Overview
This is a nginx
jail that can be deployed via nomad
.
You need to pass in the ip:port and bucket name for s3 objectstore, and nginx
will serve the files from that bucket.
For more details about nomad
images, see about potluck.
Since the service is expected to be published via consul
and a web proxy like traefik
, plus frontend haproxy
no HTTPS configuration is specified in nginx
as it is expected that this is happening in the web proxy. HTTPS is merely enabled.
Installation
Prepare Minio
A minio bucket needs to exist with the website content before running this image.
This image will automatically load-balance between multiple minio servers for this specific bucket.
# set minio variables
env MINIO_ACCESS_KEY="ACCESSKEY"
env MINIO_SECRET_KEY="PASSWORD"
# set alias
minio-client alias set minio1 https://x.x.x.x:9000 ACCESSKEY PASSWORD --api S3v4 --insecure --config-dir /root/.minio-client/
# create default bucket
minio-client --insecure mb --config-dir /root/.minio-client/ --with-lock minio1/default
# create website bucket
minio-client --insecure mb --config-dir /root/.minio-client/ minio1/website-bucket
# set anonymous download policy
minio-client --insecure policy set download minio1/website-bucket
# recursively copy website files to bucket
minio-client --insecure cp -r /path/to/website minio1/website-bucket/
Secure front end
This image runs on port 443 with a self-signed certificate, and connects to minio with SSL, even if it also has a self-signed certificate. It is expected that this image will be behind a secure proxy.
To enable https on the frontend, make sure to use a solution like haproxy
with acme.sh
for the public domain name, and proxy through to this image.
Options
You can pass in parameters to the image to set variables.
DOMAIN is the domain name to use for self-signed certificate used by nginx. You can set this option with -d
and the domain name.
SERVERONE is the first minio server. SERVERTWO is the second. SERVERTHREE is the third. You must pass in ip:port
for each value. You can set one or all of these with options -e
, -f
, -g-
and -h
for each server.
BUCKET is the name of the bucket to access, and can be set with -x
and the bucket name.
SELFSIGNED enables obtaining the minio self-signed CA certicate into the local store. Enable with -s
and any value. This image will generate a self-signed certificate for nginx by default.
Nomad Job File Samples
Single Minio server
The following example job uses a single minio servers and a self-signed host.
job "example" {
datacenters = ["datacenter"]
type = "service"
group "group1" {
count = 1
network {
port "http" {
static = 28443
}
}
task "www1" {
driver = "pot"
service {
tags = ["nginx", "www"]
name = "nginx-s3-service"
port = "http"
check {
type = "tcp"
name = "tcp"
interval = "60s"
timeout = "30s"
}
}
config {
image = "https://potluck.honeyguide.net/nginx-s3-ssl-nomad"
pot = "nginx-s3-ssl-nomad-amd64-14_1"
tag = "0.9.1"
command = "/usr/local/bin/cook"
args = ["-d","domainname","-e","10.0.0.2:9000","-x","bucketname","-s","yes"]
port_map = {
http = "443"
}
}
resources {
cpu = 200
memory = 64
}
}
}
}
Two Minio servers
The following example job uses 2 minio servers and a self-signed host.
job "example" {
datacenters = ["datacenter"]
type = "service"
group "group1" {
count = 1
network {
port "http" {
static = 28443
}
}
task "www1" {
driver = "pot"
service {
tags = ["nginx", "www"]
name = "nginx-s3-service"
port = "http"
check {
type = "tcp"
name = "tcp"
interval = "60s"
timeout = "30s"
}
}
config {
image = "https://potluck.honeyguide.net/nginx-s3-ssl-nomad"
pot = "nginx-s3-ssl-nomad-amd64-14_1"
tag = "0.9.1"
command = "/usr/local/bin/cook"
args = ["-d","domainname","-e","10.0.0.2:9000","-f","10.0.0.3:9000","-x","bucketname","-s","yes"]
port_map = {
http = "443"
}
}
resources {
cpu = 200
memory = 64
}
}
}
}
Four Minio Servers
The following example job uses a maximum of 4 minio servers and a self-signed host.
job "example" {
datacenters = ["datacenter"]
type = "service"
group "group1" {
count = 1
network {
port "http" {
static = 28443
}
}
task "www1" {
driver = "pot"
service {
tags = ["nginx", "www"]
name = "nginx-s3-service"
port = "http"
check {
type = "tcp"
name = "tcp"
interval = "60s"
timeout = "30s"
}
}
config {
image = "https://potluck.honeyguide.net/nginx-s3-ssl-nomad"
pot = "nginx-s3-ssl-nomad-amd64-14_1"
tag = "0.9.1"
command = "/usr/local/bin/cook"
args = ["-d","domainname","-e","10.0.0.2:9000","-f","10.0.0.3:9000","-g","10.0.0.4:9000","-h","10.0.0.5:9000","-x","bucketname","-s","yes"]
port_map = {
http = "443"
}
}
resources {
cpu = 200
memory = 64
}
}
}
}
Getting Started
- Image Readme
- How To Use The Ready-Made Image
- Alternatively: Create a Jail With This Flavour Yourself
- Version History
- Manual Image Download Links
- Jenkins Pot Creation Logs
How To Use The Ready-Made Image
FreeBSD 14.1:
pot import -p nginx-s3-ssl-nomad-amd64-14_1 -t 0.9.1 -U https://potluck.honeyguide.net/nginx-s3-ssl-nomad
With Signify Verification:
fetch https://potluck.honeyguide.net/potluck.pub; pot import -p nginx-s3-ssl-nomad-amd64-14_1 -t 0.9.1 -C potluck.pub -U https://potluck.honeyguide.net/nginx-s3-ssl-nomad
If you don’t want to use the default pot
bridged network configuration but instead need an individual network setup (e.g. assign a host IP address), after importing it you can simply clone the jail like that (em0 is the host network adapter in this example):
pot clone -P nginx-s3-ssl-nomad-amd64-14_1 -p my-cloned-jail -N alias -i "em0|10.10.10.10"
Note: Some images might require specific network configuration, double check the Overview-chapter at the top.
Alternatively: Create a Jail With This Flavour Yourself
1. Create Flavour Files
Save all files and directories from https://github.com/hny-gd/potluck/tree/master/nginx-s3-ssl-nomad to /usr/local/etc/pot/flavours/
2. Create Jail From Flavour
Run
pot create -b <FreeBSD Version> -p <jailname> -t single -N public-bridge -f fbsd-update
with your FreeBSD version (e.g. 14.1) and the name your jail should get.
Note: Some images might require specific network configuration, double check the Overview-chapter at the top.
Version History
0.9
- Version bump for new base image 14.1
- Extra steps to trim image size
0.8
- Version bump for new base image
0.7
- Version bump for new base image
0.6
- Version bump for new base image
0.5
- Version bump for new base image
0.4
- Version bump for new base image
0.3
- Version bump for new base image
- Adjust to 1, 2, 4 server setups
- Pass in ip:port for each minio host
0.2
- Version bump for new base image
- FBSD14 base image
0.1
- New version with automatic self-signed certificate
- Simplify by removing passed in IP address
0.0
- Initial commit
These images were built on Wed Oct 9 23:42:58 UTC 2024
Manual Image Download Links
nginx-s3-ssl-nomad-amd64-14_1_0.9.1.xz (
)
nginx-s3-ssl-nomad-amd64-14_1_0.9.1.xz.skein (
)
nginx-s3-ssl-nomad-amd64-14_1_0.9.1.xz.skein.sig (
)
nginx-s3-ssl-nomad-amd64-14_1_0.9.1.xz.meta (
)
Jenkins Pot Creation Logs
nginx-s3-ssl-nomad-amd64-14_1_0.9.1:
nginx-s3-ssl-nomad/nginx-s3-ssl-nomad:
set-attribute -A persistent -V OFF
set-attribute -A no-rc-script -V ON
copy-in -s /usr/local/etc/pot/flavours/nginx-s3-ssl-nomad.d/local -d /root/.pot_local
nginx-s3-ssl-nomad/nginx-s3-ssl-nomad.sh:
#!/bin/sh
# Based on POTLUCK TEMPLATE v3.0
# Altered by Michael Gmelin
#
# EDIT THE FOLLOWING FOR NEW FLAVOUR:
# 1. RUNS_IN_NOMAD - true or false
# 2. If RUNS_IN_NOMAD is false, can delete the <flavour>+4 file, else
# make sure pot create command doesn't include it
# 3. Create a matching <flavour> file with this <flavour>.sh file that
# contains the copy-in commands for the config files from <flavour>.d/
# Remember that the package directories don't exist yet, so likely copy
# to /root
# 4. Adjust package installation between BEGIN & END PACKAGE SETUP
# 5. Adjust jail configuration script generation between BEGIN & END COOK
# Configure the config files that have been copied in where necessary
# Set this to true if this jail flavour is to be created as a nomad
# (i.e. blocking) jail.
# You can then query it in the cook script generation below and the script
# is installed appropriately at the end of this script
RUNS_IN_NOMAD=true
# set the cook log path/filename
COOKLOG=/var/log/cook.log
# check if cooklog exists, create it if not
if [ ! -e $COOKLOG ]
then
echo "Creating $COOKLOG" | tee -a $COOKLOG
else
echo "WARNING $COOKLOG already exists" | tee -a $COOKLOG
fi
date >> $COOKLOG
# -------------------- COMMON ---------------
STEPCOUNT=0
step() {
STEPCOUNT=$(("$STEPCOUNT" + 1))
STEP="$*"
echo "Step $STEPCOUNT: $STEP" | tee -a $COOKLOG
}
exit_ok() {
trap - EXIT
exit 0
}
FAILED=" failed"
exit_error() {
STEP="$*"
FAILED=""
exit 1
}
set -e
trap 'echo ERROR: $STEP$FAILED | (>&2 tee -a $COOKLOG)' EXIT
# -------------- BEGIN PACKAGE SETUP -------------
step "Bootstrap package repo"
mkdir -p /usr/local/etc/pkg/repos
# shellcheck disable=SC2016
echo 'FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest" }' \
>/usr/local/etc/pkg/repos/FreeBSD.conf
# remove above and add back below for quarterlies
# only modify repo if not already done in base image
#test -e /usr/local/etc/pkg/repos/FreeBSD.conf || \
# echo 'FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/quarterly" }' \
# >/usr/local/etc/pkg/repos/FreeBSD.conf
ASSUME_ALWAYS_YES=yes pkg bootstrap
step "Touch /etc/rc.conf"
touch /etc/rc.conf
# this is important, otherwise running /etc/rc from cook will
# overwrite the IP address set in tinirc
step "Remove ifconfig_epair0b from config"
# shellcheck disable=SC2015
sysrc -cq ifconfig_epair0b && sysrc -x ifconfig_epair0b || true
step "Disable sendmail"
service sendmail onedisable || true
step "Create /usr/local/etc/rc.d"
mkdir -p /usr/local/etc/rc.d
step "Clean freebsd-update"
rm -rf /var/db/freebsd-update
mkdir -p /var/db/freebsd-update
step "Install package openssl"
pkg install -y openssl
# necessary if installing curl now
step "Install package ca_root_nss"
pkg install -y ca_root_nss
step "Install package curl"
pkg install -y curl
step "Install package jo"
pkg install -y jo
step "Install package bash"
pkg install -y bash
step "Install package rsync"
pkg install -y rsync
step "Install package nginx"
pkg install -y nginx
step "Install package jq"
pkg install -y jq
step "Install package nano"
pkg install -y nano
step "Install package sudo"
pkg install -y sudo
step "Clean package installation"
pkg clean -ay
step "Enable nginx"
service nginx enable
# -------------- END PACKAGE SETUP -------------
#
# Now generate the run command script "cook"
# It configures the system on the first run by creating the config file(s)
# On subsequent runs, it only starts sleeps (if nomad-jail) or simply exits
#
# this runs when image boots
# ----------------- BEGIN COOK ------------------
step "Clean cook artifacts"
rm -rf /usr/local/bin/cook /usr/local/share/cook
step "Install pot local"
tar -C /root/.pot_local -cf - . | tar -C /usr/local -xf -
rm -rf /root/.pot_local
step "Set file ownership on cook scripts"
chown -R root:wheel /usr/local/bin/cook /usr/local/share/cook
chmod 755 /usr/local/share/cook/bin/*
# ----------------- END COOK ------------------
# ---------- NO NEED TO EDIT BELOW ------------
step "Make cook script executable"
if [ -e /usr/local/bin/cook ]
then
echo "setting executable bit on /usr/local/bin/cook" | tee -a $COOKLOG
chmod u+x /usr/local/bin/cook
else
exit_error "there is no /usr/local/bin/cook to make executable"
