git: 8ac09f0e8578 - main - www/freenginx: Update to 1.26.0
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 18 Jun 2024 09:26:59 UTC
The branch main has been updated by joneum:
URL: https://cgit.FreeBSD.org/ports/commit/?id=8ac09f0e8578bd95c0bab4369c98c2e5bdc118ae
commit 8ac09f0e8578bd95c0bab4369c98c2e5bdc118ae
Author: Jochen Neumeister <joneum@FreeBSD.org>
AuthorDate: 2024-06-18 09:21:17 +0000
Commit: Jochen Neumeister <joneum@FreeBSD.org>
CommitDate: 2024-06-18 09:26:47 +0000
www/freenginx: Update to 1.26.0
Changelog: freenginx-1.26.0 stable version has been released, incorporating new
features and bug fixes from the 1.25.x mainline branch — including
experimental HTTP/3 support, improved mitigation of various DoS attacks,
fixes in AIO handling, and more.
Adoption of the changes from www/nginx
Sponsored by: Netzkommune GmbH
---
www/freenginx/Makefile | 43 +-
www/freenginx/Makefile.extmod | 82 +-
www/freenginx/Makefile.options.desc | 7 +-
www/freenginx/distinfo | 54 +-
www/freenginx/files/extra-patch-httpv3 | 26867 -------------------
.../files/extra-patch-naxsi-libinjection__sqli_c | 13 +
www/freenginx/files/extra-patch-naxsi_config | 26 +
...xtra-patch-nginx-opentracing-opentracing-config | 8 -
.../extra-patch-nginx-thumbextractor-module-config | 25 +
.../extra-patch-nginx_mod_h264_streaming-config | 41 -
.../files/extra-patch-ngx_brotli_filter_config | 41 +
.../files/extra-patch-ngx_http_streaming_module.c | 13 -
.../files/extra-patch-ngx_stream_ssl_ct_module.c | 14 +
.../files/extra-patch-passenger-build-nginx.rb | 4 +-
.../files/extra-patch-passenger-disable-telemetry | 4 +-
www/freenginx/pkg-descr | 2 +-
www/freenginx/pkg-plist | 15 +-
17 files changed, 209 insertions(+), 27050 deletions(-)
diff --git a/www/freenginx/Makefile b/www/freenginx/Makefile
index 9311dfcdd792..007cf5adcd63 100644
--- a/www/freenginx/Makefile
+++ b/www/freenginx/Makefile
@@ -1,5 +1,5 @@
PORTNAME= nginx
-PORTVERSION= 1.24.0
+PORTVERSION= 1.26.0
PORTREVISION?= 0
CATEGORIES= www
MASTER_SITES= https://freenginx.org/download/ \
@@ -14,9 +14,9 @@ WWW= https://freenginx.org/
LICENSE= BSD2CLAUSE
LICENSE_FILE= ${WRKSRC}/LICENSE
-CONFLICTS_INSTALL= nginx-devel nginx
+CONFLICTS_INSTALL= nginx nginx-devel
-PORTSCOUT= limit:^1\.24\.[0-9]*
+PORTSCOUT= limit:^1\.26\.[0-9]*
USES= cpe
@@ -79,11 +79,11 @@ OPTIONS_GROUP_MAILGRP= MAIL MAIL_IMAP MAIL_POP3 MAIL_SMTP MAIL_SSL
