Skip to content

Instantly share code, notes, and snippets.

@latuminggi

latuminggi/COMPILE NGINX 1.20.1 RHEL (CentOS?) 6

Last active July 23, 2021 14:34
Show Gist options
  • Save latuminggi/15413a5f5d7cb88a243df0d034845ed2 to your computer and use it in GitHub Desktop.
Save latuminggi/15413a5f5d7cb88a243df0d034845ed2 to your computer and use it in GitHub Desktop.
Download ZIP
COMPILE NGINX 1.20.1 RHEL/(CentOS?) 6
Raw
COMPILE NGINX 1.20.1 RHEL (CentOS?) 6
### COMPILE NGINX 1.20.1 RHEL/(CentOS?) 6 ###
# installing dependencies
yum install git yum-utils gcc gcc-c++ pcre-devel zlib-devel make unzip libuuid-devel \
openssl-devel libxml2-devel libxslt-devel libgcrypt-devel libgpg-error-devel \
pcre pcre-devel geoip-devel cpp gd-devel
# install glibc
wget https://copr-be.cloud.fedoraproject.org/results/mosquito/myrepo-el6/epel-6-x86_64/glibc-2.17-55.fc20/glibc-common-2.17-55.el6.x86_64.rpm \
https://copr-be.cloud.fedoraproject.org/results/mosquito/myrepo-el6/epel-6-x86_64/glibc-2.17-55.fc20/glibc-headers-2.17-55.el6.x86_64.rpm \
https://copr-be.cloud.fedoraproject.org/results/mosquito/myrepo-el6/epel-6-x86_64/glibc-2.17-55.fc20/glibc-devel-2.17-55.el6.x86_64.rpm \
https://copr-be.cloud.fedoraproject.org/results/mosquito/myrepo-el6/epel-6-x86_64/glibc-2.17-55.fc20/nscd-2.17-55.el6.x86_64.rpm \
https://copr-be.cloud.fedoraproject.org/results/mosquito/myrepo-el6/epel-6-x86_64/glibc-2.17-55.fc20/glibc-2.17-55.el6.x86_64.rpm && \
rpm -Uvh glibc-common-2.17-55.el6.x86_64.rpm glibc-headers-2.17-55.el6.x86_64.rpm \
glibc-devel-2.17-55.el6.x86_64.rpm nscd-2.17-55.el6.x86_64.rpm glibc-2.17-55.el6.x86_64.rpm
# install gcc
wget https://copr-be.cloud.fedoraproject.org/results/mosquito/myrepo-el6/epel-6-x86_64/binutils-2.23.52.0.1-17.fc20/binutils-2.23.52.0.1-17.el6.x86_64.rpm \
https://copr-be.cloud.fedoraproject.org/results/mosquito/myrepo-el6/epel-6-x86_64/gcc-4.8.2-16.3.fc20/cpp-4.8.2-16.3.el6.x86_64.rpm \
https://copr-be.cloud.fedoraproject.org/results/mosquito/myrepo-el6/epel-6-x86_64/gcc-4.8.2-16.3.fc20/libgomp-4.8.2-16.3.el6.x86_64.rpm \
https://copr-be.cloud.fedoraproject.org/results/mosquito/myrepo-el6/epel-6-x86_64/gcc-4.8.2-16.3.fc20/libstdc++-4.8.2-16.3.el6.x86_64.rpm \
https://copr-be.cloud.fedoraproject.org/results/mosquito/myrepo-el6/epel-6-x86_64/gcc-4.8.2-16.3.fc20/libstdc++-devel-4.8.2-16.3.el6.x86_64.rpm \
https://copr-be.cloud.fedoraproject.org/results/mosquito/myrepo-el6/epel-6-x86_64/gcc-4.8.2-16.3.fc20/libgcc-4.8.2-16.3.el6.x86_64.rpm \
https://copr-be.cloud.fedoraproject.org/results/mosquito/myrepo-el6/epel-6-x86_64/gcc-4.8.2-16.3.fc20/gcc-4.8.2-16.3.el6.x86_64.rpm \
https://copr-be.cloud.fedoraproject.org/results/mosquito/myrepo-el6/epel-6-x86_64/gcc-4.8.2-16.3.fc20/gcc-c++-4.8.2-16.3.el6.x86_64.rpm && \
rpm -Uvh binutils-2.23.52.0.1-17.el6.x86_64.rpm cpp-4.8.2-16.3.el6.x86_64.rpm \
libgomp-4.8.2-16.3.el6.x86_64.rpm libstdc++-4.8.2-16.3.el6.x86_64.rpm libstdc++-devel-4.8.2-16.3.el6.x86_64.rpm \
libgcc-4.8.2-16.3.el6.x86_64.rpm gcc-4.8.2-16.3.el6.x86_64.rpm gcc-c++-4.8.2-16.3.el6.x86_64.rpm
