bba6a61727
package changes
build-and-publish / build (Raccoon, ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Failing after 3m7s
build-and-publish / build (Trixie, debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Failing after 2m57s
2026-05-23 17:57:17 +00:00
61d2ca2df8
Service adjustments
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Successful in 3m42s
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Successful in 3m19s
2026-05-20 04:47:34 +00:00
a8966ac108
systemd: switch to deny-everything-by-default (TemporaryFileSystem=/) with explicit BindReadOnlyPaths + BindPaths allowlist
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Successful in 3m49s
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Successful in 3m12s
2026-05-15 18:22:16 +00:00
9e8d14bd5d
systemd: hardening — ProtectSystem=strict, ReadOnlyPaths for /raweb + /srv + letsencrypt, ReadWritePaths for /run + logs; explicitly skip MemoryDenyWriteExecute + ~@resources (known to break LuaJIT/setrlimit)
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Successful in 3m9s
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Successful in 4m39s
2026-05-15 18:19:17 +00:00
b7b4447afc
compile temp paths into binary, all tmpfs-backed (/run/nginx/temp/)
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Successful in 3m7s
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Successful in 3m16s
2026-05-15 16:51:06 +00:00
0b9651ca05
Systemd Patches + CVE Patch
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Successful in 3m23s
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Successful in 3m20s
2026-05-15 13:49:54 +00:00
8a14911502
Ubuntu 26.04 Release
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Successful in 3m10s
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Successful in 3m26s
2026-04-26 05:26:09 +00:00
be3fb4a68f
systemd: drop @resources from SystemCallFilter blocklist (nginx workers need prlimit64); set SystemCallErrorNumber=EPERM
build-and-publish / build (ubuntu:26.04, NEXUS_PASS_RACCOON, NEXUS_REPO_RACCOON, NEXUS_USER_RACCOON, raccoon) (push) Has been cancelled
build-and-publish / build (debian:13, NEXUS_PASS_TRIXIE, NEXUS_REPO_TRIXIE, NEXUS_USER_TRIXIE, trixie) (push) Has been cancelled
2026-04-26 05:19:29 +00:00
0888f0ef83
ubuntu 26.04
2026-04-26 04:15:12 +00:00
6689fd295b
2026
build-and-publish / build (push) Has been cancelled
2026-04-26 01:38:39 +00:00
51b6eaa694
implementation of nginx 1.30 + AWS-LC + 5k-vhost perf tuning
...
build-and-publish / build (push) Successful in 3m18s
- nginx 1.30.0, ModSecurity v3.0.12, AWS-LC 1.72.0 (replaces
quictls/openssl 3.1.5-quic1; OpenSSL 3.1 is EOL upstream)
- AWS-LC build via cmake+ninja, installed to /usr/local/aws-lc;
nginx links via -I/-L and rpath
- lua-nginx-module: sed-broaden the existing OPENSSL_IS_BORINGSSL
guards to also recognise OPENSSL_IS_AWSLC (covers #ifdef,
#ifndef, #elif defined). without this the missing-API stubs
never fire on AWS-LC and the build breaks on
SSL_get1_supported_ciphers / SSL_export_keying_material_early
- lua-resty-core / lrucache: switched from `git clone master`
to wget tarball pinned via LUA_SCRIPTS_RESTYCORE/LRUCACHE.