OPTIONS_GROUP_STREAMGRP= STREAM STREAM_REALIP STREAM_SSL \
STREAM_SSL_PREREAD
-OPTIONS_DEFINE= DEBUG DEBUGLOG DSO FILE_AIO IPV6 NJS NJS_XML THREADS WWW
+OPTIONS_DEFINE= DEBUG DEBUGLOG DSO FILE_AIO IPV6 NJS NJS_XML OTEL THREADS WWW
OPTIONS_DEFAULT?= DSO FILE_AIO HTTP HTTP_ADDITION HTTP_AUTH_REQ HTTP_CACHE \
HTTP_DAV HTTP_FLV HTTP_GUNZIP_FILTER HTTP_GZIP_STATIC HTTP_MP4 \
HTTP_RANDOM_INDEX HTTP_REALIP HTTP_SECURE_LINK HTTP_SLICE HTTP_SSL \
- HTTP_STATUS HTTP_SUB HTTPV2 MAIL MAIL_SSL STREAM \
+ HTTP_STATUS HTTP_SUB HTTPV2 HTTPV3 MAIL MAIL_SSL STREAM \
STREAM_REALIP STREAM_SSL STREAM_SSL_PREREAD THREADS WWW
LIB_DEPENDS+= libpcre2-8.so:devel/pcre2
@@ -169,10 +169,7 @@ HTTP_XSLT_LIB_DEPENDS= libxml2.so:textproc/libxml2 \
HTTP_XSLT_VARS= DSO_BASEMODS+=http_xslt_module
HTTPV2_IMPLIES= HTTP_SSL
HTTPV2_CONFIGURE_ON= --with-http_v2_module
-HTTPV3_CONFIGURE_ON= --build=nginx-quic \
- --with-stream_quic_module \
- --with-http_v3_module
-HTTPV3_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-httpv3:-p1
+HTTPV3_CONFIGURE_ON= --with-http_v3_module
HTTPV3_BORING_BUILD_DEPENDS= ${LOCALBASE}/bin/bssl:security/boringssl
HTTPV3_BORING_RUN_DEPENDS= ${LOCALBASE}/bin/bssl:security/boringssl
HTTPV3_BORING_IMPLIES= HTTPV3
@@ -192,6 +189,7 @@ MAIL_SMTP_CONFIGURE_OFF= --without-mail_smtp_module
MAIL_SSL_USES= ssl
MAIL_SSL_CONFIGURE_ON= --with-mail_ssl_module
STREAM_VARS= DSO_BASEMODS+=stream
+STREAM_CONFIGURE_ON= --with-stream
STREAM_REALIP_CONFIGURE_ON= --with-stream_realip_module
STREAM_SSL_USES= ssl
STREAM_SSL_CONFIGURE_ON= --with-stream_ssl_module
@@ -247,8 +245,7 @@ CFLAGS+= -DNDEBUG
CONFIGURE_ENV+= EXTRA_PRE_CXXFLAGS="-std=c++14"
.endif
-.if empty(PORT_OPTIONS:MLUA) && empty(PORT_OPTIONS:MMODSECURITY3) && \
- empty(PORT_OPTIONS:MPASSENGER)
+.if empty(PORT_OPTIONS:MMODSECURITY3) && empty(PORT_OPTIONS:MPASSENGER)
CONFIGURE_ARGS+= --with-ld-opt="-L ${LOCALBASE}/lib"
.else
CONFIGURE_ARGS+= --with-ld-opt="-L ${LOCALBASE}/lib -lpcre"
@@ -271,9 +268,8 @@ pre-everything::
@${ECHO_MSG}
post-extract-NAXSI-on:
- @${MKDIR} ${WRKDIR}/naxsi-${NAXSI_NGINX_VER}
- @${MV} ${WRKDIR}/naxsi_rules ${WRKDIR}/naxsi_src \
- ${WRKDIR}/naxsi-${NAXSI_NGINX_VER}
+ @${RMDIR} ${WRKSRC_naxsi}/naxsi_src/libinjection
+ @${LN} -s ${WRKSRC_libinjection} ${WRKSRC_naxsi}/naxsi_src/libinjection
pre-patch-HTTPV3-on:
@${MV} ${WRKSRC}/README ${WRKSRC}/README.1st
@@ -285,7 +281,7 @@ post-patch:
${WRKSRC}/conf/nginx.conf
post-patch-BROTLI-on:
