summaryrefslogtreecommitdiffstats
path: root/meta-webserver/recipes-httpd/nginx
Commit message (Collapse)AuthorAgeFilesLines
* recipes: Start WORKDIR -> UNPACKDIR transitionKhem Raj2024-05-231-6/+6
| | | | | | | Replace references of WORKDIR with UNPACKDIR where it makes sense to do so in preparation for changing the default value of UNPACKDIR. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: Upgrade stable 1.24.0 -> 1.26.0Peter Marko2024-04-303-86/+6
| | | | | | | | | | | | | nginx-1.26.0 stable version has been released, incorporating new features and bug fixes from the 1.25.x mainline branch - including experimental HTTP/3 support, HTTP/2 on a per-server basis virtual servers in the stream module, passing stream connections to listen sockets, and more. License-Update: copyright years refreshed Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: Disable login for www userMaxim Perevozchikov2024-04-111-0/+1
| | | | | Signed-off-by: Maxim Perevozchikov <m.perevozchikov@yadro.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: add http sub module featureMichael Haener2024-01-191-0/+1
| | | | | | | | | Providing the http sub module feature. The module works as a filter which replaces a specific character string in a response with another character string. Signed-off-by: Michael Haener <michael.haener@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: fix CVE-2023-44487alperak2024-01-112-0/+80
| | | | | | | | | | | Upstream-Status: Backport from [https://github.com/nginx/nginx/commit/6ceef192e7af1c507826ac38a2d43f08bf265fb9] WARNING: nginx-1.24.0-r0 do_cve_check: Found unpatched CVE (CVE-2023-44487) This vulnerability exists between the following versions -> From(including) 1.9.5 Up to(including) 1.25.2 Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: update versions for both the stable branch and mainlineDerek Straka2023-12-143-10/+10
| | | | | | | | Stable: None -> 1.24.0 Legacy Mainline 1.21.1 -> Removed Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.25.2 -> 1.25.3Meenali Gupta2023-12-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: =========== https://nginx.org/en/CHANGES *) Change: improved detection of misbehaving clients when using HTTP/2. *) Feature: startup speedup when using a large number of locations. Thanks to Yusuke Nojima. *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2 without SSL; the bug had appeared in 1.25.1. *) Bugfix: the "Status" backend response header line with an empty reason phrase was handled incorrectly. *) Bugfix: memory leak during reconfiguration when using the PCRE2 library. Thanks to ZhenZhong Wu. *) Bugfixes and improvements in HTTP/3. Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: add configure optionJoe Slater2023-10-042-0/+42
| | | | | | | | Support --with-http_xslt_module configure option via a PACKAGECONFIG option. The option is not added to the defaults. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.25.1 -> 1.25.2Wang Mingyu2023-08-261-1/+1
| | | | | | | | | | | | | | | | | | Changelog: =========== *) Feature: path MTU discovery when using HTTP/3. *) Feature: TLS_AES_128_CCM_SHA256 cipher suite support when using HTTP/3. *) Change: now nginx uses appname "nginx" when loading OpenSSL configuration. *) Change: now nginx does not try to load OpenSSL configuration if the --with-openssl option was used to built OpenSSL and the OPENSSL_CONF environment variable is not set. *) Bugfix: in the $body_bytes_sent variable when using HTTP/3. *) Bugfix: in HTTP/3. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.24.0 -> 1.25.1Wang Mingyu2023-07-202-6/+6
| | | | | | | | | | | | | | | | | Changelog: ========== *) Feature: the "http2" directive, which enables HTTP/2 on a per-server basis; the "http2" parameter of the "listen" directive is now deprecated. *) Change: HTTP/2 server push support has been removed. *) Change: the deprecated "ssl" directive is not supported anymore. *) Bugfix: in HTTP/3 when using OpenSSL. *) Feature: experimental HTTP/3 support. License-Update: Copyright year updated to 2023. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade to 1.24.0 releaseMichael Haener2023-07-111-1/+1
| | | | | | | Brings nginx to the current stable version. Signed-off-by: Michael Haener <michael.haener@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: Add stream Signed-off-by: Luke Schaefer <lukeschafer17@gmail.com>Luke Schaefer2023-06-271-0/+1
