yaoweibin/nginx_upstream_check_module

请问Patch for nginx 1.22.0有没有开发计划?

Closed this issue · 8 comments

最近疯传Nginx版本存在0DAY漏洞
一、漏洞具体信息:
【漏洞编号】-
【影响范围】Nginx<=1.21.5
【漏洞描述】Nginx版本小于等于1.21.5存在0DAY漏洞
【规避措施】通过官方渠道升级Nginx至最新版本

试着编译安装nginx 1.22.0(使用了nginx_upstream_check_module ), 打了1.20.1版本的补丁: patch -p1 < ../nginx_upstream_check_module-master/check_1.20.1+.patch , 安装后发现nginx_error.log产生以下大量报错:
2022/08/02 10:55:04 [error] 11807#0: check time out with peer: xx.xx.66.70:8082
2022/08/02 10:55:04 [error] 11807#0: check time out with peer: xx.xx.65.160:8083
同样的nginx配置,nginx 1.16.1添加nginx_upstream_check_module编译安装后不会产生这种现象,所以判断check_1.20.1+.patch无法用在nginx 1.22.0版本上。
谢谢您的辛勤付出!请问一下Patch for nginx 1.22.0有没有开发计划?

你看下你的配置试试呢 ,我从1.20.1-1.23.1 好几个版本用这个补丁都是可以的

你看下你的配置试试呢 ,我从1.20.1-1.23.1 好几个版本用这个补丁都是可以的

谢谢你提供的信息!我又看了一下其它几台安装了nginx 1.16.1的服务器(操作系统centos 6.4,加载了nginx_upstream_check_module),tail -f nginx_error.log也都会报这种告警:
2022/08/02 15:18:09 [error] 29881#0: check time out with peer: xx.xx.66.69:8083
2022/08/02 15:18:09 [error] 29881#0: check time out with peer: xx.xx.128.97:9090
所以有这种告警是正常的。

仔细检查了一下,还是和我的配置有关。是我的后端服务器有问题,xx.xx.66.69:8083 ,xx.xx.128.97:9090 这些端口都是down的。把这些有问题的后端服务器从 upstreams 相关配置中去掉就可以了。

我帖子里面提到的没有相关告警的服务器,其实是nginx_upstream_check_module安装的有问题,忘记执行了下面的步骤:
cd /application/nginx_install_src/nginx-1.16.1
patch -p1 < ../nginx_upstream_check_module-master/check_1.16.1+.patch

所以,你是对的,nginx 1.22.0 应该可以直接使用 check_1.20.1+.patch

好的,我本周看下 webfish76 @.***> 于2022年8月2日周二 11:08写道:

谢谢大神回复! filtercomp朋友是对的(参见对他的帖子的回复),nginx 1.22.0 有可能可以直接使用 check_1.20.1+.patch

编译安装nginx 1.22.0(使用了nginx_upstream_check_module ), 打了1.20.1版本的补丁: patch -p1 < ../nginx_upstream_check_module-master/check_1.20.1+.patch , 安装后发现nginx_error.log产生的大量报错, 其实这些报错是正常现象,和我的nginx配置有关,修改了我的nginx配置后问题就好了,不再产生报错信息了。

Guys,

Sorry for the comment but I'm trying to compile & build this module with nginx 1.22.0 and ubuntu 22.04 and it keeps failing.
What am I missing?

After download everything, I run the following commands:
cd nginx-1.22.0/
sudo patch -p1 < /usr/local/modules/nginx_upstream_check_module/check_1.20.1+.patch
cd /usr/local/modules/sticky_module
sudo patch -p0 < /usr/local/modules/nginx_upstream_check_module/nginx-sticky-module.patch
cd /home/rubenfelix/nginx/