# install libxml2
wget http://ftp.iij.ad.jp/pub/linux/centos-vault/6.8/updates/x86_64/Packages/libxml2-2.7.6-21.el6_8.1.x86_64.rpm \
http://ftp.iij.ad.jp/pub/linux/centos-vault/6.8/updates/x86_64/Packages/libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm \
http://ftp.iij.ad.jp/pub/linux/centos-vault/6.7/os/x86_64/Packages/zlib-devel-1.2.3-29.el6.x86_64.rpm && \
rpm -i zlib-devel-1.2.3-29.el6.x86_64.rpm libxml2-2.7.6-21.el6_8.1.x86_64.rpm libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
# install libxslt
wget http://ftp.iij.ad.jp/pub/linux/centos-vault/6.7/os/x86_64/Packages/libgpg-error-devel-1.7-4.el6.x86_64.rpm \
http://ftp.iij.ad.jp/pub/linux/centos-vault/6.8/updates/x86_64/Packages/libgcrypt-devel-1.4.5-12.el6_8.x86_64.rpm \
http://ftp.iij.ad.jp/pub/linux/centos-vault/6.7/os/x86_64/Packages/libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm && \
rpm -i libgpg-error-devel-1.7-4.el6.x86_64.rpm libgcrypt-devel-1.4.5-12.el6_8.x86_64.rpm libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm
# install geo ip
wget https://autoinstall.plesk.com/PSA17/thirdparty-rpm-CentOS-6-x86_64/GeoIP-devel-1.6.5-1.el6.x86_64.rpm && \
rpm -i GeoIP-devel-1.6.5-1.el6.x86_64.rpm
# install libgd
wget http://bay.uchicago.edu/centos-vault/6.8/os/x86_64/Packages/fontconfig-devel-2.8.0-5.el6.x86_64.rpm \
http://ftp.jaist.ac.jp/pub/Linux/CentOS-vault/6.7/updates/x86_64/Packages/libpng-devel-1.2.49-2.el6_7.x86_64.rpm \
http://ftp.iij.ad.jp/pub/linux/centos-vault/6.7/os/x86_64/Packages/libjpeg-turbo-1.2.1-3.el6_5.x86_64.rpm \
http://ftp.iij.ad.jp/pub/linux/centos-vault/6.7/os/x86_64/Packages/libjpeg-turbo-devel-1.2.1-3.el6_5.x86_64.rpm \
https://archives.fedoraproject.org/pub/archive/epel/6/x86_64/Packages/l/libwebp-devel-0.4.3-3.el6.x86_64.rpm \
http://ftp.iij.ad.jp/pub/linux/centos-vault/6.8/updates/x86_64/Packages/libtiff-devel-3.9.4-21.el6_8.x86_64.rpm && \
rpm -Uh --force --nodeps \
fontconfig-devel-2.8.0-5.el6.x86_64.rpm \
libpng-devel-1.2.49-2.el6_7.x86_64.rpm \
libjpeg-turbo-1.2.1-3.el6_5.x86_64.rpm \
libjpeg-turbo-devel-1.2.1-3.el6_5.x86_64.rpm \
libwebp-devel-0.4.3-3.el6.x86_64.rpm \
libtiff-devel-3.9.4-21.el6_8.x86_64.rpm
wget http://bay.uchicago.edu/centos-vault/6.8/os/x86_64/Packages/libXau-devel-1.0.6-4.el6.x86_64.rpm \
http://bay.uchicago.edu/centos-vault/6.8/os/x86_64/Packages/libxcb-1.11-2.el6.x86_64.rpm \
http://bay.uchicago.edu/centos-vault/6.8/os/x86_64/Packages/libxcb-devel-1.11-2.el6.x86_64.rpm \
http://bay.uchicago.edu/centos-vault/6.8/os/x86_64/Packages/libX11-common-1.6.3-2.el6.noarch.rpm \
http://bay.uchicago.edu/centos-vault/6.8/os/x86_64/Packages/libX11-1.6.3-2.el6.x86_64.rpm \
http://bay.uchicago.edu/centos-vault/6.8/os/x86_64/Packages/libX11-devel-1.6.3-2.el6.x86_64.rpm \
http://bay.uchicago.edu/centos-vault/6.8/os/x86_64/Packages/xorg-x11-proto-devel-7.7-13.el6.noarch.rpm && \
rpm -Uh --force --nodeps \
libXau-devel-1.0.6-4.el6.x86_64.rpm \
libxcb-1.11-2.el6.x86_64.rpm \
libxcb-devel-1.11-2.el6.x86_64.rpm \
libX11-common-1.6.3-2.el6.noarch.rpm \
libX11-1.6.3-2.el6.x86_64.rpm \
libX11-devel-1.6.3-2.el6.x86_64.rpm \