| | | | | | Add stream support to nginx PACKAGECONFIG Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.23.3 -> 1.23.4Wang Mingyu2023-04-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: =========== *) Change: now TLSv1.3 protocol is enabled by default. *) Change: now nginx issues a warning if protocol parameters of a listening socket are redefined. *) Change: now nginx closes connections with lingering if pipelining was used by the client. *) Feature: byte ranges support in the ngx_http_gzip_static_module. *) Bugfix: port ranges in the "listen" directive did not work; the bug had appeared in 1.23.3. *) Bugfix: incorrect location might be chosen to process a request if a prefix location longer than 255 characters was used in the configuration. *) Bugfix: non-ASCII characters in file names on Windows were not supported by the ngx_http_autoindex_module, the ngx_http_dav_module, and the "include" directive. *) Change: the logging level of the "data length too long", "length too short", "bad legacy version", "no shared signature algorithms", "bad digest length", "missing sigalgs extension", "encrypted length too long", "bad length", "bad key update", "mixed handshake and non handshake data", "ccs received early", "data between ccs and finished", "packet length too long", "too many warn alerts", "record too small", and "got a fin before a ccs" SSL errors has been lowered from "crit" to "info". *) Bugfix: a socket leak might occur when using HTTP/2 and the "error_page" directive to redirect errors with code 400. *) Bugfix: messages about logging to syslog errors did not contain information that the errors happened while logging to syslog. *) Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using zlib-ng. *) Bugfix: in the mail proxy server. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* redirect unwanted error message in nginx installJohannes Kirchmair2023-04-041-1/+1
| | | | | | | | | | | | | | | | if we run opkg install nginx on our system (without systemd) we end up getting the following message in the install process $ opkg install nginx_1.20.1-r0_core2-64.ipk  ... //var/lib/opkg/info/nginx.postinst: line 3: type: systemd-tmpfiles: not found this confused some of my coworkers. as installation also finishes correctly without sytemd-tmpfiles and not having systemd-tempfiles is not really a problem, I think we should redirect the message also to /dev/NULL Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: added packagegroup for webdav modulePeter Johennecken2023-03-311-0/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.20.1 -> 1.23.3Wang Mingyu2023-03-093-116/+6
| | | | | | | | | | | | | | | | | | | | | | | | CVE-2021-3618.patch removed since it's included in 1.23.3 Changelog: ========== *) Bugfix: an error might occur when reading PROXY protocol version 2 header with large number of TLVs. *) Bugfix: a segmentation fault might occur in a worker process if SSI was used to process subrequests created by other modules. Thanks to Ciel Zhao. *) Workaround: when a hostname used in the "listen" directive resolves to multiple addresses, nginx now ignores duplicates within these addresses. *) Bugfix: nginx might hog CPU during unbuffered proxying if SSL connections to backends were used. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: Add ipv6 supportJoshua Watt2022-10-271-1/+2
| | | | | | | Adds a PACKAGECONFIG to enable ipv6 in nginx Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: add gunzip PACKAGECONFIGStefan Herbrechtsmeier2022-03-291-0/+1
| | | | | | | | | | The nginx gunzip module is a filter that decompresses responses with 'Content-Encoding: gzip' for clients that do not support 'gzip' encoding method. The module will be useful when it is desirable to store data compressed to save space and reduce I/O costs. Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: use ln -rsRoss Burton2021-11-111-1/+1
| | | | | | | lnr is deprecated, use ln -rs directly instead. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: Fix off_t size passed in configureNathan Rossi2021-08-311-1/+1
| | | | | | | | | | | For linux, nginx will always compile with '-D_FILE_OFFSET_BITS=64'. This means that off_t will always be 8 bytes long, even on 32-bit targets. This configuration change resolves some issues with nginx and handling range headers. Signed-off-by: Nathan Rossi <nathan@nathanrossi.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: fix CVE-2021-3618Joe Slater2021-08-202-0/+109
