By default, nginx writes to various files, mainly for logging and caching. In order for it to work with read-only file systems, this patch provides an alternative nginx configuration file redirecting all these write paths to /tmp (which is backed by ramfs and thus is read-write).
On the way, nginx is also updated to 1.19.7 (current latest). Signed-off-by: Fotis Xenakis <[email protected]> --- nginx/Makefile | 6 +- nginx/patches/nginx-ro.conf | 147 ++++++++++++++++++++++++++++++++++++ 2 files changed, 151 insertions(+), 2 deletions(-) create mode 100644 nginx/patches/nginx-ro.conf diff --git a/nginx/Makefile b/nginx/Makefile index 6a44e00..99c5cb8 100644 --- a/nginx/Makefile +++ b/nginx/Makefile @@ -1,10 +1,12 @@ -VERSION=1.17.4 +VERSION=1.19.7 SOURCE=http://nginx.org/download/nginx-${VERSION}.tar.gz CONFIGURE_MODULES=--prefix=/nginx/ --with-debug --without-http_rewrite_module --with-threads --with-http_stub_status_module .PHONY: module clean SRC=upstream/nginx +# Use nginx-ro.conf when on a read-only root file system (currenty rofs and virtio-fs) +NGINX_CONF=$(if $(filter $(fs_type),rofs virtiofs),nginx-ro.conf,nginx.conf) module: usr.manifest @@ -14,7 +16,7 @@ usr.manifest: $(SRC)/nginx.so echo '/nginx/html/**: $${MODULE_DIR}/upstream/nginx/html/**' >> usr.manifest echo '/nginx/logs/**: $${MODULE_DIR}/upstream/nginx/logs/**' >> usr.manifest echo '/nginx/conf/**: $${MODULE_DIR}/upstream/nginx/conf/**' >> usr.manifest - echo '/nginx/conf/nginx.conf: $${MODULE_DIR}/patches/nginx.conf' >> usr.manifest + echo '/nginx/conf/nginx.conf: $${MODULE_DIR}/patches/$(NGINX_CONF)' >> usr.manifest clean: rm -fr upstream diff --git a/nginx/patches/nginx-ro.conf b/nginx/patches/nginx-ro.conf new file mode 100644 index 0000000..58b1c4f --- /dev/null +++ b/nginx/patches/nginx-ro.conf @@ -0,0 +1,147 @@ + +#user nobody; +worker_processes 1; + +# Set error_log to stderr so that log messages are displayed on +# OSv console that started "scripts/run.py -nvd". +# Although this is less ideal when compared to redirecting error +# and access logs to syslog for example, it is a workable first +# solution that is comparable to redirection used while starting +# Nginx in a container +# (reference: http://serverfault.com/questions/657863/nginx-how-to-use-docker-log-collector-when-nginx-is-running-under-supervisord). +error_log stderr error; + +# Write pid to ramfs +pid /tmp/nginx_pid; + +# Run in foreground, primarily because fork() is stubbed in OSv. +# This setting is consistent with official Nginx Dockerfile configuration: +# https://github.com/nginxinc/docker-nginx/blob/41aa13f7d2c24407e483c40fb1e8b33e73462ff1/mainline/jessie/Dockerfile#L27 +daemon off; + +events { + worker_connections 1024; +} + + +http { + include mime.types; + default_type application/octet-stream; + + #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log off; + + client_body_buffer_size 10m; + client_max_body_size 10m; + client_body_in_single_buffer on; + client_body_temp_path /tmp/nginx_client_body_temp; + + proxy_temp_path /tmp/nginx_proxy_temp; + fastcgi_temp_path /tmp/nginx_fastcgi_temp; + uwsgi_temp_path /tmp/nginx_uwsgi_temp; + scgi_temp_path /tmp/nginx_uwsgi_temp; + + sendfile on; + tcp_nopush on; + + # Default keepalive param values + #keepalive_requests 100; + # Long keepalive to avoid/reduce preblems with TCP port resue + # See https://github.com/cloudius-systems/osv/issues/889 + keepalive_requests 1000000000; + + #gzip on; + + server { + listen 80; + server_name localhost; + + # server_name 192.168.122.1; + + #charset koi8-r; + + #access_log logs/host.access.log main; + + location / { + root html; + index index.html index.htm; + #aio threads; + } + + location /basic_status { + stub_status; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + } + + + # another virtual host using mix of IP-, name-, and port-based configuration + # + #server { + # listen 8000; + # listen somename:8080; + # server_name somename alias another.alias; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + + + # HTTPS server + # + #server { + # listen 443 ssl; + # server_name localhost; + + # ssl_certificate cert.pem; + # ssl_certificate_key cert.key; + + # ssl_session_cache shared:SSL:1m; + # ssl_session_timeout 5m; + + # ssl_ciphers HIGH:!aNULL:!MD5; + # ssl_prefer_server_ciphers on; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + +} -- 2.30.1 -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/osv-dev/VI1PR03MB3773463CF1CDCEC2935FF22AA6959%40VI1PR03MB3773.eurprd03.prod.outlook.com.
