From 9ed2b93bbf333fc248abd858bed0465e21f0a4e7 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 23 Oct 2024 15:52:37 -0700 Subject: [PATCH 1/2] Added support for NGINX Plus R33 NGINX Plus now requires license.jwt to start. --- ngxunprivinst.sh | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/ngxunprivinst.sh b/ngxunprivinst.sh index 1249aaf..440fd0e 100755 --- a/ngxunprivinst.sh +++ b/ngxunprivinst.sh @@ -9,7 +9,7 @@ set -e # For RPM-based distros, make sure that you have rpm2cpio installed. ## # Usage: ./ngxunprivinst.sh fetch -c -k [-v ] -# ./ngxunprivinst.sh (install|upgrade) [-y] -p ... +# ./ngxunprivinst.sh (install|upgrade) [-y] -p -j ... # ./ngxunprivinst.sh list -c -k # # fetch - download Nginx Plus and modules packages @@ -21,6 +21,7 @@ set -e # cert_file - path to your subscription certificate file # key_file - path to your subscription private key file # path - nginx prefix path +# license - path to your subscription license.jwt file # version - nginx package version (default: latest available) # -y - answers "yes" to all questions ## @@ -30,6 +31,7 @@ PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin: NGXUSER=`id -nu` NGXCERT= NGXKEY= +NGXLICENSE= NGXPATH= CURDIR=`pwd` WGET="wget -q" @@ -56,12 +58,13 @@ else shift fi -args=`getopt c:k:p:v:y $*` +args=`getopt c:j:k:p:v:y $*` for opt do case "$opt" in -c) NGXCERT=$2; shift; shift;; + -j) NGXLICENSE=$2; shift; shift;; -k) NGXKEY=$2; shift; shift;; -p) NGXPATH=$2; shift; shift;; -v) VERSION=$2; shift; shift;; @@ -83,6 +86,11 @@ if [ "$NGXPATH" = '' ] && ( [ "$ACTION" = 'install' ] || [ "$ACTION" = 'upgrade' fi fi +if [ "$NGXLICENSE" = '' ] && ( [ "$ACTION" = 'install' ] || [ "$ACTION" = 'upgrade' ] ) ; then + echo "-j option is mandatory for install/upgrade" + exit 1 +fi + FILES=$* if [ -z "$FILES" ]; then @@ -244,6 +252,7 @@ fetch() { prepare() { mkdir -p $ABSPATH TMPDIR=`mktemp -dq /tmp/nginx-prefix.XXXXXXXX` + cp $NGXLICENSE $TMPDIR/license.jwt if [ "$DISTRO" = "debian" ] || [ "$DISTRO" = "ubuntu" ]; then for PKG in $FILES; do dpkg -x $PKG $TMPDIR @@ -329,7 +338,11 @@ extract() { exit 1 fi TARGETVER=$($ABSPATH/usr/sbin/nginx -v 2>&1 | cut -d '(' -f 2 | cut -d ')' -f 1 | cut -d'-' -f 3 | tr -d 'r') - if [ $TARGETVER -ge 31 ]; then + if [ $TARGETVER -ge 33 ]; then + mv $TMPDIR/license.jwt $ABSPATH/etc/nginx/license.jwt + echo "mgmt { license_token $ABSPATH/etc/nginx/license.jwt; }" >> $ABSPATH/etc/nginx/nginx.conf + fi + if [ $TARGETVER -ge 31 -a $TARGETVER -lt 33 ]; then echo "mgmt { uuid_file $ABSPATH/var/lib/nginx/nginx.id; }" >> $ABSPATH/etc/nginx/nginx.conf fi echo "Installation finished. You may run nginx with this command:" @@ -367,7 +380,13 @@ upgrade() { [ -d $TMPDIR/usr/lib64/ ] && cp -a $TMPDIR/usr/lib64/* $ABSPATH/usr/lib64/ check_modules_deps TARGETVER=$($ABSPATH/usr/sbin/nginx -v 2>&1 | cut -d '(' -f 2 | cut -d ')' -f 1 | cut -d'-' -f 3 | tr -d 'r') - if [ $TARGETVER -ge 31 ]; then + if [ $TARGETVER -ge 33 ]; then + if ! $ABSPATH/usr/sbin/nginx -p $ABSPATH/etc/nginx -c nginx.conf -T 2>&1 | grep 'license_token' | grep -vE '^(.*)#.*license_token' >/dev/null; then + cp $NGXLICENSE $ABSPATH/etc/nginx/license.jwt + echo "mgmt { license_token $ABSPATH/etc/nginx/license.jwt; }" >> $ABSPATH/etc/nginx/nginx.conf + fi + fi + if [ $TARGETVER -ge 31 -a $TARGETVER -lt 33 ]; then if ! $ABSPATH/usr/sbin/nginx -p $ABSPATH/etc/nginx -c nginx.conf -T 2>&1 | grep 'uuid_file' | grep -vE '^(.*)#.*uuid_file' >/dev/null; then echo "mgmt { uuid_file $ABSPATH/var/lib/nginx/nginx.id; }" >> $ABSPATH/etc/nginx/nginx.conf fi From 9909f0bc67c64143851005ec24a4ecff648adbc3 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 23 Oct 2024 15:57:12 -0700 Subject: [PATCH 2/2] Allow to redefine REPOPREFIX It is useful to test this script with preview repos. --- ngxunprivinst.sh | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/ngxunprivinst.sh b/ngxunprivinst.sh index 440fd0e..30f0535 100755 --- a/ngxunprivinst.sh +++ b/ngxunprivinst.sh @@ -103,26 +103,28 @@ fi ARCH=x86_64 [ `uname -m` = "aarch64" ] && ARCH=aarch64 +[ -z $REPOPREFIX ] && REPOPREFIX=https://pkgs.nginx.com/plus + if [ -f /etc/redhat-release ]; then RELEASE=`grep -Eo 'release [0-9]{1}' /etc/redhat-release | cut -d' ' -f2` - REPOURL=https://pkgs.nginx.com/plus/centos/$RELEASE/$ARCH/RPMS/ + REPOURL=$REPOPREFIX/centos/$RELEASE/$ARCH/RPMS/ DISTRO="RHEL/CentOS" SUFFIX="el" elif [ -f /etc/os-release ] && fgrep SLES /etc/os-release; then RELEASE=`grep -Eo 'VERSION="[0-9]{2}' /etc/os-release | cut -d'"' -f2` - REPOURL=https://pkgs.nginx.com/plus/sles/$RELEASE/$ARCH/RPMS/ + REPOURL=$REPOPREFIX/sles/$RELEASE/$ARCH/RPMS/ DISTRO="SLES" SUFFIX="sles" elif [ -f /etc/os-release ] && fgrep -q -i amazon /etc/os-release; then RELEASE=`grep -Eo 'VERSION=".+"' /etc/os-release | cut -d'"' -f2` if [ "$RELEASE" = "2" ]; then - REPOURL=https://pkgs.nginx.com/plus/amzn2/2/$ARCH/RPMS/ + REPOURL=$REPOPREFIX/amzn2/2/$ARCH/RPMS/ SUFFIX="amzn2" elif [ "$RELEASE" = "2023" ]; then - REPOURL=https://pkgs.nginx.com/plus/amzn/2023/$ARCH/RPMS/ + REPOURL=$REPOPREFIX/amzn/2023/$ARCH/RPMS/ SUFFIX="amzn2023" else - REPOURL=https://pkgs.nginx.com/plus/amzn/latest/$ARCH/RPMS/ + REPOURL=$REPOPREFIX/amzn/latest/$ARCH/RPMS/ SUFFIX="amzn1" RELEASE="1" fi @@ -132,10 +134,10 @@ elif [ -f /usr/bin/dpkg ]; then [ `uname -m` = "aarch64" ] && ARCH=arm64 DISTRO=`grep -E "^ID=" /etc/os-release | cut -d '=' -f2 | tr '[:upper:]' '[:lower:]'` RELEASE=`grep VERSION_CODENAME /etc/os-release | cut -d '=' -f2` - REPOURL=https://pkgs.nginx.com/plus/$DISTRO/pool/nginx-plus/n/ + REPOURL=$REPOPREFIX/$DISTRO/pool/nginx-plus/n/ elif [ -x /sbin/apk ]; then RELEASE=`grep -Eo 'VERSION_ID=[0-9]\.[0-9]{1,2}' /etc/os-release | cut -d'=' -f2` - REPOURL=https://pkgs.nginx.com/plus/alpine/v$RELEASE/main/$ARCH/ + REPOURL=$REPOPREFIX/alpine/v$RELEASE/main/$ARCH/ DISTRO="alpine" else echo "Cannot determine your operating system." @@ -152,7 +154,7 @@ if [ "$ACTION" = 'fetch' ] || [ "$ACTION" = 'list' ]; then ldd $(which wget) | grep -q libgnutls || \ echo "" | openssl s_client -servername pkgs.nginx.com -cert $NGXCERT -key $NGXKEY -connect pkgs.nginx.com:443 >/dev/null 2>&1 || \ WGET='wget -q --ciphers DEFAULT@SECLEVEL=1' - if ! $WGET -O /dev/null --certificate=$NGXCERT --private-key=$NGXKEY https://pkgs.nginx.com/plus/ ; then + if ! $WGET -O /dev/null --certificate=$NGXCERT --private-key=$NGXKEY $REPOPREFIX/ ; then echo "Cannot connect to pkgs.nginx.com, please check certificate and key." exit 1 fi @@ -409,7 +411,7 @@ upgrade() { list() { if [ "$DISTRO" = 'ubuntu' ] || [ "$DISTRO" = 'debian' ]; then - REPOURL=https://pkgs.nginx.com/plus/$DISTRO/pool/nginx-plus/n/nginx-plus + REPOURL=$REPOPREFIX/$DISTRO/pool/nginx-plus/n/nginx-plus fi echo "Versions available for $DISTRO $RELEASE $ARCH:" if [ "$DISTRO" = 'alpine' ] ; then