- @${REINPLACE_CMD} -E 's!^brotli=.*!brotli="${LOCALBASE}"!' ${WRKSRC_brotli}/config
+ @${REINPLACE_CMD} 's!%%PREFIX%%!${LOCALBASE}!g' ${WRKSRC_brotli}/filter/config
post-patch-DRIZZLE-on:
@${REINPLACE_CMD} 's!%%PREFIX%%!${LOCALBASE}!g' ${WRKSRC_drizzle}/config
@@ -307,22 +303,12 @@ post-patch-HTTP_AUTH_KRB5-on:
post-patch-HTTP_TARANTOOL-on:
@${REINPLACE_CMD} 's!%%PREFIX%%!${LOCALBASE}!g' ${WRKSRC_nginx_tarantool}/config
-# linker error acquire if --std=c99 defined, add "static" to inline function
-post-patch-HTTP_ZIP-on:
- @${REINPLACE_CMD} \
- 's!^inline!static inline!' \
- ${WRKSRC_mod_zip}/ngx_http_zip_parsers.*
-
post-patch-ICONV-on:
@${REINPLACE_CMD} 's!%%PREFIX%%!${LOCALBASE}!g' ${WRKSRC_iconv}/config
-post-patch-NAXSI-on:
- @${REINPLACE_CMD} 's!MSIZE!TOK_MSIZE!g' \
- ${WRKSRC_naxsi}/naxsi_src/libinjection/src/libinjection_sqli.c
-
post-patch-PASSENGER-on:
@${REINPLACE_CMD} \
- '177,179s!true!false!' \
+ '168,170s!true!false!' \
${WRKSRC_PASSENGER}/build/basics.rb
@${REINPLACE_CMD} \
's!-I/usr/include/libev!!; \
@@ -341,11 +327,6 @@ post-patch-SFLOW-on:
's!%%PREFIX%%!${LOCALBASE}!g' \
${WRKSRC_sflow}/ngx_http_sflow_config.h
-post-patch-VOD-on:
- @${REINPLACE_CMD} \
- 's!%%PREFIX%%!${LOCALBASE}!g' \
- ${WRKSRC_vod}/config
-
pre-configure-SMALL_LIGHT-on:
( cd ${WRKSRC_small_light} && ./setup )
diff --git a/www/freenginx/Makefile.extmod b/www/freenginx/Makefile.extmod
index f3f6d0526210..f6054544345a 100644
--- a/www/freenginx/Makefile.extmod
+++ b/www/freenginx/Makefile.extmod
@@ -2,16 +2,16 @@
OPTIONS_GROUP+= THIRDPARTYGRP
# External modules (arrayvar MUST appear after devel_kit for build-dep)
-OPTIONS_GROUP_THIRDPARTYGRP= AJP AWS_AUTH BROTLI CACHE_PURGE CLOJURE COOKIE_FLAG CT \
+OPTIONS_GROUP_THIRDPARTYGRP= AJP AWS_AUTH BROTLI CACHE_PURGE CT \
DEVEL_KIT ARRAYVAR DRIZZLE DYNAMIC_UPSTREAM ECHO ENCRYPTSESSION \
FIPS_CHECK FORMINPUT GRIDFS HEADERS_MORE HTTP_ACCEPT_LANGUAGE HTTP_AUTH_DIGEST \
HTTP_AUTH_KRB5 HTTP_AUTH_LDAP HTTP_AUTH_PAM HTTP_DAV_EXT HTTP_EVAL \
HTTP_FANCYINDEX HTTP_FOOTER HTTP_GEOIP2 HTTP_IP2LOCATION HTTP_IP2PROXY \
- HTTP_JSON_STATUS HTTP_MOGILEFS HTTP_MP4_H264 HTTP_NOTICE HTTP_PROXY_CONNECT HTTP_PUSH \
+ HTTP_JSON_STATUS HTTP_MOGILEFS HTTP_NOTICE HTTP_PUSH \
HTTP_PUSH_STREAM HTTP_REDIS HTTP_SLICE_AHEAD HTTP_SUBS_FILTER HTTP_TARANTOOL \
HTTP_UPLOAD HTTP_UPLOAD_PROGRESS HTTP_UPSTREAM_CHECK HTTP_UPSTREAM_FAIR \
- HTTP_UPSTREAM_STICKY HTTP_VIDEO_THUMBEXTRACTOR HTTP_ZIP ICONV LET LINK LUA MEMC \