| | | | | | | | | | | Backport with no change a patch from version 1.21.0. This patch was not cherry-picked by nginx to version 1.20.1. Information about this CVE comes from https://ubuntu.com/security/CVE-2021-3618. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Convert to new override syntaxMartin Jansa2021-08-031-7/+7
| | | | | | | | | | This is the result of automated script (0.9.1) conversion: oe-core/scripts/contrib/convert-overrides.py . converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: upgrade 1.19.6 -> 1.21.1Salman Ahmed2021-07-302-10/+10
| | | | | Signed-off-by: Salman Ahmed <salman.ahmed@weidmueller.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.18.0 -> 1.20.1Salman Ahmed2021-07-302-6/+7
| | | | | Signed-off-by: Salman Ahmed <salman.ahmed@weidmueller.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.17.8 -> 1.19.6changqing.li@windriver.com2020-12-302-10/+10
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.16.1 -> 1.18.0changqing.li@windriver.com2020-12-302-6/+6
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: remove /var/log/nginx when do_installYi Zhao2020-05-061-1/+3
| | | | | | | | Remove directory /var/log/nginx when do_install because it is created by volatiles file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: fix error during service startupChangqing Li2020-02-262-0/+100
| | | | | | | | | fix below error: nginx.service: failed to parse pid from file /run/nginx/nginx.pid: invalid argument Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: update to the latest development version (1.17.8)Derek Straka2020-02-092-6/+10
| | | | | | | See Changelog: https://nginx.org/en/CHANGES Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: update to the latest stable version (1.16.1)Derek Straka2020-02-092-10/+6
| | | | | | | | See changlog here: https://nginx.org/en/CHANGES-1.16 * Fixes CVE-2019-9511, CVE-2019-9513, CVE-2019-9516 Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: fix install pathsGaylord Charles2019-11-171-2/+2
| | | | | | | | | | | This patch fixes Nginx install paths. I tried to build the native variant for testing purpose and had errors. - Use path variable instead of /usr - Replace the absolute path symlink with a relative one Signed-off-by: Gaylord CHARLES <gaylord.charles@veo-labs.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: fix kill path in nginx systemd unit filenick83ola2019-05-272-2/+2
| | | | | | | the kill utility is located in /bin/kill -> use base_bindir instead of bindir Signed-off-by: Nicola Lunghi <nick83ola@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: add PACKAGECONFIG[http-auth-request]nick83ola2019-05-271-0/+1
| | | | | Signed-off-by: Nicola Lunghi <nick83ola@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: update stable version to 1.16.0nick83ola2019-05-272-10/+10
| | | | | | | | | | | | | The LIC_FILES_CHKSUM needs also to be updated due to the updated year in the LICENSE file - * Copyright (C) 2002-2018 Igor Sysoev - * Copyright (C) 2011-2018 Nginx, Inc. + * Copyright (C) 2002-2019 Igor Sysoev + * Copyright (C) 2011-2019 Nginx, Inc. Signed-off-by: Nicola Lunghi <nick83ola@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: update to version 1.17.0nick83ola2019-05-272-6/+6
| | | | | | | | | | | | | The LIC_FILES_CHKSUM needs also to be updated due to the updated year in the LICENSE file - * Copyright (C) 2002-2018 Igor Sysoev - * Copyright (C) 2011-2018 Nginx, Inc. + * Copyright (C) 2002-2019 Igor Sysoev + * Copyright (C) 2011-2019 Nginx, Inc. Signed-off-by: Nicola Lunghi <nick83ola@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: add default proxy_paramsAndré Draszik2019-01-192-0/+7
| | | | | | | | | | | | | As per Debian packaging - to use it, see https://wiki.debian.org/Nginx/DirectoryStructure#Extra_Parameters This file is most commonly included when Nginx is acting as a reverse proxy: include /etc/nginx/proxy_params; proxy_pass http://localhost:8000; Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: configuration updateAndré Draszik2019-01-193-105/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Restructure the main configuration file to simplify custom configuration: * support inclusion of configuration fragments from subdirectories: - /etc/nginx/modules-enabled/*.conf - /etc/nginx/conf.d/*.conf - /etc/nginx/sites-enabled/* * default site (port 