fi
#
# There are two ways of running a pot jail: "Normal", non-blocking mode and
# "Nomad", i.e. blocking mode (the pot start command does not return until
# the jail is stopped).
# For the normal mode, we create a /usr/local/etc/rc.d script that starts
# the "cook" script generated above each time, for the "Nomad" mode, the cook
# script is started by pot (configuration through flavour file), therefore
# we do not need to do anything here.
#
# Create rc.d script for "normal" mode:
step "Create rc.d script to start cook"
echo "creating rc.d script to start cook" | tee -a $COOKLOG
# shellcheck disable=SC2016
echo '#!/bin/sh
#
# PROVIDE: cook
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
. /etc/rc.subr
name="cook"
rcvar="cook_enable"
load_rc_config $name
: ${cook_enable:="NO"}
: ${cook_env:=""}
command="/usr/local/bin/cook"
command_args=""
run_rc_command "$1"
' > /usr/local/etc/rc.d/cook
step "Make rc.d script to start cook executable"
if [ -e /usr/local/etc/rc.d/cook ]
then
echo "Setting executable bit on cook rc file" | tee -a $COOKLOG
chmod u+x /usr/local/etc/rc.d/cook
else
exit_error "/usr/local/etc/rc.d/cook does not exist"
fi
if [ "$RUNS_IN_NOMAD" != "true" ]
then
step "Enable cook service"
# This is a non-nomad (non-blocking) jail, so we need to make sure the script
# gets started when the jail is started:
# Otherwise, /usr/local/bin/cook will be set as start script by the pot
# flavour
echo "enabling cook" | tee -a $COOKLOG
service cook enable
fi
# -------------------- DONE ---------------
exit_ok
nginx-s3-ssl-nomad/nginx-s3-ssl-nomad+1:
nginx-s3-ssl-nomad/nginx-s3-ssl-nomad+1.sh:
nginx-s3-ssl-nomad/nginx-s3-ssl-nomad+2:
nginx-s3-ssl-nomad/nginx-s3-ssl-nomad+2.sh:
nginx-s3-ssl-nomad/nginx-s3-ssl-nomad+3:
nginx-s3-ssl-nomad/nginx-s3-ssl-nomad+3.sh:
nginx-s3-ssl-nomad/nginx-s3-ssl-nomad+4:
set-cmd -c "/usr/local/bin/cook"
nginx-s3-ssl-nomad/nginx-s3-ssl-nomad+4.sh:
=====> Create conf dir (/mnt/srv/pot/jails/nginx-s3-ssl-nomad-amd64-14_1/conf)
=====> Cloning freebsd-potluck-amd64-14_1_0_0_30 with snap
=====> clone zroot/srv/pot/jails/freebsd-potluck-amd64-14_1_0_0_30/m@1728499034 into zroot/srv/pot/jails/nginx-s3-ssl-nomad-amd64-14_1/m
=====> Flavour: fbsd-update
=====> Starting nginx-s3-ssl-nomad-amd64-14_1 pot for the initial bootstrap
=====> mount /mnt/srv/pot/jails/nginx-s3-ssl-nomad-amd64-14_1/m/tmp
defaultrouter: 10.192.0.1 -> 10.192.0.1
===> Starting the pot nginx-s3-ssl-nomad-amd64-14_1
=====> Pot nginx-s3-ssl-nomad-amd64-14_1 jail params are: allow.set_hostname=false allow.raw_sockets allow.socket_af allow.chflags exec.clean mount.devfs enforce_statfs=2 sysvshm=new sysvsem=new sysvmsg=new children.max=0 devfs_ruleset=4 stop.timeout=10 name=nginx-s3-ssl-nomad-amd64-14_1 host.hostname=nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net osrelease=14.1-RELEASE-p5 path=/mnt/srv/pot/jails/nginx-s3-ssl-nomad-amd64-14_1/m persist vnet vnet.interface=epair0b
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg /usr/local/lib/compat/pkg
Starting Network: lo0 epair0b.
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:6c:af:82:80:0b
inet 10.192.0.3 netmask 0xffc00000 broadcast 10.255.255.255
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Clearing /tmp (X related).
Updating /var/run/os-release done.
Creating and/or trimming log files.
Updating motd:.
Starting syslogd.
Starting sendmail_submit.
Starting cron.
Wed Oct 9 23:40:57 UTC 2024
/usr/local/etc/pot/flavours/fbsd-update.sh -> /mnt/srv/pot/jails/nginx-s3-ssl-nomad-amd64-14_1/m/tmp/fbsd-update.sh
=====> Executing fbsd-update script on nginx-s3-ssl-nomad-amd64-14_1
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching public key from update1.freebsd.org... done.
Fetching metadata signature for 14.1-RELEASE from update1.freebsd.org... done.
Fetching metadata index... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
No updates needed to update system to 14.1-RELEASE-p5.
No updates are available to install.
=====> Stop the pot nginx-s3-ssl-nomad-amd64-14_1
=====> Remove p467071488dc26 epair network interfaces
=====> unmount /mnt/srv/pot/jails/nginx-s3-ssl-nomad-amd64-14_1/m/tmp
=====> unmount /mnt/srv/pot/jails/nginx-s3-ssl-nomad-amd64-14_1/m/dev
=====> Flavour: nginx-s3-ssl-nomad
=====> Executing nginx-s3-ssl-nomad pot commands on nginx-s3-ssl-nomad-amd64-14_1
=====> mount /mnt/srv/pot/jails/nginx-s3-ssl-nomad-amd64-14_1/m/tmp
=====> Source /usr/local/etc/pot/flavours/nginx-s3-ssl-nomad.d/local copied in the pot nginx-s3-ssl-nomad-amd64-14_1
=====> unmount /mnt/srv/pot/jails/nginx-s3-ssl-nomad-amd64-14_1/m/tmp
=====> /mnt/srv/pot/jails/nginx-s3-ssl-nomad-amd64-14_1/m/dev is already unmounted
=====> Starting nginx-s3-ssl-nomad-amd64-14_1 pot for the initial bootstrap
=====> Setting pot nginx-s3-ssl-nomad-amd64-14_1 temporarily to persistent
=====> mount /mnt/srv/pot/jails/nginx-s3-ssl-nomad-amd64-14_1/m/tmp
===> Starting the pot nginx-s3-ssl-nomad-amd64-14_1
=====> Pot nginx-s3-ssl-nomad-amd64-14_1 jail params are: allow.set_hostname=false allow.raw_sockets allow.socket_af allow.chflags exec.clean mount.devfs enforce_statfs=2 sysvshm=new sysvsem=new sysvmsg=new children.max=0 devfs_ruleset=4 stop.timeout=10 name=nginx-s3-ssl-nomad-amd64-14_1 host.hostname=nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net osrelease=14.1-RELEASE-p5 path=/mnt/srv/pot/jails/nginx-s3-ssl-nomad-amd64-14_1/m persist vnet vnet.interface=epair0b
add net default: gateway 10.192.0.1
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg /usr/local/lib/compat/pkg
Starting Network: lo0 epair0b.
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:2b:21:90:1b:0b
inet 10.192.0.3 netmask 0xffc00000 broadcast 10.255.255.255
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Clearing /tmp (X related).
Updating /var/run/os-release done.
Creating and/or trimming log files.
Updating motd:.
Starting syslogd.
Starting sendmail_submit.
Starting cron.
Wed Oct 9 23:41:31 UTC 2024
/usr/local/etc/pot/flavours/nginx-s3-ssl-nomad.sh -> /mnt/srv/pot/jails/nginx-s3-ssl-nomad-amd64-14_1/m/tmp/nginx-s3-ssl-nomad.sh
=====> Executing nginx-s3-ssl-nomad script on nginx-s3-ssl-nomad-amd64-14_1
WARNING /var/log/cook.log already exists
Step 1: Bootstrap package repo
pkg already bootstrapped at /usr/local/sbin/pkg
Step 2: Touch /etc/rc.conf
Step 3: Remove ifconfig_epair0b from config
Step 4: Disable sendmail
sendmail disabled in /etc/rc.conf
sendmail_submit disabled in /etc/rc.conf
sendmail_msp_queue disabled in /etc/rc.conf
Step 5: Create /usr/local/etc/rc.d
Step 6: Clean freebsd-update
Step 7: Install package openssl
Updating FreeBSD repository catalogue...
pkg: Repository FreeBSD has a wrong packagesite, need to re-create database
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] Fetching meta.conf: . done
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] Fetching data.pkg: .......... done
Processing entries: .......... done
FreeBSD repository update completed. 35491 packages processed.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 8: Install package ca_root_nss
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
ca_root_nss: 3.93_2 -> 3.104
Number of packages to be upgraded: 1
298 KiB to be downloaded.
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [1/1] Fetching ca_root_nss-3.104.pkg: .......... done
Checking integrity... done (0 conflicting)
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [1/1] Upgrading ca_root_nss from 3.93_2 to 3.104...
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [1/1] Extracting ca_root_nss-3.104: ....... done
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
Step 9: Install package curl
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
curl: 8.10.0 -> 8.10.1
Number of packages to be upgraded: 1
2 MiB to be downloaded.
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [1/1] Fetching curl-8.10.1.pkg: .......... done
Checking integrity... done (0 conflicting)
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [1/1] Upgrading curl from 8.10.0 to 8.10.1...
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [1/1] Extracting curl-8.10.1: .......... done
Step 10: Install package jo
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 11: Install package bash
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
bash: 5.2.26_1 -> 5.2.37
Number of packages to be upgraded: 1
2 MiB to be downloaded.
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [1/1] Fetching bash-5.2.37.pkg: .......... done
Checking integrity... done (0 conflicting)
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [1/1] Upgrading bash from 5.2.26_1 to 5.2.37...
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [1/1] Extracting bash-5.2.37: .......... done
Step 12: Install package rsync
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 13: Install package nginx
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
nginx: 1.26.2_5,3
pcre2: 10.43
Number of packages to be installed: 2
The process will require 9 MiB more space.
2 MiB to be downloaded.
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [1/2] Fetching nginx-1.26.2_5,3.pkg: ....... done
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [2/2] Fetching pcre2-10.43.pkg: .......... done
Checking integrity... done (0 conflicting)
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [1/2] Installing pcre2-10.43...
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [1/2] Extracting pcre2-10.43: .......... done
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [2/2] Installing nginx-1.26.2_5,3...
===> Creating groups
Using existing group 'www'
===> Creating users
Using existing user 'www'
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [2/2] Extracting nginx-1.26.2_5,3: .......... done
=====
Message from nginx-1.26.2_5,3:
--
Recent version of the NGINX introduces dynamic modules support. In
FreeBSD ports tree this feature was enabled by default with the DSO
knob. Several vendor's and third-party modules have been converted
to dynamic modules. Unset the DSO knob builds an NGINX without
dynamic modules support.
To load a module at runtime, include the new `load_module'
directive in the main context, specifying the path to the shared
object file for the module, enclosed in quotation marks. When you
reload the configuration or restart NGINX, the module is loaded in.
It is possible to specify a path relative to the source directory,
or a full path, please see
https://www.nginx.com/blog/dynamic-modules-nginx-1-9-11/ and
http://nginx.org/en/docs/ngx_core_module.html#load_module for
details.
Default path for the NGINX dynamic modules is
/usr/local/libexec/nginx.
Step 14: Install package jq
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 15: Install package nano
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
nano: 8.0 -> 8.2
Number of packages to be upgraded: 1
671 KiB to be downloaded.
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [1/1] Fetching nano-8.2.pkg: .......... done
Checking integrity... done (0 conflicting)
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [1/1] Upgrading nano from 8.0 to 8.2...
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [1/1] Extracting nano-8.2: .......... done
Step 16: Install package sudo
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
sudo: 1.9.15p5_4 -> 1.9.16
Number of packages to be upgraded: 1
2 MiB to be downloaded.
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [1/1] Fetching sudo-1.9.16.pkg: .......... done
Checking integrity... done (0 conflicting)
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [1/1] Upgrading sudo from 1.9.15p5_4 to 1.9.16...
[nginx-s3-ssl-nomad-amd64-14_1.vsf00002.cpt.za.honeyguide.net] [1/1] Extracting sudo-1.9.16: .......... done
Step 17: Clean package installation
The following package files will be deleted:
/var/cache/pkg/bash-5.2.37.pkg
/var/cache/pkg/ca_root_nss-3.104.pkg
/var/cache/pkg/sudo-1.9.16~e8b34222f1.pkg
/var/cache/pkg/nano-8.2.pkg
/var/cache/pkg/ca_root_nss-3.104~016b1ccb7d.pkg
/var/cache/pkg/pcre2-10.43~c3b57b36d8.pkg
/var/cache/pkg/nginx-1.26.2_5,3~ad03c681c1.pkg
/var/cache/pkg/curl-8.10.1.pkg
/var/cache/pkg/nano-8.2~c87822d0b2.pkg
/var/cache/pkg/pcre2-10.43.pkg
/var/cache/pkg/sudo-1.9.16.pkg
/var/cache/pkg/curl-8.10.1~5d64937ede.pkg
/var/cache/pkg/nginx-1.26.2_5,3.pkg
/var/cache/pkg/bash-5.2.37~5fd9fe57b6.pkg
The cleanup will free 8 MiB
Deleting files: .......... done
Step 18: Enable nginx
nginx enabled in /etc/rc.conf
Step 19: Clean cook artifacts
Step 20: Install pot local
Step 21: Set file ownership on cook scripts
Step 22: Make cook script executable
setting executable bit on /usr/local/bin/cook
Step 23: Create rc.d script to start cook
creating rc.d script to start cook
Step 24: Make rc.d script to start cook executable
Setting executable bit on cook rc file
=====> Stop the pot nginx-s3-ssl-nomad-amd64-14_1
=====> Remove p4670714abdc26 epair network interfaces
=====> unmount /mnt/srv/pot/jails/nginx-s3-ssl-nomad-amd64-14_1/m/tmp
=====> unmount /mnt/srv/pot/jails/nginx-s3-ssl-nomad-amd64-14_1/m/dev
=====> Reverting pot nginx-s3-ssl-nomad-amd64-14_1 to non-persistent
=====> Flavour: nginx-s3-ssl-nomad+1
=====> Executing nginx-s3-ssl-nomad+1 pot commands on nginx-s3-ssl-nomad-amd64-14_1
=====> No shell script available for the flavour nginx-s3-ssl-nomad+1
=====> Flavour: nginx-s3-ssl-nomad+2
=====> Executing nginx-s3-ssl-nomad+2 pot commands on nginx-s3-ssl-nomad-amd64-14_1
=====> No shell script available for the flavour nginx-s3-ssl-nomad+2
=====> Flavour: nginx-s3-ssl-nomad+3
=====> Executing nginx-s3-ssl-nomad+3 pot commands on nginx-s3-ssl-nomad-amd64-14_1
=====> No shell script available for the flavour nginx-s3-ssl-nomad+3
=====> Flavour: nginx-s3-ssl-nomad+4
=====> Executing nginx-s3-ssl-nomad+4 pot commands on nginx-s3-ssl-nomad-amd64-14_1
=====> No shell script available for the flavour nginx-s3-ssl-nomad+4
===> exporting nginx-s3-ssl-nomad-amd64-14_1 @ 1728517355 to /tmp/nginx-s3-ssl-nomad-amd64-14_1_0.9.1.xz