Nginx

Overview

This is a basic NGINX jail.

NGINX is started (as usually) as a daemon when the jail is started which means that this jail is not for use with nomad (pkg install nomad) but for “normal” use with pot start.

How To Use The Ready-Made Image

FreeBSD 12.1:
pot import -p nginx-amd64-12_1 -t 1.0 -U https://potluck.honeyguide.net/nginx

FreeBSD 11.4:
pot import -p nginx-amd64-11_4 -t 1.0 -U https://potluck.honeyguide.net/nginx

Note: Some images might require specific network configuration, double check the Overview-chapter at the top.

Alternatively: Create a Jail With This Flavour Yourself

1. Create Flavour Files

Create the following
/usr/local/etc/pot/flavours/nginx.sh
and
chmod ugo+x /usr/local/etc/pot/flavours/nginx.sh

#!/bin/sh

[ -w /etc/pkg/FreeBSD.conf ] && sed -i '' 's/quarterly/latest/' /etc/pkg/FreeBSD.conf
ASSUME_ALWAYS_YES=yes pkg bootstrap
touch /etc/rc.conf
sysrc sendmail_enable="NO"
sysrc nginx_enable="YES"
pkg install -y nginx
echo "error_log /dev/stderr;" >> /usr/local/etc/nginx/nginx.conf
sed -i '' 's%#access_log  logs/access.log .*$%access_log /dev/stdout combined;%' /usr/local/etc/nginx/nginx.conf
pkg clean -y

Create the following /usr/local/etc/pot/flavours/nginx:

set-attribute -A persistent -V OFF
set-attribute -A no-rc-script -V ON

2. Create Jail From Flavour

Run
pot create -b <FreeBSD Version> -p <jailname> -t single -N public-bridge -f fbsd-update -f nginx

with your FreeBSD version (e.g. 12.1) and the name your jail should get.

Note: Some images might require specific network configuration, double check the Overview-chapter at the top.

Version History

1.0

  • Initial NGINX version

These images were built on Tue Jul 21 15:14:05 UTC 2020

Manual Image Download Links

nginx-amd64-12_1_1.0.xz ( 188.03 MB )
nginx-amd64-12_1_1.0.xz.skein ( 0.250977 KB )

nginx-amd64-11_4_1.0.xz ( 152.684 MB )
nginx-amd64-11_4_1.0.xz.skein ( 0.250977 KB )

Jenkins Pot Creation Logs

nginx-amd64-12_1_1.0:


nginx/nginx:
set-attribute -A persistent -V OFF
set-attribute -A no-rc-script -V ON
nginx/nginx.sh:
#!/bin/sh

[ -w /etc/pkg/FreeBSD.conf ] && sed -i '' 's/quarterly/latest/' /etc/pkg/FreeBSD.conf
ASSUME_ALWAYS_YES=yes pkg bootstrap
touch /etc/rc.conf
sysrc sendmail_enable="NO"
sysrc nginx_enable="YES"
pkg install -y nginx
echo "error_log /dev/stderr;" >> /usr/local/etc/nginx/nginx.conf
sed -i '' 's%#access_log  logs/access.log .*$%access_log /dev/stdout combined;%' /usr/local/etc/nginx/nginx.conf
pkg clean -y

nginx/nginx+1:
nginx/nginx+1.sh:

nginx/nginx+2:
nginx/nginx+2.sh:

nginx/nginx+3:
nginx/nginx+3.sh:

nginx/nginx+4:
nginx/nginx+4.sh:
Password:=====>  -i auto: assigned 10.192.0.3
===>  Creating a new pot
===>  pot name : nginx-amd64-12_1
===>  type : single
===>  base : 12.1
===>  pot_base :
===>  level : 0
===>  network-type: public-bridge
===>  ip : 10.192.0.3
===>  bridge :
===>  dns : inherit
===>  flavours : fbsd-update nginx nginx+1 nginx+2 nginx+3 nginx+4
===>  Fetching FreeBSD 12.1
===>  Extract the tarball
=====>  Flavour: fbsd-update
=====>  Starting nginx-amd64-12_1 pot for the initial bootstrap
=====>  mount /var/pot/jails/nginx-amd64-12_1/m/tmp
defaultrouter: NO -> 10.192.0.1
===>  Starting the pot nginx-amd64-12_1
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet 127.0.0.1 netmask 0xff000000
	groups: lo
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 02:c4:d4:5c:96:0b
	inet 10.192.0.3 netmask 0xffc00000 broadcast 10.255.255.255
	groups: epair
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Generating host.conf.
Creating and/or trimming log files.
Starting syslogd.
Clearing /tmp (X related).
Updating motd:.
Starting sendmail_submit.
Starting sendmail_msp_queue.
Starting cron.