- MODSECURITY3 NAXSI OPENTRACING PASSENGER POSTGRES RDS_CSV RDS_JSON \
+ HTTP_UPSTREAM_STICKY HTTP_VIDEO_THUMBEXTRACTOR HTTP_ZIP ICONV LET LINK LUA LUASTREAM \
+ MEMC MODSECURITY3 NAXSI PASSENGER POSTGRES RDS_CSV RDS_JSON \
REDIS2 RTMP SET_MISC SFLOW SHIBBOLETH SLOWFS_CACHE SRCACHE STS \
VOD VTS XSS WEBSOCKIFY
@@ -26,26 +26,18 @@ AWS_AUTH_GH_TUPLE= anomalizer:ngx_aws_auth:21931b2:aws_auth
AWS_AUTH_VARS= DSO_EXTMODS+=aws_auth
BROTLI_LIB_DEPENDS= libbrotlicommon.so:archivers/brotli
-BROTLI_GH_TUPLE= google:ngx_brotli:9aec15e:brotli
+BROTLI_GH_TUPLE= google:ngx_brotli:a71f931:brotli
BROTLI_VARS= DSO_EXTMODS+=brotli
+BROTLI_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-ngx_brotli_filter_config
CACHE_PURGE_GH_TUPLE= nginx-modules:ngx_cache_purge:a84b0f3:cache_purge
CACHE_PURGE_VARS= DSO_EXTMODS+=cache_purge
-CLOJURE_CATEGORIES+= java
-CLOJURE_USE= JAVA=yes JAVA_OS=native JAVA_VERSION=1.8 \
- JAVA_VENDOR=openjdk JAVA_BUILD=yes JAVA_RUN=yes
-CLOJURE_GH_TUPLE= nginx-clojure:nginx-clojure:v0.6.0:clojure
-CLOJURE_CONFIGURE_ENV= "JNI_INCS=-I${LOCALBASE}/openjdk8/include -I${LOCALBASE}/openjdk8/include/freebsd"
-CLOJURE_VARS= DSO_EXTMODS+=clojure CLOJURE_SUBDIR=/src/c
-
-COOKIE_FLAG_GH_TUPLE= AirisX:nginx_cookie_flag_module:c4ff449:cookie_flag
-COOKIE_FLAG_VARS= DSO_EXTMODS+=cookie_flag
-
CT_IMPLIES= HTTP_SSL
CT_GH_TUPLE= grahamedgecombe:nginx-ct:93e9884:ct
CT_VARS= DSO_EXTMODS+=ct
-CT_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-nginx-ct-LibreSSL
+CT_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-nginx-ct-LibreSSL \
+ ${PATCHDIR}/extra-patch-ngx_stream_ssl_ct_module.c
ECHO_GH_TUPLE= openresty:echo-nginx-module:5a402aa:echo
ECHO_VARS= DSO_EXTMODS+=echo
@@ -61,7 +53,7 @@ DYNAMIC_UPSTREAM_IMPLIES= STREAM
DYNAMIC_UPSTREAM_GH_TUPLE= ZigzagAK:ngx_dynamic_upstream:960eef2:dynamic_upstream
DYNAMIC_UPSTREAM_VARS= DSO_EXTMODS+=dynamic_upstream
-DEVEL_KIT_GH_TUPLE= vision5:ngx_devel_kit:v0.3.2:devel_kit
+DEVEL_KIT_GH_TUPLE= vision5:ngx_devel_kit:v0.3.3:devel_kit
DEVEL_KIT_VARS= FIRST_DSO_EXTMODS+=devel_kit
ENCRYPTSESSION_IMPLIES= DEVEL_KIT
@@ -80,7 +72,7 @@ GRIDFS_LIB_DEPENDS= libbson-1.0.so:devel/libbson \
libmongoc-1.0.so:devel/mongo-c-driver
GRIDFS_VARS= DSO_EXTMODS+=gridfs GRIDFS_SUBDIR=/nginx-gridfs
-HEADERS_MORE_GH_TUPLE= openresty:headers-more-nginx-module:33b646d:headers_more
+HEADERS_MORE_GH_TUPLE= openresty:headers-more-nginx-module:06dc0be:headers_more
