Error: nginx: [emerg] unknown directive "stream" in /etc/nginx/nginx.conf:11

2023-12-07 Thread Gandla, Kesavardhana via nginx 
Dear NGINX community,

I am Kesavardhana Gandla from Medtronic R&D, Bangalore. I am trying to evaluate 
the nginx on YOCTO Linux based embedded product.
My Linux version: 5.15.71  aarch64 GNU/Linux.
While using the stream option on target the below error is coming.

Error: nginx: [emerg] unknown directive "stream" in /etc/nginx/nginx.conf:11
Attached the nginx.conf file for reference.
nginx -V
nginx version: nginx/1.20.1
built with OpenSSL 3.0.7 1 Nov 2022
TLS SNI support enabled
configure arguments: --crossbuild=Linux:aarch64 --with-endian=little 
--with-int=4 --with-long=8 --with-long-long=8 --with-ptr-size=8 
--with-sig-atomic-t=8 --with-size-t=8 --with-off-t=8 --with-time-t=8 
--with-sys-nerr=132 --conf-path=/etc/nginx/nginx.conf 
--http-log-path=/var/log/nginx/access.log 
--error-log-path=/var/log/nginx/error.log 
--http-client-body-temp-path=/run/nginx/client_body_temp 
--http-proxy-temp-path=/run/nginx/proxy_temp 
--http-fastcgi-temp-path=/run/nginx/fastcgi_temp 
--http-uwsgi-temp-path=/run/nginx/uwsgi_temp 
--http-scgi-temp-path=/run/nginx/scgi_temp --pid-path=/run/nginx/nginx.pid 
--prefix=/usr --with-threads --with-http_gzip_static_module 
--with-http_ssl_module

Could you please provide your feedback to resolve the above error "unknown 
directive stream"?
Does open source version of NGNX support stream directive? If yes, how to 
include it in the yocto build?

Thanks,
Kesavardhana Gandla
[CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email is 
proprietary to Medtronic and is intended for use only by the individual or 
entity to which it is addressed, and may contain information that is private, 
privileged, confidential or exempt from disclosure under applicable law. If you 
are not the intended recipient or it appears that this mail has been forwarded 
to you without proper authority, you are notified that any use or dissemination 
of this information in any manner is strictly prohibited. In such cases, please 
delete this mail from your records. To view this notice in other languages you 
can either select the following link or manually copy and paste the link into 
the address bar of a web browser: http://emaildisclaimer.medtronic.com
user www;
worker_processes 1;
pid /run/nginx/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
worker_connections 768;
# multi_accept on;
}

stream {
  server {
  listen 8081;
#  proxy_pass IP_ADDRESS:PORT_NUMBER;
  }
}

http {
# Basic Settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include   /etc/nginx/mime.types;
default_type  application/octet-stream;

# SSL Settings
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

## Logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

## Gzip settings
gzip  on;

gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript 
text/xml application/xml application/xml+rss text/javascript;

## Virtual Host Configs
  ## Virtual Host Configs
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx

Re: Error: nginx: [emerg] unknown directive "stream" in /etc/nginx/nginx.conf:11

2023-12-07 Thread Roman Arutyunyan 
Hi,

> On 7 Dec 2023, at 13:17, Gandla, Kesavardhana via nginx  
> wrote:
> 
> Dear NGINX community,
>  
> I am Kesavardhana Gandla from Medtronic R&D, Bangalore. I am trying to 
> evaluate the nginx on YOCTO Linux based embedded product.
> My Linux version: 5.15.71  aarch64 GNU/Linux.
> While using the stream option on target the below error is coming.
>  
> Error: nginx: [emerg] unknown directive "stream" in /etc/nginx/nginx.conf:11
> Attached the nginx.conf file for reference.
> nginx -V
> nginx version: nginx/1.20.1
> built with OpenSSL 3.0.7 1 Nov 2022
> TLS SNI support enabled
> configure arguments: --crossbuild=Linux:aarch64 --with-endian=little 
> --with-int=4 --with-long=8 --with-long-long=8 --with-ptr-size=8 
> --with-sig-atomic-t=8 --with-size-t=8 --with-off-t=8 --with-time-t=8 
> --with-sys-nerr=132 --conf-path=/etc/nginx/nginx.conf 
> --http-log-path=/var/log/nginx/access.log 
> --error-log-path=/var/log/nginx/error.log 
> --http-client-body-temp-path=/run/nginx/client_body_temp 
> --http-proxy-temp-path=/run/nginx/proxy_temp 
> --http-fastcgi-temp-path=/run/nginx/fastcgi_temp 
> --http-uwsgi-temp-path=/run/nginx/uwsgi_temp 
> --http-scgi-temp-path=/run/nginx/scgi_temp --pid-path=/run/nginx/nginx.pid 
> --prefix=/usr --with-threads --with-http_gzip_static_module 
> --with-http_ssl_module
>  
> Could you please provide your feedback to resolve the above error “unknown 
> directive stream”?
> Does open source version of NGNX support stream directive? If yes, how to 
> include it in the yocto build?

Stream support in nginx is enabled by "--with-stream" configuration option.
Apparently your nginx is now built without Stream support.


Roman Arutyunyan
a...@nginx.com




___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx 1.20.0 coverity errors

2023-12-07 Thread Richard Stanway via nginx 
This is like reading a book, not understanding some words and then
complaining to the author to fix their spelling. Please don't rely on SAST
analysis without understanding the code. I would expect the vast majority
of these are false positives - provide evidence that these are real bugs if
you want them to be taken seriously.

On Thu, 7 Dec 2023 at 02:35, BILL  wrote:

> Hi,
>
> We have a coverity testing on nginx 1.20.0 and we got some errors.
> Have any plan to resolve these errors?
>
>
> Checker Number
> ARRAY_VS_SINGLETON 3
> BAD_FREE 3
> BUFFER_SIZE 1
> CHECKED_RETURN 10
> COPY_PASTE_ERROR 1
> DC.WEAK_CRYPTO 18
> DEADCODE 8
> FORWARD_NULL 49
> MISSING_RESTORE 1
> NO_EFFECT 8
> NULL_RETURNS 8
> OVERRUN 12
> PW.INCLUDE_RECURSION 8
> RESOURCE_LEAK 5
> REVERSE_INULL 5
> SIGN_EXTENSION 1
> SIZEOF_MISMATCH 8
> STACK_USE 1
> STRING_NULL 1
> TAINTED_SCALAR 1
> TOCTOU 12
> UNINIT 10
> UNREACHABLE 63
> UNUSED_VALUE 4
> USE_AFTER_FREE 1
> Total 242
> ___
> nginx mailing list
> nginx@nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
>
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx 1.20.0 coverity errors

2023-12-07 Thread Maxim Konovalov 
FWIW, you can find daily nginx Coverity scan results (and even be 
subscribed to updates) here


https://scan.coverity.com/projects/nginx

Thanks to Synopsys and Coverity team for the great service.

Maxim

On 07.12.2023 06:57, Richard Stanway via nginx wrote:
This is like reading a book, not understanding some words and then 
complaining to the author to fix their spelling. Please don't rely on 
SAST analysis without understanding the code. I would expect the vast 
majority of these are false positives - provide evidence that these are 
real bugs if you want them to be taken seriously.


On Thu, 7 Dec 2023 at 02:35, BILL > wrote:


Hi,

We have a coverity testing on nginx 1.20.0 and we got some errors.
Have any plan to resolve these errors?


Checker Number
ARRAY_VS_SINGLETON  3
BAD_FREE3
BUFFER_SIZE 1
CHECKED_RETURN  10
COPY_PASTE_ERROR1
DC.WEAK_CRYPTO  18
DEADCODE8
FORWARD_NULL49
MISSING_RESTORE 1
NO_EFFECT   8
NULL_RETURNS8
OVERRUN 12
PW.INCLUDE_RECURSION8
RESOURCE_LEAK   5
REVERSE_INULL   5
SIGN_EXTENSION  1
SIZEOF_MISMATCH 8
STACK_USE   1
STRING_NULL 1
TAINTED_SCALAR  1
TOCTOU  12
UNINIT  10
UNREACHABLE 63
UNUSED_VALUE4
USE_AFTER_FREE  1
Total   242

___
nginx mailing list
nginx@nginx.org 
https://mailman.nginx.org/mailman/listinfo/nginx



___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx


--
Maxim Konovalov
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx

NIC deletes all listeners when rejecting new listener on reserved port

2023-12-07 Thread Brad Bishop via nginx 
Hi Folks,

We're using NGINX Ingress Controller 3.0.2 (NGINX 1.23.3) in AKS on a couple 
AKSUbuntu-2204gen2containerd-202309.06.0 nodes. We do regular helm release 
installs of a single-tenanted TCP & HTTP service for law firms. Today we had a 
P1 issue when we added a listener for a new law firm to GlobalConfiguration and 
set the port number to 9113. NGINX rejected the change because 9113 is reserved 
for prometheus - fair enough. But it also immediately deleted all other 
existing listeners, which broke 100 TransportServers and blocked access to 100 
law firms. We reproduced this on a second AKS cluster. Is this the intended 
behaviour? 

I expected in this case that NGINX would reject the bad config and revert to 
last-good config, and the docs suggest this is what should happen:
https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/globalconfiguration-resource/#:~:text=the%20Ingress%20Controller%20will%20ignore%20the%20new%20version

Thanks,
Brad Bishop
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx