Openresty proxy: Not building `nginx.conf` and not updating `sudoers.d` with openresty varaint
Closed this issue · 2 comments
Description of problem
Hey!
I'm trying to use the Openresty proxy on a new grafana stack, and ran into few issues with the overall initial configuration: Documenting them in here so they can be searched for and eventually fixed.
First, a bit of context for those unfamilar with Openresty: This is a reverse proxy that integrates Lua + LuaJIT with Nginx, making it mostly use the same environment and context as nginx.
This means that its configuration files, locations, and executed commands are mostly equivalent, with the additions of some goodies to support lua.
Steps to reproduce
-
No
nginx.conf
was built
I would expect thedokku proxy:build-config
to at least do the same as with itsnginx
counterpart, but usingopenresty
it does nothing.
Temporary solution: Switch tonginx
then swap the config back toopenresty
.
Permanent solution: Have thebuild-config
foropenresty
build anginx.conf
file. -
The
/etc/sudoers.d/dokku-nginx
file did not consider openresty
When Openresty is installed, the commands are using theopenresty
executable and not thenginx
one: This means that the commands such asdokku nginx:validate-config grafana
command executes thesudo /usr/bin/openresty -t
instead ofsudo /usr/sbin/nginx -t
command, which is not included in thedokku-nginx
sudoers file, making it prompt for the password for the dokku user instead of executing it password-free.
Here is the relevant snippet from thedokku nginx:validate-config grafana
withdokku:trace on
:
+ local NGINX_LOCATION EXIT_CODE
++ get_nginx_location
++ declare 'desc=check that nginx is at the expected location and return it'
++ fn-nginx-vhosts-nginx-location
++ declare 'desc=check that nginx is at the expected location and return it'
++ local NGINX_LOCATION
+++ command -v nginx
++ NGINX_LOCATION=/usr/sbin/nginx
++ [[ -z /usr/sbin/nginx ]]
++ fn-nginx-vhosts-uses-openresty
++ declare 'desc=returns whether openresty is in use or not'
++ [[ -x /usr/bin/openresty ]]
++ return
++ NGINX_LOCATION=/usr/bin/openresty
++ [[ ! -x /usr/bin/openresty ]]
++ echo /usr/bin/openresty
+ NGINX_LOCATION=/usr/bin/openresty
+ [[ -z /usr/bin/openresty ]]
+ [[ grafana == \-\-\c\l\e\a\n ]]
+ set +e
+ sudo /usr/bin/openresty -t
Temporary solution: Create /etc/sudoers.d/dokku-openresty
as a copy of the dokku-nginx
one, with the bin replaced with openresty
Permanent solution: Either update the dokku-nginx
file to account for openresty, or create a new dokku-openresty
file with its appropriate permissions.
dokku report $APP_NAME
NA
Additional information
No response
Output of failing commands after running: dokku trace:off
No response
Output of failing commands after running: dokku trace:on
No response
Unlike the nginx proxy plugin, the openresty plugin (and the other official ones) is powered by docker container labels. A container - started via openresty:start
- runs openresty on your behalf, and all apps deployed this way end up getting custom labels that allow the openresty container to proxy traffic. That might not be clear, so feel free to make a PR clarifying the usage here.
If you want to use openresty as managed by the host, the nginx
plugin is what you're going to have to use. I believe it detects openresty being installed, but if not, feel free to report separate bugs on that. You'll need to install openresty (and uninstall nginx) if you choose to go this route.
Closing this as it's not a bug, but a misunderstanding of how the openresty plugin works. Feel free to chime in if you need further help :)