xorg-x11-proto-devel-7.7-13.el6.noarch
wget https://www.x.org/releases/individual/lib/libXpm-3.5.10.tar.gz && \
tar xvf libXpm-3.5.10.tar.gz && \
cd libXpm-3.5.10 && \
./configure
make -j$(nproc)
make install
wget https://github.com/libgd/libgd/releases/download/gd-2.3.2/libgd-2.3.2.tar.gz && \
tar xvf libgd-2.3.2.tar.gz && \
cd libgd-2.3.2 && \
./configure --prefix=/usr \
--with-freetype --with-jpeg --with-png --with-xpm \
--with-webp --with-fontconfig && \
make -j$(nproc)
make install
# create nginx build directory
mkdir -p /build/nginx && \
cd /build/nginx
# install nginx rpm first
wget https://nginx.org/packages/rhel/6/x86_64/RPMS/nginx-1.18.0-2.el6.ngx.x86_64.rpm && \
rpm -i nginx-1.18.0-2.el6.ngx.x86_64.rpm
# download pcre source
# if "--with-pcre \" error, use "--with-pcre=/build/nginx/pcre-8.44 \"
wget https://ftp.pcre.org/pub/pcre/pcre-8.44.tar.gz && \
tar xvf pcre-8.44.tar.gz
# download zlib source
wget https://zlib.net/zlib-1.2.11.tar.gz && \
tar xvf zlib-1.2.11.tar.gz
# download openssl source
wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz && \
tar xvf openssl-1.1.1k.tar.gz
# download headers-more-nginx-module
git clone https://github.com/openresty/headers-more-nginx-module
# download nginx_tcp_proxy_module
wget https://gist.githubusercontent.com/latuminggi/15413a5f5d7cb88a243df0d034845ed2/raw/a49d7cc2abb7b23045fff81223ca7cb71370c776/nginx_tcp_proxy.patch && \
git clone https://github.com/yaoweibin/nginx_tcp_proxy_module && \
mkdir -p /etc/nginx/logs && \
cd nginx_tcp_proxy_module && \
patch -p1 < /build/nginx/nginx_tcp_proxy.patch
# download nginx source
cd /build/nginx && \
wget http://nginx.org/download/nginx-1.20.1.tar.gz && \
tar xvf nginx-1.20.1.tar.gz && \
cd nginx-1.20.1
# apply nginx patch
wget https://gist.githubusercontent.com/latuminggi/15413a5f5d7cb88a243df0d034845ed2/raw/a49d7cc2abb7b23045fff81223ca7cb71370c776/nginx-1.20.1.patch -O /build/nginx/nginx-1.20.1.patch && \
patch -p1 < /build/nginx/nginx-1.20.1.patch
# configure nginx source
# http://nginx.org/en/docs/configure.html
# NOTE: if you already have nginx installed before
# makesure you follow its "nginx -V" or "nginx -V 2>&1|tr ' ' '\n'" configurations
./configure \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib64/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--user=nginx \
--group=nginx \
--builddir=/build/nginx/dev/1.20.1 \
--with-poll_module \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_geoip_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-http_image_filter_module \
--http-log-path=/var/log/nginx/access.log \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_geoip_module \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-compat \
--with-pcre-jit \
--with-pcre \
--with-zlib=/build/nginx/zlib-1.2.11 \
--with-openssl=/build/nginx/openssl-1.1.1k \
--add-module=/build/nginx/headers-more-nginx-module \
--add-module=/build/nginx/nginx_tcp_proxy_module
make -j$(nproc)
make install
Raw
gzip_params
# /etc/nginx/gzip_params
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_static on;
