From a43fc39d9ab935c878332215cf5f890ae2a10141 Mon Sep 17 00:00:00 2001 From: Jose Diaz-Gonzalez Date: Mon, 13 Jun 2016 00:25:46 -0400 Subject: [PATCH 1/2] Support nginx 1.9.5+ Newer versions of nginx drop spdy support in favor of http2, and thus the nginx config that we bundle with dokku causes nginx to fail to reload in certain cases. This change drops spdy support in favor of http2 for versions of nginx greater than 1.9.5. Closes #2216 --- plugins/nginx-vhosts/functions | 32 +++++++++++++++++++ .../nginx-vhosts/templates/ssl.server.config | 6 ++-- 2 files changed, 35 insertions(+), 3 deletions(-) diff --git a/plugins/nginx-vhosts/functions b/plugins/nginx-vhosts/functions index 2992244a1..86f027faf 100755 --- a/plugins/nginx-vhosts/functions +++ b/plugins/nginx-vhosts/functions @@ -120,6 +120,33 @@ get_custom_nginx_template() { copy_from_image "$IMAGE" "$NGINX_TEMPLATE_NAME" "$DESTINATION" 2>/dev/null || true } +is_spdy_enabled() { + declare desc="detects whether the installed nginx version has spdy or http2 support" + local NGINX_VERSION="$1" + local MAJOR_VERSION MINOR_VERSION PATCH_VERSION + local HAS_SUPPORT=true + + if ! which nginx > /dev/null 2>&1; then + echo $HAS_SUPPORT + return + fi + + MAJOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[1]}') + MINOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[2]}') + PATCH_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[3]}') + if [[ "$MAJOR_VERSION" -ge "2" ]]; then + HAS_SUPPORT=false + elif [[ "$MAJOR_VERSION" -eq "1" ]]; then + if [[ "$MINOR_VERSION" -ge "10" ]]; then + HAS_SUPPORT=false + elif [[ "$MINOR_VERSION" -ge "9" ]] && [[ "$PATCH_VERSION" -ge "5" ]]; then + HAS_SUPPORT=false + fi + fi + + echo $HAS_SUPPORT +} + nginx_build_config() { declare desc="build nginx config to proxy app containers using sigil" local APP="$1"; verify_app_name "$APP" @@ -188,11 +215,16 @@ nginx_build_config() { fi local SSL_SERVER_NAME=$(echo "$SSL_VHOSTS" | xargs) fi + + local NGINX_VERSION="$(nginx -v 2>&1 | cut -d'/' -f 2)" + local SPDY_SUPPORTED="$(is_spdy_enabled "$NGINX_VERSION")" + eval "$(config_export app "$APP")" local SIGIL_PARAMS=(-f $NGINX_TEMPLATE APP="$APP" DOKKU_ROOT="$DOKKU_ROOT" NOSSL_SERVER_NAME="$NOSSL_SERVER_NAME" DOKKU_APP_LISTENERS="$DOKKU_APP_LISTENERS" PASSED_LISTEN_IP_PORT="$PASSED_LISTEN_IP_PORT" + SPDY_SUPPORTED="$SPDY_SUPPORTED" DOKKU_APP_LISTEN_PORT="$DOKKU_APP_LISTEN_PORT" DOKKU_APP_LISTEN_IP="$DOKKU_APP_LISTEN_IP" APP_SSL_PATH="$APP_SSL_PATH" SSL_INUSE="$SSL_INUSE" SSL_SERVER_NAME="$SSL_SERVER_NAME" NGINX_PORT="$NGINX_PORT" NGINX_SSL_PORT="$NGINX_SSL_PORT" RAW_TCP_PORTS="$RAW_TCP_PORTS") diff --git a/plugins/nginx-vhosts/templates/ssl.server.config b/plugins/nginx-vhosts/templates/ssl.server.config index 7c19885e3..336be3c9d 100644 --- a/plugins/nginx-vhosts/templates/ssl.server.config +++ b/plugins/nginx-vhosts/templates/ssl.server.config @@ -1,6 +1,6 @@ server { - listen [::]:{{ .NGINX_SSL_PORT }} ssl spdy; - listen {{ .NGINX_SSL_PORT }} ssl spdy; + listen [::]:{{ .NGINX_SSL_PORT }} ssl {{ if eq .SPDY_SUPPORTED "true" }}spdy{{ else }}http2{{ end }}; + listen {{ .NGINX_SSL_PORT }} ssl {{ if eq .SPDY_SUPPORTED "true" }}spdy{{ else }}http2{{ end }}; {{ if .SSL_SERVER_NAME }}server_name {{ .SSL_SERVER_NAME }}; {{ end }} {{ if .NOSSL_SERVER_NAME }}server_name {{ .NOSSL_SERVER_NAME }}; {{ end }} {{ include "log.config" . }} @@ -8,6 +8,6 @@ server { ssl_certificate_key {{ .APP_SSL_PATH }}/server.key; keepalive_timeout 70; - add_header Alternate-Protocol {{ .NGINX_SSL_PORT }}:npn-spdy/2; + {{ if eq .SPDY_SUPPORTED "true" }}add_header Alternate-Protocol {{ .NGINX_SSL_PORT }}:npn-spdy/2;{{ end }} {{ include "location.config" . }} } From f99aa2b128d94da562818865a4e6c305f4db96b4 Mon Sep 17 00:00:00 2001 From: Jose Diaz-Gonzalez Date: Mon, 13 Jun 2016 00:32:40 -0400 Subject: [PATCH 2/2] Skip upgrading nginx when the version of nginx is at least 1.8.0 Refs #2059 --- plugins/nginx-vhosts/dependencies | 79 +++++++++++++++++++++---------- 1 file changed, 55 insertions(+), 24 deletions(-) diff --git a/plugins/nginx-vhosts/dependencies b/plugins/nginx-vhosts/dependencies index 4111a3d15..8068dd4ee 100755 --- a/plugins/nginx-vhosts/dependencies +++ b/plugins/nginx-vhosts/dependencies @@ -1,32 +1,63 @@ #!/usr/bin/env bash set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x -case "$DOKKU_DISTRO" in - debian) - export DEBIAN_FRONTEND=noninteractive - apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes -qq -y nginx dnsutils - ;; +nginx_needs_upgrade() { + declare desc="checks as to whether nginx needs to be installed or upgraded" + local MAJOR_VERSION MINOR_VERSION + local NEEDS_UPGRADE=true - ubuntu) - export DEBIAN_FRONTEND=noninteractive - [[ -z "$CIRCLECI" ]] && apt-get install -qq -y software-properties-common python-software-properties - [[ -n "$CIRCLECI" ]] && aptitude install -q -y software-properties-common python-software-properties + if ! which nginx > /dev/null 2>&1; then + echo $NEEDS_UPGRADE + return + fi - ubuntu_year=$(lsb_release -d | cut -d ' ' -f 2 | awk '{split($0,a,"."); print a[1]}') - ubuntu_month=$(lsb_release -d | cut -d ' ' -f 2 | awk '{split($0,a,"."); print a[2]}') - [[ "$ubuntu_year" -ge "16" ]] && exit 0 - [[ "$ubuntu_year" -eq "15" ]] && [[ "$ubuntu_month" -eq "10" ]] && exit 0 + MAJOR_VERSION=$(nginx -v 2>&1 | cut -d'/' -f 2 | awk '{split($0,a,"."); print a[1]}') + MINOR_VERSION=$(nginx -v 2>&1 | cut -d'/' -f 2 | awk '{split($0,a,"."); print a[2]}') + if [[ "$MAJOR_VERSION" -ge "2" ]]; then + NEEDS_UPGRADE=false + elif [[ "$MAJOR_VERSION" -ge "1" ]] && [[ "$MINOR_VERSION" -ge "8" ]]; then + NEEDS_UPGRADE=false + fi - add-apt-repository -y ppa:nginx/stable - apt-get update -qq > /dev/null - apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes -qq -y nginx dnsutils - ;; + echo $NEEDS_UPGRADE +} - opensuse) - zypper -q in -y nginx bind-utils - ;; +nginx_dependencies() { + declare desc="installs dependencies for the nginx-vhosts plugin" + case "$DOKKU_DISTRO" in + debian) + export DEBIAN_FRONTEND=noninteractive + apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes -qq -y nginx dnsutils + ;; - arch) - pacman -S --noconfirm --noprogressbar --needed nginx bind-tools - ;; -esac + ubuntu) + export DEBIAN_FRONTEND=noninteractive + local NEEDS_UPGRADE=$(nginx_needs_upgrade) + if [[ "$NEEDS_UPGRADE" == "false" ]]; then + return + fi + + [[ -z "$CIRCLECI" ]] && apt-get install -qq -y software-properties-common python-software-properties + [[ -n "$CIRCLECI" ]] && aptitude install -q -y software-properties-common python-software-properties + + ubuntu_year=$(lsb_release -d | cut -d ' ' -f 2 | awk '{split($0,a,"."); print a[1]}') + ubuntu_month=$(lsb_release -d | cut -d ' ' -f 2 | awk '{split($0,a,"."); print a[2]}') + [[ "$ubuntu_year" -ge "16" ]] && exit 0 + [[ "$ubuntu_year" -eq "15" ]] && [[ "$ubuntu_month" -eq "10" ]] && exit 0 + + add-apt-repository -y ppa:nginx/stable + apt-get update -qq > /dev/null + apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes -qq -y nginx dnsutils + ;; + + opensuse) + zypper -q in -y nginx bind-utils + ;; + + arch) + pacman -S --noconfirm --noprogressbar --needed nginx bind-tools + ;; + esac +} + +nginx_dependencies "$@"