HEADERS_MORE_VARS= DSO_EXTMODS+=headers_more
HTTP_ACCEPT_LANGUAGE_GH_TUPLE= dvershinin:nginx_accept_language_module:5683967:accept_language
@@ -101,10 +93,6 @@ HTTP_AUTH_LDAP_USES= ldap
HTTP_AUTH_PAM_GH_TUPLE= sto:ngx_http_auth_pam_module:v1.5.3:auth_pam
HTTP_AUTH_PAM_VARS= DSO_EXTMODS+=auth_pam
-HTTP_PROXY_CONNECT_GH_TUPLE= chobits:ngx_http_proxy_connect_module:75febef:mod_https_connect
-HTTP_PROXY_CONNECT_EXTRA_PATCHES= ${WRKSRC_mod_https_connect}/patch/proxy_connect_rewrite_102101.patch:-p1
-HTTP_PROXY_CONNECT_VARS= DSO_EXTMODS+=mod_https_connect
-
HTTP_DAV_EXT_IMPLIES= HTTP_DAV
HTTP_DAV_EXT_LIB_DEPENDS= libxml2.so:textproc/libxml2 \
libxslt.so:textproc/libxslt
@@ -145,13 +133,6 @@ HTTP_MOGILEFS_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-ngx_http_mogilefs_module.c
${PATCHDIR}/extra-patch-nginx_mogilefs_module-config
HTTP_MOGILEFS_VARS= DSO_EXTDIRS+=nginx_mogilefs_module-1.0.4
-HTTP_MP4_H264_MASTER_SITES= http://h264.code-shop.com/download/:mp4streaming
-HTTP_MP4_H264_CONFIGURE_ON= --with-cc-opt="-DLARGEFILE_SOURCE -DBUILDING_NGINX"
-HTTP_MP4_H264_DISTFILES= nginx_mod_h264_streaming-2.2.7.tar.gz:mp4streaming
-HTTP_MP4_H264_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-ngx_http_streaming_module.c \
- ${PATCHDIR}/extra-patch-nginx_mod_h264_streaming-config
-HTTP_MP4_H264_VARS= DSO_EXTDIRS+=nginx_mod_h264_streaming-2.2.7
-
HTTP_NOTICE_GH_TUPLE= kr:nginx-notice:3c95966:notice
HTTP_NOTICE_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-ngx_http_notice_module.c \
${PATCHDIR}/extra-patch-nginx-notice-config
@@ -206,10 +187,11 @@ HTTP_VIDEO_THUMBEXTRACTOR_LIB_DEPENDS= libavformat.so:multimedia/ffmpeg \
libavutil.so:multimedia/ffmpeg \
libswscale.so:multimedia/ffmpeg
HTTP_VIDEO_THUMBEXTRACTOR_USES= jpeg
-HTTP_VIDEO_THUMBEXTRACTOR_GH_TUPLE= Novetta:nginx-video-thumbextractor-module:28861f2:vte
+HTTP_VIDEO_THUMBEXTRACTOR_GH_TUPLE= wandenberg:nginx-video-thumbextractor-module:e81f850:vte
HTTP_VIDEO_THUMBEXTRACTOR_VARS= DSO_EXTMODS+=vte
+HTTP_VIDEO_THUMBEXTRACTOR_EXTRA_PATCHES=${PATCHDIR}/extra-patch-nginx-thumbextractor-module-config
-HTTP_ZIP_GH_TUPLE= evanmiller:mod_zip:39dc908:mod_zip
+HTTP_ZIP_GH_TUPLE= vince2678:mod_zip:5b2604b:mod_zip
HTTP_ZIP_VARS= DSO_EXTMODS+=mod_zip
ICONV_IMPLIES= DEVEL_KIT
@@ -229,6 +211,14 @@ LUA_CONFIGURE_ENV= LUAJIT_INC=${LOCALBASE}/include/luajit-2.1 \
LUA_GH_TUPLE= openresty:lua-nginx-module:v0.10.26:lua