80): - move into /etc/nginx/sites-available/default_server and enable via symlink in /etc/nginx/sites-enabled/ - listen on IPv6 - drop unneeded example fragments * configure and enable gzip * update TLS settings to drop SSLv3 and enable TLSv1.3 for some safer defaults * update remaining bits to follow Debian standard configuration https://salsa.debian.org/nginx-team/nginx/blob/62a54a8ba66ee6cc1b4f8a33dab9a6f27a3fdac4/debian/conf/nginx.conf * drop unneeded example configuration bits from /etc/nginx/*.default These changes, in particular the configuration fragment support allow to easily customise nginx based on individual requirements. In addition, it is now possible for other recipes / packages to drop fragments into the respective directories in /etc/nginx without having to meddle with /etc/nginx/nginx.conf Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: update systemd unit using nginx recommendationAndré Draszik2019-01-192-3/+8
| | | | | | | | | | | | | | | | | | Our systemd unit doesn't follow the official recommendation, see https://www.nginx.com/resources/wiki/start/topics/examples/systemd/ Most importantly: * it should start after some additional specific targets/units * using PrivateTmp is a useful security feature, in particular to avoid cross domain scripting via the temp folder * using systemd's $MAINPID, we can distinguish between multiple running nginx instances correctly Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: update stable version to 1.14.2Andrej Valek2018-12-111-2/+2
| | | | | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: update to version 1.15.7Andrej Valek2018-12-102-6/+6
| | | | | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: add PACKAGECONFIG[ssl]Max Kellermann2018-09-241-2/+4
| | | | | Signed-off-by: Max Kellermann <max.kellermann@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: Upgrade to 1.15.2Khem Raj2018-08-152-6/+6
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: remove the 1.13 recipe in favor of the new dev branch of 1.5.xDerek Straka2018-07-122-10/+10
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: enable thread pools by defaultDerek Straka2018-07-121-0/+1
| | | | | | | The thread pool feature can be enabled without significant extra binary size. Thread pools can increase performance by an order of magnitude on some configurations Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: update latest development version to 1.13.12Derek Straka2018-05-172-10/+10
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: update stable version to 1.14.0Derek Straka2018-05-172-6/+6
| | | | | | | License-Update: Update license file for latest copyright date Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: refresh patchesArmin Kuster2018-04-131-26/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | WARNING: nginx-1.12.2-r0 do_patch: Some of the context lines in patches were ignored. This can lead to incorrectly applied patches. The context lines in the patches can be updated with devtool: devtool modify <recipe> devtool finish --force-patch-refresh <recipe> <layer_path> Then the updated patches and the source tree (in devtool's workspace) should be reviewed to make sure the patches apply in the correct place and don't introduce duplicate lines (which can, and does happen when some of the context is ignored). Further information: http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450 Details: Applying patch nginx-cross.patch patching file auto/feature patching file auto/options Hunk #1 succeeded at 386 (offset 33 lines). Hunk #2 succeeded at 580 (offset 35 lines). Hunk #3 succeeded at 599 (offset 22 lines). patching file auto/types/sizeof patching file auto/unix Hunk #1 succeeded at 587 (offset 194 lines). Hunk #2 succeeded at 604 with fuzz 1 (offset 188 lines). Hunk #3 succeeded at 620 with fuzz 2 (offset 188 lines). Now at patch nginx-cross.patch Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: update development version to 1.13.9Derek Straka2018-03-162-10/+10
| | | | | | | Update license checksum for copyright changes Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes: use oe.utils.conditional instead of deprecated base_conditionalMartin Jansa2018-02-011-1/+1
| | | | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* nginx: update dev version to 1.13.8Derek Straka2018-01-161-2/+2
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-25 10:37:13 +0000