Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

resolve errors for and update nginx-proxy to alpine 3.20 #500

Closed
mmguero opened this issue Jun 20, 2024 · 1 comment
Closed

resolve errors for and update nginx-proxy to alpine 3.20 #500

mmguero opened this issue Jun 20, 2024 · 1 comment
Assignees
@mmguero
Labels
bug Something isn't working build For issues related to compilation/building nginx Relating to Malcolm's use of nginx security Related to issues with bearing on the security of Malcolm itself
Milestone
v24.07.0

Comments

@mmguero
Copy link
Collaborator

mmguero commented Jun 20, 2024

When we update the nginx.Dockerfile to alpine:3.20 as its base, it builds okay but on runtime it gets this:

nginx-proxy-1         | 2024-06-20 22:02:03,969 INFO spawned: 'nginx' with pid 121
nginx-proxy-1         | Error loading shared library libssl.so.55: No such file or directory (needed by /usr/sbin/nginx)
nginx-proxy-1         | Error loading shared library libcrypto.so.52: No such file or directory (needed by /usr/sbin/nginx)
nginx-proxy-1         | Error relocating /usr/sbin/nginx: sk_pop_free: symbol not found
nginx-proxy-1         | Error relocating /usr/sbin/nginx: X509_get_ex_new_index: symbol not found
nginx-proxy-1         | Error relocating /usr/sbin/nginx: EVP_CIPHER_iv_length: symbol not found
nginx-proxy-1         | Error relocating /usr/sbin/nginx: d2i_OCSP_RESPONSE_bio: symbol not found
nginx-proxy-1         | Error relocating /usr/sbin/nginx: SSL_CTX_set_min_proto_version: symbol not found
nginx-proxy-1         | Error relocating /usr/sbin/nginx: sk_value: symbol not found
nginx-proxy-1         | Error relocating /usr/sbin/nginx: EVP_MD_CTX_create: symbol not found
nginx-proxy-1         | Error relocating /usr/sbin/nginx: SSL_CTX_set_max_proto_version: symbol not found
nginx-proxy-1         | Error relocating /usr/sbin/nginx: SSL_state: symbol not found
nginx-proxy-1         | Error relocating /usr/sbin/nginx: SSL_get_peer_certificate: symbol not found
nginx-proxy-1         | Error relocating /usr/sbin/nginx: SSL_CTX_set0_chain: symbol not found
nginx-proxy-1         | Error relocating /usr/sbin/nginx: SSL_CTX_get_ex_new_index: symbol not found
nginx-proxy-1         | Error relocating /usr/sbin/nginx: SSL_CTX_set1_groups_list: symbol not found
nginx-proxy-1         | Error relocating /usr/sbin/nginx: EVP_MD_CTX_destroy: symbol not found
nginx-proxy-1         | Error relocating /usr/sbin/nginx: sk_num: symbol not found
nginx-proxy-1         | Error relocating /usr/sbin/nginx: sk_new_null: symbol not found
nginx-proxy-1         | Error relocating /usr/sbin/nginx: SSL_get_ex_new_index: symbol not found
nginx-proxy-1         | Error relocating /usr/sbin/nginx: SSL_set0_chain: symbol not found
nginx-proxy-1         | Error relocating /usr/sbin/nginx: sk_push: symbol not found
nginx-proxy-1         | Error relocating /usr/sbin/nginx: SSLv23_method: symbol not found
nginx-proxy-1         | 2024-06-20 22:02:03,980 WARN exited: nginx (exit status 127; not expected)

So for now I've left it at 3.18. We need to resolve these errors and update it to 3.20.
@mmguero mmguero added bug Something isn't working nginx Relating to Malcolm's use of nginx build For issues related to compilation/building security Related to issues with bearing on the security of Malcolm itself labels Jun 20, 2024
@mmguero mmguero added this to the v24.07.0 milestone Jun 20, 2024
@mmguero mmguero added this to Malcolm Jun 20, 2024
@mmguero mmguero moved this to Todo (develop) in Malcolm Jun 27, 2024
@mmguero mmguero self-assigned this Jul 18, 2024
@mmguero mmguero moved this from Todo (develop) to In Progress in Malcolm Jul 18, 2024
@mmguero
Copy link
Collaborator Author

mmguero commented Jul 18, 2024

  • resolved by replacing libressl with openssl
  • tested
    • HTTP access (SSL disabled)
    • HTTPS access
    • LDAP authentication
    • BASIC authentication

everything seems to work, I'll keep an eye on it but it seems like a pretty straightforward swap out.

@mmguero mmguero closed this as completed Jul 18, 2024
@github-project-automation github-project-automation bot moved this from In Progress to Done in Malcolm Jul 18, 2024
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jul 18, 2024
@mmguero
resolve errors for and update nginx-proxy to alpine 3.20 (idaholab#500)
3c9e935 
* resolved by replacing libressl with openssl
* tested
  - HTTP access (SSL disabled)
  - HTTPS access
  - LDAP authentication
  - BASIC authentication

everything seems to work, I'll keep an eye on it but it seems like a pretty straightforward swap out.
@mmguero mmguero removed the status in Malcolm Jul 18, 2024
@mmguero mmguero moved this to Done in Malcolm Jul 18, 2024
This was referenced Jul 29, 2024
Merged
Merged
@mmguero mmguero moved this from Done to Released in Malcolm Jul 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmguero mmguero

Labels
bug Something isn't working build For issues related to compilation/building nginx Relating to Malcolm's use of nginx security Related to issues with bearing on the security of Malcolm itself
Projects
Malcolm
Status: Released
Milestone
v24.07.0
Development

No branches or pull requests
1 participant
@mmguero