Tue Jul 21 15:10:05 UTC 2020
/usr/local/etc/pot/flavours/fbsd-update.sh -> /var/pot/jails/nginx-amd64-12_1/m/tmp/fbsd-update.sh
=====>  Executing fbsd-update script on nginx-amd64-12_1
src component not installed, skipped
freebsd-update fetch should not be run non-interactively.
Run freebsd-update cron instead.
src component not installed, skipped
No updates are available to install.
Run '/usr/sbin/freebsd-update fetch' first.
=====>  Stop the pot nginx-amd64-12_1
=====>  Remove epair0[a|b] network interfaces
=====>  unmount /var/pot/jails/nginx-amd64-12_1/m/tmp
=====>  unmount /var/pot/jails/nginx-amd64-12_1/m/dev
=====>  Flavour: nginx
=====>  Executing nginx pot commands on nginx-amd64-12_1
=====>  Starting nginx-amd64-12_1 pot for the initial bootstrap
=====>  mount /var/pot/jails/nginx-amd64-12_1/m/tmp
===>  Starting the pot nginx-amd64-12_1
add net default: gateway 10.192.0.1
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet 127.0.0.1 netmask 0xff000000
	groups: lo
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 02:af:8d:38:50:0b
	inet6 fe80::af:8dff:fe38:500b%epair0b prefixlen 64 tentative scopeid 0x2
	inet 10.192.0.3 netmask 0xffc00000 broadcast 10.255.255.255
	groups: epair
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Creating and/or trimming log files.
Starting syslogd.
Clearing /tmp (X related).
Updating motd:.
Starting sendmail_submit.
Starting sendmail_msp_queue.
Starting cron.

Tue Jul 21 15:10:10 UTC 2020
/usr/local/etc/pot/flavours/nginx.sh -> /var/pot/jails/nginx-amd64-12_1/m/tmp/nginx.sh
=====>  Executing nginx script on nginx-amd64-12_1
[nginx-amd64-12_1.vsf00001.cpt.za.honeyguide.net] Installing pkg-1.14.6...
[nginx-amd64-12_1.vsf00001.cpt.za.honeyguide.net] Extracting pkg-1.14.6: .......... done
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:12:amd64/latest, please wait...
Verifying signature with trusted certificate pkg.freebsd.org.2013102301... done
sendmail_enable: NO -> NO
nginx_enable:  -> YES
Updating FreeBSD repository catalogue...
[nginx-amd64-12_1.vsf00001.cpt.za.honeyguide.net] Fetching meta.conf: . done
[nginx-amd64-12_1.vsf00001.cpt.za.honeyguide.net] Fetching packagesite.txz: .......... done
Processing entries: .......... done
FreeBSD repository update completed. 31974 packages processed.
All repositories are up to date.
Updating database digests format: . done
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	nginx: 1.18.0_20,2
	pcre: 8.44

Number of packages to be installed: 2

The process will require 8 MiB more space.
2 MiB to be downloaded.
[nginx-amd64-12_1.vsf00001.cpt.za.honeyguide.net] [1/2] Fetching nginx-1.18.0_20,2.txz: .......... done
[nginx-amd64-12_1.vsf00001.cpt.za.honeyguide.net] [2/2] Fetching pcre-8.44.txz: .......... done
Checking integrity... done (0 conflicting)
[nginx-amd64-12_1.vsf00001.cpt.za.honeyguide.net] [1/2] Installing pcre-8.44...
[nginx-amd64-12_1.vsf00001.cpt.za.honeyguide.net] [1/2] Extracting pcre-8.44: .......... done
[nginx-amd64-12_1.vsf00001.cpt.za.honeyguide.net] [2/2] Installing nginx-1.18.0_20,2...
===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.
[nginx-amd64-12_1.vsf00001.cpt.za.honeyguide.net] [2/2] Extracting nginx-1.18.0_20,2: .......... done
=====
Message from nginx-1.18.0_20,2:

--
Recent version of the NGINX introduces dynamic modules support.  In
FreeBSD ports tree this feature was enabled by default with the DSO
knob.  Several vendor's and third-party modules have been converted
to dynamic modules.  Unset the DSO knob builds an NGINX without
dynamic modules support.

To load a module at runtime, include the new `load_module'
directive in the main context, specifying the path to the shared
object file for the module, enclosed in quotation marks.  When you
reload the configuration or restart NGINX, the module is loaded in.
It is possible to specify a path relative to the source directory,
or a full path, please see
https://www.nginx.com/blog/dynamic-modules-nginx-1-9-11/ and
http://nginx.org/en/docs/ngx_core_module.html#load_module for
details.