master drifted to wanting ngx_lua 0.10.30 while the pin was
0.10.29 — silent CI breakage waiting to happen
- ModSec rewritten for v3 build flow (./build.sh && ./configure
--without-pcre --with-pcre2). v2's standalone.so isn't what
ModSecurity-nginx connector links against; it wants
libmodsecurity.so
- PCRE2: switched to /releases/download/ tarball (bundles the
sljit submodule needed for --with-pcre-jit); /archive/refs/tags/
is a raw snapshot and omits submodules
- LuaJIT version pin had a stray leading 'v' that produced
/tags/vv2.1-... → 404
- drop -L/lib/x86_64-linux-gnu -lpcre from --with-ld-opt;
PCRE1 is gone from debian 13
- drop libpcre3-dev from apt install for the same reason
- fix latent bug in build/run.sh build(): make && make install
&& make clean swallows make failures from set -e because of
&&-chain semantics. now separate statements
- static/nginx/nginx.conf rewrite for shared hosting at 5k+
vhosts: server_names_hash_max_size 32768, shared SSL session
cache 200m, OCSP stapling, open_file_cache, brotli+gzip
enabled in http{}, worker_cpu_affinity auto, max_headers 100,
keepalive_requests 10000. client_header_buffer_size dropped
from 2M to 4k (was a memory amplification surface)
- README: performance section comparing twiy vs vanilla nginx,
OpenResty, Apache; expected yield breakdown
2026-04-26 01:09:28 +00:00
f703f1eaba
cleanup
build-and-publish / build (push) Successful in 2m53s
2026-04-25 23:29:29 +00:00
4cab377b5b
Update nginx.service
2024-07-02 17:45:40 +02:00
8737f183d1
Update nginx.conf
2024-05-22 04:37:29 +02:00
6758448534
Create default
2024-05-22 00:55:28 +02:00
fe6e4c6d0c
Delete static/default
2024-05-22 00:54:42 +02:00
432ebd3ad7
Create nginx.conf
2024-05-22 00:54:24 +02:00
d31bd00544
Delete static/Jammy/nginx.conf
2024-05-22 00:49:32 +02:00
ae40bb737a
Delete static/Jammy/mod directory
2024-05-22 00:49:24 +02:00
25de9e247f
Delete static/Focal/nginx.conf
2024-05-22 00:49:10 +02:00
068a11acf5
Delete static/Focal/mod directory
2024-05-22 00:48:57 +02:00
46fd3f371d
Update index.html
2024-05-22 00:46:58 +02:00
444e23648f
Update default
2024-05-22 00:45:57 +02:00
theraw
cea3b41e4f
add .so modules
2023-01-02 04:54:19 +00:00
14def58675
Update Builder.sh
2023-01-02 05:46:57 +01:00
theraw
303c9c0320
add .so modules
2023-01-02 04:33:28 +00:00
8f6c53296a
Update nginx.service
2023-01-02 05:27:48 +01:00
3b18462532
Update nginx.service
2023-01-02 05:27:32 +01:00
f2a3c35bce
Delete Builder.sh
2023-01-02 05:26:54 +01:00
24cd4b5fef
Delete Builder.sh
2023-01-02 05:26:44 +01:00
42ae373027
Update Builder.sh
2023-01-02 05:26:16 +01:00
c2a6dea52d
Update Builder.sh
2023-01-02 05:25:33 +01:00
cb12e3957d
Update Builder.sh
2023-01-02 05:23:07 +01:00
264f65de20
Update Builder.sh
2023-01-02 05:18:37 +01:00
dce4e480b4
Update Builder.sh
2023-01-02 05:01:23 +01:00
5c360d29d6
Update supervisord.conf
2022-12-29 04:00:21 +01:00
a215e1ef20
Update supervisord.conf
2022-12-29 03:59:00 +01:00
d0afbccb09
Merge pull request #28 from theraw/ubuntu22-lua-fix
...
Ubuntu22 lua fix
2022-12-29 03:37:53 +01:00
theraw
ff2e1b36f2
s
2022-12-29 01:54:43 +00:00
1362b11bcf
Update Builder.sh
2022-12-29 02:49:24 +01:00
c5f2d3e8c2
Update Builder.sh
2022-12-29 02:49:01 +01:00
6765ec2483
Update nginx.conf
2022-12-29 02:24:53 +01:00
d1215f09b0
Update nginx.conf
2022-12-29 02:23:56 +01:00
bff43d5ce5
Delete ngx_stream_js_module.so
2022-12-29 01:51:54 +01:00
258ad38984
Delete ngx_stream_geoip2_module.so
2022-12-29 01:51:49 +01:00
abb259d4a6
Delete ngx_pagespeed.so
2022-12-29 01:51:44 +01:00
f0038d2a1d
Delete ngx_http_testcookie_access_module.so
2022-12-29 01:51:37 +01:00
3a2707df0a
Delete ngx_http_set_misc_module.so
2022-12-29 01:51:32 +01:00
00389604b9
Delete ngx_http_naxsi_module.so
2022-12-29 01:51:26 +01:00
c8b682a597
Delete ngx_http_modsecurity_module.so
2022-12-29 01:51:21 +01:00
root
theraw