gzip_proxied any;
#gzip_proxied expired no-cache no-store private auth;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_min_length 666;
gzip_http_version 1.1;
gzip_types "*";
#gzip_types application/xml
# application/atom+xml
# application/rss+xml
# application/rdf+xml
# application/xhtml+xml
# application/javascript
# application/x-javascript
# application/json
# application/ld+json
# application/manifest+json
# application/geo+json
# application/vnd.geo+json
# application/x-web-app-manifest+json
# application/vnd.ms-fontobject
# application/x-font-ttf
# application/x-font-woff
# application/wasm
# font/opentype
# font/eot
# font/otf
# font/ttf
# image/bmp
# image/svg+xml
# image/x-icon
# text/cache-manifest
# text/css
# text/calendar
# text/javascript
# text/plain
# text/markdown
# text/vcard
# text/vnd.rim.location.xloc
# text/vtt
# text/x-component
# text/x-cross-domain-policy
# text/xml;
Raw
nginx-1.20.1.patch
diff -Naur nginx-1.20.1.ori/src/core/ngx_log.c nginx-1.20.1/src/core/ngx_log.c
--- nginx-1.20.1.ori/src/core/ngx_log.c 2021-05-25 19:35:38.000000000 +0700
+++ nginx-1.20.1/src/core/ngx_log.c 2021-06-15 19:04:21.707199782 +0700
@@ -86,7 +86,7 @@
static const char *debug_levels[] = {
"debug_core", "debug_alloc", "debug_mutex", "debug_event",
- "debug_http", "debug_mail", "debug_stream"
+ "debug_http", "debug_mail", "debug_stream", "debug_tcp"
};
diff -Naur nginx-1.20.1.ori/src/core/ngx_log.h nginx-1.20.1/src/core/ngx_log.h
--- nginx-1.20.1.ori/src/core/ngx_log.h 2021-05-25 19:35:38.000000000 +0700
+++ nginx-1.20.1/src/core/ngx_log.h 2021-06-15 19:04:21.707199783 +0700
@@ -30,6 +30,7 @@
#define NGX_LOG_DEBUG_HTTP 0x100
#define NGX_LOG_DEBUG_MAIL 0x200
#define NGX_LOG_DEBUG_STREAM 0x400
+#define NGX_LOG_DEBUG_TCP 0x800
/*
* do not forget to update debug_levels[] in src/core/ngx_log.c
@@ -37,7 +38,7 @@
*/
#define NGX_LOG_DEBUG_FIRST NGX_LOG_DEBUG_CORE
-#define NGX_LOG_DEBUG_LAST NGX_LOG_DEBUG_STREAM
+#define NGX_LOG_DEBUG_LAST NGX_LOG_DEBUG_TCP
#define NGX_LOG_DEBUG_CONNECTION 0x80000000
#define NGX_LOG_DEBUG_ALL 0x7ffffff0
diff -Naur nginx-1.20.1.ori/src/event/ngx_event_connect.h nginx-1.20.1/src/event/ngx_event_connect.h
--- nginx-1.20.1.ori/src/event/ngx_event_connect.h 2021-05-25 19:35:38.000000000 +0700
+++ nginx-1.20.1/src/event/ngx_event_connect.h 2021-06-15 19:04:21.707199783 +0700
@@ -32,6 +32,7 @@
typedef void (*ngx_event_save_peer_session_pt)(ngx_peer_connection_t *pc,
void *data);
+#define NGX_INVALID_CHECK_INDEX (ngx_uint_t)(-1)
struct ngx_peer_connection_s {
ngx_connection_t *connection;
@@ -41,6 +42,7 @@
ngx_str_t *name;
ngx_uint_t tries;
+ ngx_uint_t check_index;
ngx_msec_t start_time;
ngx_event_get_peer_pt get;
diff -Naur nginx-1.20.1.ori/src/event/ngx_event_connect.h.orig nginx-1.20.1/src/event/ngx_event_connect.h.orig
--- nginx-1.20.1.ori/src/event/ngx_event_connect.h.orig 1970-01-01 07:00:00.000000000 +0700
+++ nginx-1.20.1/src/event/ngx_event_connect.h.orig 2021-05-25 19:35:38.000000000 +0700
@@ -0,0 +1,80 @@
+
+/*
+ * Copyright (C) Igor Sysoev
+ * Copyright (C) Nginx, Inc.