LUA_VARS= DSO_EXTMODS+=lua
+LUASTREAM_IMPLIES= DEVEL_KIT
+LUASTREAM_LIB_DEPENDS= libluajit-5.1.so:lang/luajit-openresty
+LUASTREAM_RUN_DEPENDS= lua-resty-core>0:www/lua-resty-core
+LUASTREAM_CONFIGURE_ENV=LUAJIT_INC=${LOCALBASE}/include/luajit-2.1 \
+ LUAJIT_LIB=${LOCALBASE}/lib
+LUASTREAM_GH_TUPLE= openresty:stream-lua-nginx-module:v0.0.14:luastream
+LUASTREAM_VARS= DSO_EXTMODS+=luastream
+
LINK_GH_TUPLE= Taymindis:nginx-link-function:3.2.4:link
LINK_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-nginx-link-function-config \
${PATCHDIR}/extra-patch-ngx_link_func_module.c
@@ -243,24 +233,32 @@ MODSECURITY3_GH_TUPLE= SpiderLabs:ModSecurity-nginx:v1.0.3:modsecurity3
MODSECURITY3_VARS= DSO_EXTMODS+=modsecurity3
NAXSI_NGINX_VER= 1.6
-NAXSI_MASTER_SITES= https://www.github.com/wargio/naxsi/releases/download/${NAXSI_NGINX_VER}/:naxsi
-NAXSI_DISTFILES= naxsi-${NAXSI_NGINX_VER}-src-with-deps.tar.gz:naxsi
+NAXSI_GH_TUPLE= wargio:naxsi:${NAXSI_NGINX_VER}:naxsi \
+ libinjection:libinjection:4aa3894:libinjection
NAXSI_VARS= DSO_EXTMODS+=naxsi NAXSI_SUBDIR=/naxsi_src
-WRKSRC_naxsi= ${WRKDIR}/naxsi-${NAXSI_NGINX_VER}
+NAXSI_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-naxsi-libinjection__sqli_c \
+ ${PATCHDIR}/extra-patch-naxsi_config
-NJS_GH_TUPLE= nginx:njs:0.8.0:njs
+NJS_GH_TUPLE= nginx:njs:0.8.4:njs
NJS_VARS= DSO_EXTMODS+=njs NJS_SUBDIR=/nginx
+NJS_IMPLIES= STREAM
-NJS_XML_IMPLIES= NJS
+NJS_XML_IMPLIES= HTTP NJS
NJS_XML_LIB_DEPENDS= libxml2.so:textproc/libxml2 \
libxslt.so:textproc/libxslt
-OPENTRACING_GH_TUPLE= opentracing-contrib:nginx-opentracing:v0.24.0:opentracing
-OPENTRACING_LIB_DEPENDS= libopentracing.so:devel/libopentracing
-OPENTRACING_VARS= DSO_EXTMODS+=opentracing OPENTRACING_SUBDIR=/opentracing
-OPENTRACING_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-nginx-opentracing-opentracing-config
-
-PASSENGER_NGINX_VER= 6.0.17
+OTEL_GH_TUPLE= osokin:nginx-otel:8f0857d:otel
+OTEL_VARS= DSO_EXTMODS+=otel OTEL_SUBDIR=/
+OTEL_LIB_DEPENDS= libabsl_base.so:devel/abseil \
+ libcares.so:dns/c-ares \
+ libgrpc.so:devel/grpc \
+ libopentelemetry_common.so:devel/opentelemetry-cpp \
+ libprotobuf.so:devel/protobuf \
+ libre2.so:devel/re2
+OTEL_BUILD_DEPENDS= ${LOCALBASE}/include/opentelemetry/proto/common/v1/common.proto:devel/opentelemetry-proto
+OTEL_CONFIGURE_ENV+= NGX_OTEL_PROTO_DIR=${PREFIX}/include
+
+PASSENGER_NGINX_VER= 6.0.20
PASSENGER_CATEGORIES= ruby
