[Bug 1170586] Re: [SRU] Naxsi package lacking Stub Status
Robie Basak
1170586 at bugs.launchpad.net
Mon Feb 3 17:01:51 UTC 2014
Uploaded; now awaiting review from the SRU team. Thanks all!
** Description changed:
[Impact]
nginx-naxsi is missing the stub_status module, which in some deployments
is necessary for production environments. This module is also listed in
the nginx-naxsi description, however it is not enabled as would be
expected, since the module is listed in the description for the nginx-
naxsi package.
---
[Test Case]
+ sudo apt-get install nginx-naxsi
+
Create a site configuration file for nginx in /etc/nginx/sites-enabled
containing the following:
server {
- listen 127.0.0.1;
- server_name localhost;
+ listen 127.0.0.1;
+ server_name localhost;
- location / {
- try_files $uri $uri/ =403;
- }
+ location / {
+ try_files $uri $uri/ =403;
+ }
- location /nginx_status {
- stub_status on;
- access_log off;
- allow 127.0.0.1;
- deny all;
- }
+ location /nginx_status {
+ stub_status on;
+ access_log off;
+ allow 127.0.0.1;
+ deny all;
+ }
}
After creating this configuration file, restart the nginx process or issue the reload command using one of the following commands (you do NOT need to do both, only one of them):
$ sudo service nginx restart
$ sudo service nginx reload
With the version in Ubuntu now, before this SRU, you should see something like so for an error stating that it failed the configuration test:
$ sudo service nginx restart
Restarting nginx: nginx: [emerg] unknown directive "stub_status" in /etc/nginx/sites-enabled/localhost:10
nginx: configuration file /etc/nginx/nginx.conf test failed
With the version created by including the attached debdiff, you will be
able to start nginx with the same configuration file and not run into
any errors.
When navigating to http://localhost/nginx_status with this debdiff, you
will also see something like this, which is expected output:
- Active connections: 2
+ Active connections: 2
server accepts handled requests
- 2 2 1
- Reading: 1 Writing: 1 Waiting: 0
+ 2 2 1
+ Reading: 1 Writing: 1 Waiting: 0
---
[Regression Potential]
There is no new code introduced here, only one module that should've
been enabled, but was not being enabled in the package. There is almost
no regression potential by enabling this module.
+
+ [rbasak] I was concerned about the regression risk associated with
+ enabling a build-time configuration option in an SRU. On balance, I
+ think it is worth doing. It's an independent module which I understand
+ to be reasonably separate in the codebase. I asked upstream, who
+ confirmed that they don't think it will cause a regression, and nginx is
+ in universe (an MIR for Trusty is in progress).
---
[Original Bug Description]
Hi,
The nginx-naxsi package provided in Ubuntu 12.04 LTS lacks the Stub
Status module which somehow mandatory in production environment. Plus,
if Ubuntu follows Debian philosophy regarding those packages, it is
supposed to be shipped with in Debian: http://wiki.debian.org/Nginx.
Current nginx -V: # nginx -V
nginx version: nginx/1.1.19
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-http_ssl_module --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module --without-http_uwsgi_module --without-http_scgi_module --with-ipv6 --add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-upstream-fair --add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-cache-purge --add-module=/build/buildd/nginx-1.1.19/debian/modules/naxsi/naxsi_src
Regards,
P. Schweitzer
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1170586
Title:
[SRU] Naxsi package lacking Stub Status
Status in “nginx” package in Ubuntu:
Fix Released
Status in “nginx” source package in Precise:
Triaged
Bug description:
[Impact]
nginx-naxsi is missing the stub_status module, which in some
deployments is necessary for production environments. This module is
also listed in the nginx-naxsi description, however it is not enabled
as would be expected, since the module is listed in the description
for the nginx-naxsi package.
---
[Test Case]
sudo apt-get install nginx-naxsi
Create a site configuration file for nginx in /etc/nginx/sites-enabled
containing the following:
server {
listen 127.0.0.1;
server_name localhost;
location / {
try_files $uri $uri/ =403;
}
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
}
After creating this configuration file, restart the nginx process or issue the reload command using one of the following commands (you do NOT need to do both, only one of them):
$ sudo service nginx restart
$ sudo service nginx reload
With the version in Ubuntu now, before this SRU, you should see something like so for an error stating that it failed the configuration test:
$ sudo service nginx restart
Restarting nginx: nginx: [emerg] unknown directive "stub_status" in /etc/nginx/sites-enabled/localhost:10
nginx: configuration file /etc/nginx/nginx.conf test failed
With the version created by including the attached debdiff, you will
be able to start nginx with the same configuration file and not run
into any errors.
When navigating to http://localhost/nginx_status with this debdiff,
you will also see something like this, which is expected output:
Active connections: 2
server accepts handled requests
2 2 1
Reading: 1 Writing: 1 Waiting: 0
---
[Regression Potential]
There is no new code introduced here, only one module that should've
been enabled, but was not being enabled in the package. There is
almost no regression potential by enabling this module.
[rbasak] I was concerned about the regression risk associated with
enabling a build-time configuration option in an SRU. On balance, I
think it is worth doing. It's an independent module which I understand
to be reasonably separate in the codebase. I asked upstream, who
confirmed that they don't think it will cause a regression, and nginx
is in universe (an MIR for Trusty is in progress).
---
[Original Bug Description]
Hi,
The nginx-naxsi package provided in Ubuntu 12.04 LTS lacks the Stub
Status module which somehow mandatory in production environment. Plus,
if Ubuntu follows Debian philosophy regarding those packages, it is
supposed to be shipped with in Debian: http://wiki.debian.org/Nginx.
Current nginx -V: # nginx -V
nginx version: nginx/1.1.19
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-http_ssl_module --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module --without-http_uwsgi_module --without-http_scgi_module --with-ipv6 --add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-upstream-fair --add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-cache-purge --add-module=/build/buildd/nginx-1.1.19/debian/modules/naxsi/naxsi_src
Regards,
P. Schweitzer
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1170586/+subscriptions
More information about the Ubuntu-sponsors
mailing list