Openresty proxy: Not building `nginx.conf` and not updating `sudoers.d` with openresty varaint

Question

Openresty proxy: Not building `nginx.conf` and not updating `sudoers.d` with openresty varaint

Closed this issue a month ago · 2 comments

Description of problem

Hey!
I'm trying to use the Openresty proxy on a new grafana stack, and ran into few issues with the overall initial configuration: Documenting them in here so they can be searched for and eventually fixed.

First, a bit of context for those unfamilar with Openresty: This is a reverse proxy that integrates Lua + LuaJIT with Nginx, making it mostly use the same environment and context as nginx.
This means that its configuration files, locations, and executed commands are mostly equivalent, with the additions of some goodies to support lua.

Steps to reproduce

No nginx.conf was built
I would expect the dokku proxy:build-config to at least do the same as with its nginx counterpart, but using openresty it does nothing.

Temporary solution: Switch to nginx then swap the config back to openresty.
Permanent solution: Have the build-config for openresty build a nginx.conf file.
The /etc/sudoers.d/dokku-nginx file did not consider openresty
When Openresty is installed, the commands are using the openresty executable and not the nginx one: This means that the commands such as dokku nginx:validate-config grafana command executes the sudo /usr/bin/openresty -t instead of sudo /usr/sbin/nginx -t command, which is not included in the dokku-nginx sudoers file, making it prompt for the password for the dokku user instead of executing it password-free.
Here is the relevant snippet from the dokku nginx:validate-config grafana with dokku:trace on:

+ local NGINX_LOCATION EXIT_CODE
++ get_nginx_location
++ declare 'desc=check that nginx is at the expected location and return it'
++ fn-nginx-vhosts-nginx-location
++ declare 'desc=check that nginx is at the expected location and return it'
++ local NGINX_LOCATION
+++ command -v nginx
++ NGINX_LOCATION=/usr/sbin/nginx
++ [[ -z /usr/sbin/nginx ]]
++ fn-nginx-vhosts-uses-openresty
++ declare 'desc=returns whether openresty is in use or not'
++ [[ -x /usr/bin/openresty ]]
++ return
++ NGINX_LOCATION=/usr/bin/openresty
++ [[ ! -x /usr/bin/openresty ]]
++ echo /usr/bin/openresty
+ NGINX_LOCATION=/usr/bin/openresty
+ [[ -z /usr/bin/openresty ]]
+ [[ grafana == \-\-\c\l\e\a\n ]]
+ set +e
+ sudo /usr/bin/openresty -t

Temporary solution: Create /etc/sudoers.d/dokku-openresty as a copy of the dokku-nginx one, with the bin replaced with openresty
Permanent solution: Either update the dokku-nginx file to account for openresty, or create a new dokku-openresty file with its appropriate permissions.

dokku report $APP_NAME

NA

Additional information

No response

Output of failing commands after running: dokku trace:off

No response

Output of failing commands after running: dokku trace:on

No response

Answer 1 · 2024-04-15T11:44:28.000Z

Unlike the nginx proxy plugin, the openresty plugin (and the other official ones) is powered by docker container labels. A container - started via openresty:start - runs openresty on your behalf, and all apps deployed this way end up getting custom labels that allow the openresty container to proxy traffic. That might not be clear, so feel free to make a PR clarifying the usage here.

If you want to use openresty as managed by the host, the nginx plugin is what you're going to have to use. I believe it detects openresty being installed, but if not, feel free to report separate bugs on that. You'll need to install openresty (and uninstall nginx) if you choose to go this route.

Answer 2 · 2024-04-19T21:30:18.000Z

Closing this as it's not a bug, but a misunderstanding of how the openresty plugin works. Feel free to chime in if you need further help :)