(cd /usr/local/lib/nginx-1.22.0 && ./configure --prefix=/etc/nginx --sbin-path=sbin/nginx --conf-path=nginx.conf --pid-path=/run/nginx.pid --http-log-path=logs/access.log --error-log-path=logs/error.log --http-client-body-temp-path=temp/body --http-fastcgi-temp-path=temp/fastcgi --http-proxy-temp-path=temp/proxy --http-scgi-temp-path=temp/scgi --http-uwsgi-temp-path=temp/uwsgi --with-pcre=/usr/local/lib/pcre-8.45 --with-zlib=/usr/local/lib/zlib-1.2.12 --with-debug --with-compat --with-pcre-jit --with-threads --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module --with-mail_ssl_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_geoip_module=dynamic --with-http_image_filter_module=dynamic --with-mail=dynamic --with-stream=dynamic --with-http_xslt_module=dynamic --add-dynamic-module=/usr/local/modules/ngx_http_auth_pam_module --add-dynamic-module=/usr/local/modules/nginx-dav-ext-module --add-dynamic-module=/usr/local/modules/echo-nginx-module/ --add-dynamic-module=/usr/local/modules/ngx_http_substitutions_filter_module --add-dynamic-module=/usr/local/modules/cookie_flag_module --add-module=/usr/local/modules/nginx_upstream_check_module --add-module=/usr/local/modules/sticky_module)
(cd /usr/local/lib/nginx-${NGINX_VERSION} && make)
(cd /usr/local/lib/nginx-${NGINX_VERSION} && make install)