+ */
+
+
+#ifndef _NGX_EVENT_CONNECT_H_INCLUDED_
+#define _NGX_EVENT_CONNECT_H_INCLUDED_
+
+
+#include <ngx_config.h>
+#include <ngx_core.h>
+#include <ngx_event.h>
+
+
+#define NGX_PEER_KEEPALIVE 1
+#define NGX_PEER_NEXT 2
+#define NGX_PEER_FAILED 4
+
+
+typedef struct ngx_peer_connection_s ngx_peer_connection_t;
+
+typedef ngx_int_t (*ngx_event_get_peer_pt)(ngx_peer_connection_t *pc,
+ void *data);
+typedef void (*ngx_event_free_peer_pt)(ngx_peer_connection_t *pc, void *data,
+ ngx_uint_t state);
+typedef void (*ngx_event_notify_peer_pt)(ngx_peer_connection_t *pc,
+ void *data, ngx_uint_t type);
+typedef ngx_int_t (*ngx_event_set_peer_session_pt)(ngx_peer_connection_t *pc,
+ void *data);
+typedef void (*ngx_event_save_peer_session_pt)(ngx_peer_connection_t *pc,
+ void *data);
+
+
+struct ngx_peer_connection_s {
+ ngx_connection_t *connection;
+
+ struct sockaddr *sockaddr;
+ socklen_t socklen;
+ ngx_str_t *name;
+
+ ngx_uint_t tries;
+ ngx_msec_t start_time;
+
+ ngx_event_get_peer_pt get;
+ ngx_event_free_peer_pt free;
+ ngx_event_notify_peer_pt notify;
+ void *data;
+
+#if (NGX_SSL || NGX_COMPAT)
+ ngx_event_set_peer_session_pt set_session;
+ ngx_event_save_peer_session_pt save_session;
+#endif
+
+ ngx_addr_t *local;
+
+ int type;
+ int rcvbuf;
+
+ ngx_log_t *log;
+
+ unsigned cached:1;
+ unsigned transparent:1;
+ unsigned so_keepalive:1;
+ unsigned down:1;
+
+ /* ngx_connection_log_error_e */
+ unsigned log_error:2;
+
+ NGX_COMPAT_BEGIN(2)
+ NGX_COMPAT_END
+};
+
+
+ngx_int_t ngx_event_connect_peer(ngx_peer_connection_t *pc);
+ngx_int_t ngx_event_get_peer(ngx_peer_connection_t *pc, void *data);
+
+
+#endif /* _NGX_EVENT_CONNECT_H_INCLUDED_ */
diff -Naur nginx-1.20.1.ori/src/http/ngx_http_special_response.c nginx-1.20.1/src/http/ngx_http_special_response.c
--- nginx-1.20.1.ori/src/http/ngx_http_special_response.c 2021-05-25 19:35:38.000000000 +0700
+++ nginx-1.20.1/src/http/ngx_http_special_response.c 2021-06-15 18:25:49.557250868 +0700
@@ -33,7 +33,7 @@
static u_char ngx_http_error_tail[] =
-"<hr><center>nginx</center>" CRLF
+/*"<hr><center>nginx</center>" CRLF*/
"</body>" CRLF
"</html>" CRLF
;
Raw
nginx.conf
# /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
pid /var/run/nginx.pid;
error_log /var/log/nginx/error.log error;
thread_pool main_pool threads=8;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
default_type text/html;
server_tokens off;
sendfile on;
sendfile_max_chunk 512k;
tcp_nopush on;
tcp_nodelay on;
aio threads=main_pool;
aio_write on;
keepalive_timeout 120s;
keepalive_requests 1024;
proxy_connect_timeout 900s;
proxy_send_timeout 900s;
proxy_read_timeout 900s;
send_timeout 900s;
client_body_timeout 900s;
client_body_buffer_size 32k;
client_header_buffer_size 8k;
client_max_body_size 0;
large_client_header_buffers 8 64k;
server_names_hash_bucket_size 1024;
types_hash_max_size 2048;
variables_hash_max_size 2048;
variables_hash_bucket_size 128;
map $status $loggable {
200 0;
206 0;
301 0;
302 0;
304 0;
404 0;
415 0;
499 0;
default 1;
}
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main if=$loggable;
#include /etc/nginx/tls_params;
