Uploaded; now awaiting review from the SRU team. Thanks all!
** Description changed:
[Impact]
nginx-naxsi is missing the stub_status module, which in some deployments
is necessary for production environments. This module is also listed in
the nginx-naxsi description, however it is not enabled as would be
expected, since the module is listed in the description for the nginx-
naxsi package.
---
[Test Case]
+ sudo apt-get install nginx-naxsi
+
Create a site configuration file for nginx in /etc/nginx/sites-enabled
containing the following:
server {
- listen 127.0.0.1;
- server_name localhost;
+ listen 127.0.0.1;
+ server_name localhost;
- location / {
- try_files $uri $uri/ =403;
- }
+ location / {
+ try_files $uri $uri/ =403;
+ }
- location /nginx_status {
- stub_status on;
- access_log off;
- allow 127.0.0.1;
- deny all;
- }
+ location /nginx_status {
+ stub_status on;
+ access_log off;
+ allow 127.0.0.1;
+ deny all;
+ }
}
After creating this configuration file, restart the nginx process or issue
the reload command using one of the following commands (you do NOT need to do
both, only one of them):
$ sudo service nginx restart
$ sudo service nginx reload
With the version in Ubuntu now, before this SRU, you should see something
like so for an error stating that it failed the configuration test:
$ sudo service nginx restart
Restarting nginx: nginx: [emerg] unknown directive "stub_status" in
/etc/nginx/sites-enabled/localhost:10
nginx: configuration file /etc/nginx/nginx.conf test failed
With the version created by including the attached debdiff, you will be
able to start nginx with the same configuration file and not run into
any errors.
When navigating to http://localhost/nginx_status with this debdiff, you
will also see something like this, which is expected output:
- Active connections: 2
+ Active connections: 2
server accepts handled requests
- 2 2 1
- Reading: 1 Writing: 1 Waiting: 0
+ 2 2 1
+ Reading: 1 Writing: 1 Waiting: 0
---
[Regression Potential]
There is no new code introduced here, only one module that should've
been enabled, but was not being enabled in the package. There is almost
no regression potential by enabling this module.
+
+ [rbasak] I was concerned about the regression risk associated with
+ enabling a build-time configuration option in an SRU. On balance, I
+ think it is worth doing. It's an independent module which I understand
+ to be reasonably separate in the codebase. I asked upstream, who
+ confirmed that they don't think it will cause a regression, and nginx is
+ in universe (an MIR for Trusty is in progress).
---
[Original Bug Description]
Hi,
The nginx-naxsi package provided in Ubuntu 12.04 LTS lacks the Stub
Status module which somehow mandatory in production environment. Plus,
if Ubuntu follows Debian philosophy regarding those packages, it is
supposed to be shipped with in Debian: http://wiki.debian.org/Nginx.
Current nginx -V: # nginx -V
nginx version: nginx/1.1.19
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-log-path=/var/log/nginx/access.log
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock
--pid-path=/var/run/nginx.pid --with-http_ssl_module --without-mail_pop3_module
--without-mail_smtp_module --without-mail_imap_module
--without-http_uwsgi_module --without-http_scgi_module --with-ipv6
--add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-upstream-fair
--add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-cache-purge
--add-module=/build/buildd/nginx-1.1.19/debian/modules/naxsi/naxsi_src
Regards,
P. Schweitzer
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1170586
Title:
[SRU] Naxsi package lacking Stub Status
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1170586/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