Default path for the NGINX dynamic modules is

/usr/local/libexec/nginx.
Nothing to do.
=====>  Stop the pot nginx-amd64-12_1
=====>  Remove epair0[a|b] network interfaces
=====>  unmount /var/pot/jails/nginx-amd64-12_1/m/tmp
=====>  unmount /var/pot/jails/nginx-amd64-12_1/m/dev
=====>  Flavour: nginx+1
=====>  Executing nginx+1 pot commands on nginx-amd64-12_1
=====>  No shell script available for the flavour nginx+1
=====>  Flavour: nginx+2
=====>  Executing nginx+2 pot commands on nginx-amd64-12_1
=====>  No shell script available for the flavour nginx+2
=====>  Flavour: nginx+3
=====>  Executing nginx+3 pot commands on nginx-amd64-12_1
=====>  No shell script available for the flavour nginx+3
=====>  Flavour: nginx+4
=====>  Executing nginx+4 pot commands on nginx-amd64-12_1
=====>  No shell script available for the flavour nginx+4

nginx-amd64-11_4_1.0:


nginx/nginx:
set-attribute -A persistent -V OFF
set-attribute -A no-rc-script -V ON
nginx/nginx.sh:
#!/bin/sh

[ -w /etc/pkg/FreeBSD.conf ] && sed -i '' 's/quarterly/latest/' /etc/pkg/FreeBSD.conf
ASSUME_ALWAYS_YES=yes pkg bootstrap
touch /etc/rc.conf
sysrc sendmail_enable="NO"
sysrc nginx_enable="YES"
pkg install -y nginx
echo "error_log /dev/stderr;" >> /usr/local/etc/nginx/nginx.conf
sed -i '' 's%#access_log  logs/access.log .*$%access_log /dev/stdout combined;%' /usr/local/etc/nginx/nginx.conf
pkg clean -y

nginx/nginx+1:
nginx/nginx+1.sh:

nginx/nginx+2:
nginx/nginx+2.sh:

nginx/nginx+3:
nginx/nginx+3.sh:

nginx/nginx+4:
nginx/nginx+4.sh:
Password:=====>  -i auto: assigned 10.192.0.4
===>  Creating a new pot
===>  pot name : nginx-amd64-11_4
===>  type : single
===>  base : 11.4
===>  pot_base :
===>  level : 0
===>  network-type: public-bridge
===>  ip : 10.192.0.4
===>  bridge :
===>  dns : inherit
===>  flavours : fbsd-update nginx nginx+1 nginx+2 nginx+3 nginx+4
===>  Fetching FreeBSD 11.4
===>  Extract the tarball
=====>  Flavour: fbsd-update
=====>  Starting nginx-amd64-11_4 pot for the initial bootstrap
=====>  mount /var/pot/jails/nginx-amd64-11_4/m/tmp
defaultrouter: NO -> 10.192.0.1
===>  Starting the pot nginx-amd64-11_4
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet 127.0.0.1 netmask 0xff000000
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	groups: lo
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 02:09:8a:4e:2f:0b
	hwaddr 02:09:8a:4e:2f:0b
	inet 10.192.0.4 netmask 0xffc00000 broadcast 10.255.255.255
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	groups: epair
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Generating host.conf.
Creating and/or trimming log files.
Starting syslogd.
Clearing /tmp (X related).
Updating motd:.
Starting sendmail_submit.
Starting sendmail_msp_queue.
Starting cron.

Tue Jul 21 15:12:20 UTC 2020
/usr/local/etc/pot/flavours/fbsd-update.sh -> /var/pot/jails/nginx-amd64-11_4/m/tmp/fbsd-update.sh
=====>  Executing fbsd-update script on nginx-amd64-11_4
src component not installed, skipped
freebsd-update fetch should not be run non-interactively.
Run freebsd-update cron instead.
src component not installed, skipped
No updates are available to install.
Run '/usr/sbin/freebsd-update fetch' first.
=====>  Stop the pot nginx-amd64-11_4
=====>  Remove epair0[a|b] network interfaces
=====>  unmount /var/pot/jails/nginx-amd64-11_4/m/tmp
=====>  unmount /var/pot/jails/nginx-amd64-11_4/m/dev
=====>  Flavour: nginx
=====>  Executing nginx pot commands on nginx-amd64-11_4
=====>  Starting nginx-amd64-11_4 pot for the initial bootstrap
=====>  mount /var/pot/jails/nginx-amd64-11_4/m/tmp
===>  Starting the pot nginx-amd64-11_4
add net default: gateway 10.192.0.1
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet 127.0.0.1 netmask 0xff000000
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	groups: lo
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 02:95:fc:8a:dd:0b
	hwaddr 02:95:fc:8a:dd:0b
	inet6 fe80::95:fcff:fe8a:dd0b%epair0b prefixlen 64 tentative scopeid 0x2
	inet 10.192.0.4 netmask 0xffc00000 broadcast 10.255.255.255
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	groups: epair
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Creating and/or trimming log files.
Starting syslogd.
Clearing /tmp (X related).
Updating motd:.
Starting sendmail_submit.
Starting sendmail_msp_queue.
Starting cron.