And the error:
cc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I src/core -I src/event -I src/event/modules -I src/os/unix -I /usr/local/modules/nginx_upstream_check_module -I /usr/local/lib/pcre-8.45 -I /usr/local/lib/zlib-1.2.12 -I /usr/include/libxml2 -I objs -I src/http -I src/http/modules -I src/http/v2 -I src/mail -I src/stream
-o objs/addon/sticky_module/ngx_http_sticky_module.o
/usr/local/modules/sticky_module/ngx_http_sticky_module.c
In file included from src/core/ngx_core.h:60,
from /usr/local/modules/sticky_module/ngx_http_sticky_module.c:8:
/usr/local/modules/sticky_module/ngx_http_sticky_module.c: In function ‘ngx_http_get_sticky_peer’:
/usr/local/modules/sticky_module/ngx_http_sticky_module.c:311:36: error: ‘ngx_http_upstream_rr_peer_t’ {aka ‘struct ngx_http_upstream_rr_peer_s’} has no member named ‘check_index’
311 | peer->check_index);
| ^~
src/core/ngx_log.h:93:48: note: in definition of macro ‘ngx_log_debug’
93 | ngx_log_error_core(NGX_LOG_DEBUG, log, VA_ARGS)
| ^~~~~~~~~~~
/usr/local/modules/sticky_module/ngx_http_sticky_module.c:309:17: note: in expansion of macro ‘ngx_log_debug1’
309 | ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
| ^~~~~~~~~~~~~~
/usr/local/modules/sticky_module/ngx_http_sticky_module.c:313:59: error: ‘ngx_http_upstream_rr_peer_t’ {aka ‘struct ngx_http_upstream_rr_peer_s’} has no member named ‘check_index’
313 | if (ngx_http_upstream_check_peer_down(peer->check_index)) {
| ^~
In file included from src/core/ngx_core.h:60,
from /usr/local/modules/sticky_module/ngx_http_sticky_module.c:8:
/usr/local/modules/sticky_module/ngx_http_sticky_module.c:337:36: error: ‘ngx_http_upstream_rr_peer_t’ {aka ‘struct ngx_http_upstream_rr_peer_s’} has no member named ‘check_index’
337 | peer->check_index);
| ^~
src/core/ngx_log.h:93:48: note: in definition of macro ‘ngx_log_debug’
93 | ngx_log_error_core(NGX_LOG_DEBUG, log, VA_ARGS)
| ^~~~~~~~~~~
/usr/local/modules/sticky_module/ngx_http_sticky_module.c:335:17: note: in expansion of macro ‘ngx_log_debug1’
335 | ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
| ^~~~~~~~~~~~~~
/usr/local/modules/sticky_module/ngx_http_sticky_module.c:339:60: error: ‘ngx_http_upstream_rr_peer_t’ {aka ‘struct ngx_http_upstream_rr_peer_s’} has no member named ‘check_index’
339 | if (!ngx_http_upstream_check_peer_down(peer->check_index)) {
| ^~
make[1]: *** [objs/Makefile:1471: objs/addon/sticky_module/ngx_http_sticky_module.o] Error 1
make[1]: Leaving directory '/usr/local/lib/nginx-1.22.0'
make: *** [Makefile:10: build] Error 2
make -f objs/Makefile install
make[1]: Entering directory '/usr/local/lib/nginx-1.22.0'
cc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I src/core -I src/event -I src/event/modules -I src/os/unix -I /usr/local/modules/nginx_upstream_check_module -I /usr/local/lib/pcre-8.45 -I /usr/local/lib/zlib-1.2.12 -I /usr/include/libxml2 -I objs -I src/http -I src/http/modules -I src/http/v2 -I src/mail -I src/stream
-o objs/addon/sticky_module/ngx_http_sticky_module.o
/usr/local/modules/sticky_module/ngx_http_sticky_module.c
In file included from src/core/ngx_core.h:60,
from /usr/local/modules/sticky_module/ngx_http_sticky_module.c:8:
/usr/local/modules/sticky_module/ngx_http_sticky_module.c: In function ‘ngx_http_get_sticky_peer’:
/usr/local/modules/sticky_module/ngx_http_sticky_module.c:311:36: error: ‘ngx_http_upstream_rr_peer_t’ {aka ‘struct ngx_http_upstream_rr_peer_s’} has no member named ‘check_index’
311 | peer->check_index);
| ^~
src/core/ngx_log.h:93:48: note: in definition of macro ‘ngx_log_debug’
93 | ngx_log_error_core(NGX_LOG_DEBUG, log, VA_ARGS)
| ^~~~~~~~~~~
/usr/local/modules/sticky_module/ngx_http_sticky_module.c:309:17: note: in expansion of macro ‘ngx_log_debug1’
309 | ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
| ^~~~~~~~~~~~~~
/usr/local/modules/sticky_module/ngx_http_sticky_module.c:313:59: error: ‘ngx_http_upstream_rr_peer_t’ {aka ‘struct ngx_http_upstream_rr_peer_s’} has no member named ‘check_index’
313 | if (ngx_http_upstream_check_peer_down(peer->check_index)) {
| ^~
In file included from src/core/ngx_core.h:60,
from /usr/local/modules/sticky_module/ngx_http_sticky_module.c:8:
/usr/local/modules/sticky_module/ngx_http_sticky_module.c:337:36: error: ‘ngx_http_upstream_rr_peer_t’ {aka ‘struct ngx_http_upstream_rr_peer_s’} has no member named ‘check_index’
337 | peer->check_index);
| ^~
src/core/ngx_log.h:93:48: note: in definition of macro ‘ngx_log_debug’
93 | ngx_log_error_core(NGX_LOG_DEBUG, log, VA_ARGS)
| ^~~~~~~~~~~
/usr/local/modules/sticky_module/ngx_http_sticky_module.c:335:17: note: in expansion of macro ‘ngx_log_debug1’
335 | ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
| ^~~~~~~~~~~~~~
/usr/local/modules/sticky_module/ngx_http_sticky_module.c:339:60: error: ‘ngx_http_upstream_rr_peer_t’ {aka ‘struct ngx_http_upstream_rr_peer_s’} has no member named ‘check_index’
339 | if (!ngx_http_upstream_check_peer_down(peer->check_index)) {
| ^~
make[1]: *** [objs/Makefile:1471: objs/addon/sticky_module/ngx_http_sticky_module.o] Error 1
make[1]: Leaving directory '/usr/local/lib/nginx-1.22.0'
make: *** [Makefile:13: install] Error 2

Are you able to help me?

Thank you very much!

Are you still use the sticky module?

Yes, I use the sticky module to grant http stickiness with cockie.