.gz)
## Example Usage:
```
http {
...
geoip2 /etc/maxmind-country.mmdb {
auto_reload 5m;
$geoip2_metadata_country_build metadata build_epoch;