Tue Jul 21 15:12:26 UTC 2020
/usr/local/etc/pot/flavours/nginx.sh -> /var/pot/jails/nginx-amd64-11_4/m/tmp/nginx.sh
=====>  Executing nginx script on nginx-amd64-11_4
[nginx-amd64-11_4.vsf00001.cpt.za.honeyguide.net] Installing pkg-1.14.6...
[nginx-amd64-11_4.vsf00001.cpt.za.honeyguide.net] Extracting pkg-1.14.6: .......... done
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:11:amd64/latest, please wait...
Verifying signature with trusted certificate pkg.freebsd.org.2013102301... done
sendmail_enable: NO -> NO
nginx_enable:  -> YES
Updating FreeBSD repository catalogue...
[nginx-amd64-11_4.vsf00001.cpt.za.honeyguide.net] Fetching meta.conf: . done
[nginx-amd64-11_4.vsf00001.cpt.za.honeyguide.net] Fetching packagesite.txz: .......... done
Processing entries: .......... done
FreeBSD repository update completed. 30777 packages processed.
All repositories are up to date.
Updating database digests format: . done
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	nginx: 1.18.0_18,2
	pcre: 8.44

Number of packages to be installed: 2

The process will require 8 MiB more space.
2 MiB to be downloaded.
[nginx-amd64-11_4.vsf00001.cpt.za.honeyguide.net] [1/2] Fetching nginx-1.18.0_18,2.txz: .......... done
[nginx-amd64-11_4.vsf00001.cpt.za.honeyguide.net] [2/2] Fetching pcre-8.44.txz: .......... done
Checking integrity... done (0 conflicting)
[nginx-amd64-11_4.vsf00001.cpt.za.honeyguide.net] [1/2] Installing pcre-8.44...
[nginx-amd64-11_4.vsf00001.cpt.za.honeyguide.net] [1/2] Extracting pcre-8.44: .......... done
[nginx-amd64-11_4.vsf00001.cpt.za.honeyguide.net] [2/2] Installing nginx-1.18.0_18,2...
===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.
[nginx-amd64-11_4.vsf00001.cpt.za.honeyguide.net] [2/2] Extracting nginx-1.18.0_18,2: .......... done
=====
Message from nginx-1.18.0_18,2:

--
Recent version of the NGINX introduces dynamic modules support.  In
FreeBSD ports tree this feature was enabled by default with the DSO
knob.  Several vendor's and third-party modules have been converted
to dynamic modules.  Unset the DSO knob builds an NGINX without
dynamic modules support.

To load a module at runtime, include the new `load_module'
directive in the main context, specifying the path to the shared
object file for the module, enclosed in quotation marks.  When you
reload the configuration or restart NGINX, the module is loaded in.
It is possible to specify a path relative to the source directory,
or a full path, please see
https://www.nginx.com/blog/dynamic-modules-nginx-1-9-11/ and
http://nginx.org/en/docs/ngx_core_module.html#load_module for
details.

Default path for the NGINX dynamic modules is

/usr/local/libexec/nginx.
Nothing to do.
=====>  Stop the pot nginx-amd64-11_4
=====>  Remove epair0[a|b] network interfaces
=====>  unmount /var/pot/jails/nginx-amd64-11_4/m/tmp
=====>  unmount /var/pot/jails/nginx-amd64-11_4/m/dev
=====>  Flavour: nginx+1
=====>  Executing nginx+1 pot commands on nginx-amd64-11_4
=====>  No shell script available for the flavour nginx+1
=====>  Flavour: nginx+2
=====>  Executing nginx+2 pot commands on nginx-amd64-11_4
=====>  No shell script available for the flavour nginx+2
=====>  Flavour: nginx+3
=====>  Executing nginx+3 pot commands on nginx-amd64-11_4
=====>  No shell script available for the flavour nginx+3
=====>  Flavour: nginx+4
=====>  Executing nginx+4 pot commands on nginx-amd64-11_4
=====>  No shell script available for the flavour nginx+4

This site © Honeyguide Group (Pty) Ltd, all the hosted software their respective license owners 2020 - Disclaimer