include /etc/nginx/gzip_params;
include /etc/nginx/mime.types;
include /etc/nginx/conf.d/*.conf;
}
stream {
upstream tcp {
server ip.addr.v.4:source_port;
}
server {
listen bind_port so_keepalive=on;
proxy_pass tcp;
proxy_timeout 6h;
proxy_connect_timeout 6h;
proxy_socket_keepalive on;
}
allow ip.addr.v.4;
deny ip.addr.v.4;
}
Raw
nginx_tcp_proxy.patch
diff -Naur nginx_tcp_proxy_module.ori/modules/ngx_tcp_ssl_module.c nginx_tcp_proxy_module/modules/ngx_tcp_ssl_module.c
--- nginx_tcp_proxy_module.ori/modules/ngx_tcp_ssl_module.c 2021-06-15 18:56:18.833839736 +0700
+++ nginx_tcp_proxy_module/modules/ngx_tcp_ssl_module.c 2021-06-15 21:16:38.244827270 +0700
@@ -175,7 +175,7 @@
};
-static ngx_str_t ngx_tcp_ssl_sess_id_ctx = ngx_string("TCP");
+/*static ngx_str_t ngx_tcp_ssl_sess_id_ctx = ngx_string("TCP");*/
static void *
@@ -404,13 +404,13 @@
conf->shm_zone = prev->shm_zone;
}
- if (ngx_ssl_session_cache(&conf->ssl, &ngx_tcp_ssl_sess_id_ctx,
+ /*if (ngx_ssl_session_cache(&conf->ssl, &ngx_tcp_ssl_sess_id_ctx,
conf->builtin_session_cache,
conf->shm_zone, conf->session_timeout)
!= NGX_OK)
{
return NGX_CONF_ERROR;
- }
+ }*/
return NGX_CONF_OK;
}
diff -Naur nginx_tcp_proxy_module.ori/ngx_tcp_upstream_round_robin.c nginx_tcp_proxy_module/ngx_tcp_upstream_round_robin.c
--- nginx_tcp_proxy_module.ori/ngx_tcp_upstream_round_robin.c 2021-06-15 18:56:18.832839739 +0700
+++ nginx_tcp_proxy_module/ngx_tcp_upstream_round_robin.c 2021-06-15 20:55:25.418840608 +0700
@@ -456,8 +456,8 @@
/* ngx_unlock_mutex(ppr->peers->mutex); */
#if (NGX_THREADS)
- c->read->lock = c->read->own_lock;
- c->write->lock = c->write->own_lock;
+ /*c->read->lock = c->read->own_lock;*/
+ /*c->write->lock = c->write->own_lock;*/
#endif
pc->connection = c;
Raw
soa.conf
# /etc/nginx/conf.d/soa.conf
upstream soa {
least_conn;
server ip.addr.v4.1:port;
server ip.addr.v4.2:port;
server ip.addr.v4.3:port;
}
map $upstream_addr $x_app_server {
ip.addr.v4.1:port 'soa/srv1';
ip.addr.v4.2:port 'soa/srv2';
ip.addr.v4.3:port 'soa/srv3';
}
server {
listen bind_port;
more_set_headers 'X-App-Server: $x_app_server';
more_set_headers 'Cache-Control: must-revalidate, no-cache, private';
location / {
keepalive_time 0;
keepalive_timeout 0;
gzip_comp_level 9;
proxy_pass http://soa;
}
}
Raw
tls_params
# /etc/nginx/tls_params
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify off;
resolver 8.8.8.8 8.8.4.4 valid=86400s;
resolver_timeout 5s;
ssl_session_cache shared:TLS_$host:4m;
ssl_session_timeout 4h;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve secp384r1;
ssl_dhparam ssl_dhparam.pem;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA";
#more_set_headers 'Set-Cookie: SameSite=None; HttpOnly; Secure';
more_clear_headers 'Strict-Transport-Security';
more_set_headers 'Strict-Transport-Security: max-age=31536000; includeSubdomains; preload';
#add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload;";
#add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin";
#add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' data: content: *; frame-ancestors 'self' data: content: *;";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment