Overview
This is a basic NGINX jail.
NGINX is started (as usually) as a daemon when the jail is started which means that this jail is not for use with nomad (pkg install nomad
) but for “normal” use with pot start
.
Getting Started
- Image Readme
- How To Use The Ready-Made Image
- Alternatively: Create a Jail With This Flavour Yourself
- Version History
- Manual Image Download Links
- Jenkins Pot Creation Logs
How To Use The Ready-Made Image
FreeBSD 13.2:
pot import -p nginx-amd64-13_2 -t 1.0.10 -U https://potluck.honeyguide.net/nginx
With Signify Verification:
fetch https://potluck.honeyguide.net/potluck.pub; pot import -p nginx-amd64-13_2 -t 1.0.10 -C potluck.pub -U https://potluck.honeyguide.net/nginx
If you don’t want to use the default pot
bridged network configuration but instead need an individual network setup (e.g. assign a host IP address), after importing it you can simply clone the jail like that (em0 is the host network adapter in this example):
pot clone -P nginx-amd64-13_2 -p my-cloned-jail -N alias -i "em0|10.10.10.10"
Note: Some images might require specific network configuration, double check the Overview-chapter at the top.
Alternatively: Create a Jail With This Flavour Yourself
1. Create Flavour Files
Save all files and directories from https://github.com/hny-gd/potluck/tree/master/nginx to /usr/local/etc/pot/flavours/
2. Create Jail From Flavour
Run
pot create -b <FreeBSD Version> -p <jailname> -t single -N public-bridge -f fbsd-update
with your FreeBSD version (e.g. 13.2) and the name your jail should get.
Note: Some images might require specific network configuration, double check the Overview-chapter at the top.
Version History
1.0.10
- Remove pot flags
1.0.9
- Version bump for rebuild
- This image still to be updated to new formats
1.0.8
- Version bump for rebuild
- This image still to be updated to new formats
1.0.7
- Version bump for rebuild
- This image still to be updated to new formats
1.0.6
- Version bump for rebuild to fix missing images on potluck site
1.0.5
- Version bump for p3 rebuild
1.0.4
- Version bump for FreeBSD-13.1 image
1.0.3
- Rebuild for FreeBSD 12_3 and 13 & pot 13
1.0.2
- Rebuild for FreeBSD 13 & new packages
1.0.1
- Trigger build of FreeBSD 12.2 image & rebuild FreeBSD 11.4 image to update packages
1.0
- Initial NGINX version
These images were built on Thu Jan 25 17:10:40 UTC 2024
Manual Image Download Links
nginx-amd64-13_2_1.0.10.xz (
)
nginx-amd64-13_2_1.0.10.xz.skein (
)
nginx-amd64-13_2_1.0.10.xz.skein.sig (
)
nginx-amd64-13_2_1.0.10.xz.meta (
)
Jenkins Pot Creation Logs
nginx-amd64-13_2_1.0.10:
nginx/nginx:
nginx/nginx.sh:
#!/bin/sh
ASSUME_ALWAYS_YES=yes pkg bootstrap
touch /etc/rc.conf
service sendmail onedisable
sysrc nginx_enable="YES"
pkg install -y nginx
echo "error_log /dev/stderr;" >> /usr/local/etc/nginx/nginx.conf
sed -i '' 's%#access_log logs/access.log .*$%access_log /dev/stdout combined;%' /usr/local/etc/nginx/nginx.conf
pkg clean -y
nginx/nginx+1:
nginx/nginx+1.sh:
nginx/nginx+2:
nginx/nginx+2.sh:
nginx/nginx+3:
nginx/nginx+3.sh:
nginx/nginx+4:
nginx/nginx+4.sh:
===> Creating a new pot
===> pot name : nginx-amd64-13_2
===> type : single
===> base : 13.2
===> pot_base :
===> level : 0
===> network-type : public-bridge
===> network-stack: ipv4
===> ip : 10.192.0.3
===> bridge :
===> dns : inherit
===> flavours : fbsd-update nginx
===> Fetching FreeBSD 13.2
===> Extract the tarball
=====> Flavour: fbsd-update
=====> Starting nginx-amd64-13_2 pot for the initial bootstrap
=====> mount /mnt/srv/pot/jails/nginx-amd64-13_2/m/tmp
defaultrouter: NO -> 10.192.0.1
===> Starting the pot nginx-amd64-13_2
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:01:22:83:10:0b
inet 10.192.0.3 netmask 0xffc00000 broadcast 10.255.255.255
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Creating and/or trimming log files.
Updating motd:.
Updating /var/run/os-release done.
Clearing /tmp (X related).
Starting syslogd.
Starting cron.
Starting sendmail_submit.
Starting sendmail_msp_queue.
Thu Jan 25 17:05:16 UTC 2024
/usr/local/etc/pot/flavours/fbsd-update.sh -> /mnt/srv/pot/jails/nginx-amd64-13_2/m/tmp/fbsd-update.sh
=====> Executing fbsd-update script on nginx-amd64-13_2
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching public key from update1.freebsd.org... done.
Fetching metadata signature for 13.2-RELEASE from update1.freebsd.org... done.
Fetching metadata index... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 51 patches.....10....20....30....40....50 done.
Applying patches... done.
Fetching 20 files... ....10....20 done.
The following files will be added as part of updating to
13.2-RELEASE-p9:
/etc/ssl/certs/0179095f.0
/etc/ssl/certs/08063a00.0
/etc/ssl/certs/0b9bc432.0
/etc/ssl/certs/3e359ba6.0
/etc/ssl/certs/5860aaa6.0
/etc/ssl/certs/5931b5bc.0
/etc/ssl/certs/5a7722fb.0
/etc/ssl/certs/66445960.0
/etc/ssl/certs/7a3adc42.0
/etc/ssl/certs/7a780d93.0
/etc/ssl/certs/8508e720.0
/etc/ssl/certs/8f103249.0
/etc/ssl/certs/90c5a3c8.0
/etc/ssl/certs/9846683b.0
/etc/ssl/certs/9ef4a08a.0
/etc/ssl/certs/9f727ac7.0
/etc/ssl/certs/d52c538d.0
/etc/ssl/certs/ecccd8db.0
/etc/ssl/certs/ed858448.0
/etc/ssl/certs/fd64f3fc.0
/usr/share/certs/trusted/BJCA_Global_Root_CA1.pem
/usr/share/certs/trusted/BJCA_Global_Root_CA2.pem
/usr/share/certs/trusted/Certainly_Root_E1.pem
/usr/share/certs/trusted/Certainly_Root_R1.pem
/usr/share/certs/trusted/D-TRUST_BR_Root_CA_1_2020.pem
/usr/share/certs/trusted/D-TRUST_EV_Root_CA_1_2020.pem
/usr/share/certs/trusted/DigiCert_TLS_ECC_P384_Root_G5.pem
/usr/share/certs/trusted/DigiCert_TLS_RSA4096_Root_G5.pem
/usr/share/certs/trusted/E-Tugra_Global_Root_CA_ECC_v3.pem
/usr/share/certs/trusted/E-Tugra_Global_Root_CA_RSA_v3.pem
/usr/share/certs/trusted/HARICA_TLS_ECC_Root_CA_2021.pem
/usr/share/certs/trusted/HARICA_TLS_RSA_Root_CA_2021.pem
/usr/share/certs/trusted/HiPKI_Root_CA_-_G1.pem
/usr/share/certs/trusted/ISRG_Root_X2.pem
/usr/share/certs/trusted/Security_Communication_ECC_RootCA1.pem
/usr/share/certs/trusted/Security_Communication_RootCA3.pem
/usr/share/certs/trusted/Telia_Root_CA_v2.pem
/usr/share/certs/trusted/TunTrust_Root_CA.pem
/usr/share/certs/trusted/vTrus_ECC_Root_CA.pem
/usr/share/certs/trusted/vTrus_Root_CA.pem
The following files will be updated as part of updating to
13.2-RELEASE-p9:
/bin/freebsd-version
/boot/loader
/boot/loader.efi
/boot/loader_4th
/boot/loader_4th.efi
/boot/loader_lua
/boot/loader_lua.efi
/boot/loader_simp
/boot/loader_simp.efi
/boot/pxeboot
/boot/zfsloader
/etc/ssh/sshd_config
/lib/casper/libcap_net.so.1
/lib/libc.so.7
/lib/libzpool.so.2
/rescue/[
/rescue/bectl
/rescue/bsdlabel
/rescue/bunzip2
/rescue/bzcat
/rescue/bzip2
/rescue/camcontrol
/rescue/cat
/rescue/ccdconfig
/rescue/chflags
/rescue/chgrp
/rescue/chio
/rescue/chmod
/rescue/chown
/rescue/chroot
/rescue/clri
/rescue/cp
/rescue/csh
/rescue/date
/rescue/dd
/rescue/devfs
/rescue/df
/rescue/dhclient
/rescue/disklabel
/rescue/dmesg
/rescue/dump
/rescue/dumpfs
/rescue/dumpon
/rescue/echo
/rescue/ed
/rescue/ex
/rescue/expr
/rescue/fastboot
/rescue/fasthalt
/rescue/fdisk
/rescue/fsck
/rescue/fsck_4.2bsd
/rescue/fsck_ffs
/rescue/fsck_msdosfs
/rescue/fsck_ufs
/rescue/fsdb
/rescue/fsirand
/rescue/gbde
/rescue/geom
/rescue/getfacl
/rescue/glabel
/rescue/gpart
/rescue/groups
/rescue/gunzip
/rescue/gzcat
/rescue/gzip
/rescue/halt
/rescue/head
/rescue/hostname
/rescue/id
/rescue/ifconfig
/rescue/init
/rescue/ipf
/rescue/iscsictl
/rescue/iscsid
/rescue/kenv
/rescue/kill
/rescue/kldconfig
/rescue/kldload
/rescue/kldstat
/rescue/kldunload
/rescue/ldconfig
/rescue/less
/rescue/link
/rescue/ln
/rescue/ls
/rescue/lzcat
/rescue/lzma
/rescue/md5
/rescue/mdconfig
/rescue/mdmfs
/rescue/mkdir
/rescue/mknod
/rescue/more
/rescue/mount
/rescue/mount_cd9660
/rescue/mount_msdosfs
/rescue/mount_nfs
/rescue/mount_nullfs
/rescue/mount_udf
/rescue/mount_unionfs
/rescue/mt
/rescue/mv
/rescue/nc
/rescue/newfs
/rescue/newfs_msdos
/rescue/nos-tun
/rescue/pgrep
/rescue/ping
/rescue/ping6
/rescue/pkill
/rescue/poweroff
/rescue/ps
/rescue/pwd
/rescue/rcorder
/rescue/rdump
/rescue/realpath
/rescue/reboot
/rescue/red
/rescue/rescue
/rescue/restore
/rescue/rm
/rescue/rmdir
/rescue/route
/rescue/routed
/rescue/rrestore
/rescue/rtquery
/rescue/rtsol
/rescue/savecore
/rescue/sed
/rescue/setfacl
/rescue/sh
/rescue/shutdown
/rescue/sleep
/rescue/spppcontrol
/rescue/stty
/rescue/swapon
/rescue/sync
/rescue/sysctl
/rescue/tail
/rescue/tar
/rescue/tcsh
/rescue/tee
/rescue/test
/rescue/tunefs
/rescue/umount
/rescue/unlink
/rescue/unlzma
/rescue/unxz
/rescue/unzstd
/rescue/vi
/rescue/whoami
/rescue/xz
/rescue/xzcat
/rescue/zcat
/rescue/zdb
/rescue/zfs
/rescue/zpool
/rescue/zstd
/rescue/zstdcat
/rescue/zstdmt
/sbin/devd
/sbin/init
/usr/bin/slogin
/usr/bin/ssh
/usr/bin/ssh-agent
/usr/bin/ssh-keyscan
/usr/include/fs/nfs/nfs_var.h
/usr/lib/clang/14.0.5/lib/freebsd/libclang_rt.asan-x86_64.a
/usr/lib/clang/14.0.5/lib/freebsd/libclang_rt.asan-x86_64.so
/usr/lib/clang/14.0.5/lib/freebsd/libclang_rt.cfi-x86_64.a
/usr/lib/clang/14.0.5/lib/freebsd/libclang_rt.cfi_diag-x86_64.a
/usr/lib/clang/14.0.5/lib/freebsd/libclang_rt.dd-x86_64.a
/usr/lib/clang/14.0.5/lib/freebsd/libclang_rt.msan-x86_64.a
/usr/lib/clang/14.0.5/lib/freebsd/libclang_rt.stats-x86_64.a
/usr/lib/clang/14.0.5/lib/freebsd/libclang_rt.tsan-x86_64.a
/usr/lib/clang/14.0.5/lib/freebsd/libclang_rt.ubsan_standalone-x86_64.a
/usr/lib/clang/14.0.5/lib/freebsd/libclang_rt.xray-x86_64.a
/usr/lib/libc.a
/usr/lib/libc_p.a
/usr/lib/libc_pic.a
/usr/lib/libpam.a
/usr/lib/libprivatessh.a
/usr/lib/libprivatessh.so.5
/usr/lib/libprivatessh_p.a
/usr/lib/libregex.a
/usr/lib/libregex.so.1
/usr/lib/libregex_p.a
/usr/lib/libzpool.a
/usr/lib/pam_krb5.so.6
/usr/libexec/ssh-keysign
/usr/libexec/ssh-pkcs11-helper
/usr/sbin/bhyve
/usr/sbin/freebsd-update
/usr/sbin/nologin
/usr/sbin/sshd
/usr/share/man/man1/ssh-agent.1.gz
/usr/share/man/man5/sshd_config.5.gz
/usr/share/man/man8/pam_krb5.8.gz
/var/db/etcupdate/current/etc/ssh/sshd_config
/var/db/mergemaster.mtree
Installing updates...
Restarting sshd after upgrade
Cannot 'restart' sshd. Set sshd_enable to YES in /etc/rc.conf or use 'onerestart' instead of 'restart'.
Scanning //usr/share/certs/blacklisted for certificates...
Scanning //usr/share/certs/trusted for certificates...
done.
=====> Stop the pot nginx-amd64-13_2
=====> Remove p465b294c814b42 epair network interfaces
=====> unmount /mnt/srv/pot/jails/nginx-amd64-13_2/m/tmp
=====> unmount /mnt/srv/pot/jails/nginx-amd64-13_2/m/dev
=====> Flavour: nginx
=====> Executing nginx pot commands on nginx-amd64-13_2
=====> Starting nginx-amd64-13_2 pot for the initial bootstrap
=====> mount /mnt/srv/pot/jails/nginx-amd64-13_2/m/tmp
defaultrouter: 10.192.0.1 -> 10.192.0.1
===> Starting the pot nginx-amd64-13_2
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:c7:ee:9c:da:0b
inet 10.192.0.3 netmask 0xffc00000 broadcast 10.255.255.255
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Creating and/or trimming log files.
Updating motd:.
Updating /var/run/os-release done.
Clearing /tmp (X related).
Starting syslogd.
Starting cron.
Starting sendmail_submit.
Starting sendmail_msp_queue.
Thu Jan 25 17:06:24 UTC 2024
/usr/local/etc/pot/flavours/nginx.sh -> /mnt/srv/pot/jails/nginx-amd64-13_2/m/tmp/nginx.sh
=====> Executing nginx script on nginx-amd64-13_2
[nginx-amd64-13_2.vsf00001.cpt.za.honeyguide.net] Installing pkg-1.20.9...
[nginx-amd64-13_2.vsf00001.cpt.za.honeyguide.net] Extracting pkg-1.20.9: .......... done
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:13:amd64/quarterly, please wait...
Verifying signature with trusted certificate pkg.freebsd.org.2013102301... done
sendmail disabled in /etc/rc.conf
sendmail_submit disabled in /etc/rc.conf
sendmail_msp_queue disabled in /etc/rc.conf
nginx_enable: -> YES
Updating FreeBSD repository catalogue...
[nginx-amd64-13_2.vsf00001.cpt.za.honeyguide.net] Fetching meta.conf: . done
[nginx-amd64-13_2.vsf00001.cpt.za.honeyguide.net] Fetching packagesite.pkg: .......... done
Processing entries: .......... done
FreeBSD repository update completed. 33765 packages processed.
All repositories are up to date.
Updating database digests format: . done
The following 2 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
nginx: 1.24.0_14,3
pcre2: 10.42
Number of packages to be installed: 2
The process will require 8 MiB more space.
2 MiB to be downloaded.
[nginx-amd64-13_2.vsf00001.cpt.za.honeyguide.net] [1/2] Fetching nginx-1.24.0_14,3.pkg: .......... done
[nginx-amd64-13_2.vsf00001.cpt.za.honeyguide.net] [2/2] Fetching pcre2-10.42.pkg: .......... done
Checking integrity... done (0 conflicting)
[nginx-amd64-13_2.vsf00001.cpt.za.honeyguide.net] [1/2] Installing pcre2-10.42...
[nginx-amd64-13_2.vsf00001.cpt.za.honeyguide.net] [1/2] Extracting pcre2-10.42: .......... done
[nginx-amd64-13_2.vsf00001.cpt.za.honeyguide.net] [2/2] Installing nginx-1.24.0_14,3...
===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.
[nginx-amd64-13_2.vsf00001.cpt.za.honeyguide.net] [2/2] Extracting nginx-1.24.0_14,3: .......... done
=====
Message from nginx-1.24.0_14,3:
--
Recent version of the NGINX introduces dynamic modules support. In
FreeBSD ports tree this feature was enabled by default with the DSO
knob. Several vendor's and third-party modules have been converted
to dynamic modules. Unset the DSO knob builds an NGINX without
dynamic modules support.
To load a module at runtime, include the new `load_module'
directive in the main context, specifying the path to the shared
object file for the module, enclosed in quotation marks. When you
reload the configuration or restart NGINX, the module is loaded in.
It is possible to specify a path relative to the source directory,
or a full path, please see
https://www.nginx.com/blog/dynamic-modules-nginx-1-9-11/ and
http://nginx.org/en/docs/ngx_core_module.html#load_module for
details.
Default path for the NGINX dynamic modules is
/usr/local/libexec/nginx.
Nothing to do.
=====> Stop the pot nginx-amd64-13_2
=====> Remove p465b2950d14b42 epair network interfaces
=====> unmount /mnt/srv/pot/jails/nginx-amd64-13_2/m/tmp
=====> unmount /mnt/srv/pot/jails/nginx-amd64-13_2/m/dev
===> exporting nginx-amd64-13_2 @ 1706202405 to /tmp/nginx-amd64-13_2_1.0.10.xz
xz: Reduced the number of threads from 4 to 3 to not exceed the memory usage limit of 503 MiB