PASSENGER_USES= ruby
PASSENGER_BUILD_DEPENDS=${LOCALBASE}/bin/rake:devel/rubygem-rake
diff --git a/www/freenginx/Makefile.options.desc b/www/freenginx/Makefile.options.desc
index dc7f5a7c47a1..9ab1054b57ef 100644
--- a/www/freenginx/Makefile.options.desc
+++ b/www/freenginx/Makefile.options.desc
@@ -3,8 +3,6 @@ ARRAYVAR_DESC= 3rd party array_var module
AWS_AUTH_DESC= 3rd party aws auth module
BROTLI_DESC= 3rd party brotli module
CACHE_PURGE_DESC= 3rd party cache_purge module
-CLOJURE_DESC= 3rd party clojure module
-COOKIE_FLAG_DESC= 3rd party cookie_flag module
CT_DESC= 3rd party cert_transparency module (SSL req.)
DEBUGLOG_DESC= Enable debug log (--with-debug)
DEVEL_KIT_DESC= 3rd party Nginx Development Kit module
@@ -51,10 +49,8 @@ HTTP_IP2PROXY_DESC= 3rd party ip2proxy-nginx module
HTTP_JSON_STATUS_DESC= 3rd party http_json_status module
HTTP_MOGILEFS_DESC= 3rd party mogilefs module
HTTP_MP4_DESC= Enable http_mp4 module
-HTTP_MP4_H264_DESC= 3rd party mp4/h264 module
HTTP_NOTICE_DESC= 3rd party notice module
HTTP_PERL_DESC= Enable http_perl module
-HTTP_PROXY_CONNECT_DESC= 3rd party https proxy connect module
HTTP_PUSH_DESC= 3rd party push module
HTTP_PUSH_STREAM_DESC= 3rd party push stream module
HTTP_RANDOM_INDEX_DESC= Enable http_random_index module
@@ -82,6 +78,7 @@ IPV6_DESC= Enable IPv6 support
LET_DESC= 3rd party let module
LINK_DESC= 3rd party link function module
LUA_DESC= 3rd party lua module
+LUASTREAM_DESC= 3rd party lua stream module
MAILGRP_DESC= Modules that require MAIL module
MAIL_DESC= Enable IMAP4/POP3/SMTP proxy module
MAIL_IMAP_DESC= Enable IMAP4 proxy module
@@ -93,7 +90,7 @@ MODSECURITY3_DESC= 3rd party modsecurity3 module
NAXSI_DESC= 3rd party naxsi module
NJS_DESC= Enable javascript (NJS) module
NJS_XML_DESC= Enable XML functionality in NJS module
-OPENTRACING_DESC= 3rd party opentracing module
+OTEL_DESC= Enable OpenTELemetry module
PASSENGER_DESC= 3rd party passenger module
POSTGRES_DESC= 3rd party postgres module
RDS_CSV_DESC= 3rd party rds_csv module
diff --git a/www/freenginx/distinfo b/www/freenginx/distinfo
index 4a4c3c991169..b797fb230db7 100644
--- a/www/freenginx/distinfo
+++ b/www/freenginx/distinfo
@@ -1,34 +1,26 @@
-TIMESTAMP = 1708852054
-SHA256 (nginx-1.24.0.tar.gz) = 77a2541637b92a621e3ee76776c8b7b40cf6d707e69ba53a940283e30ff2f55d
-SIZE (nginx-1.24.0.tar.gz) = 1112471
+TIMESTAMP = 1718532898
+SHA256 (nginx-1.26.0.tar.gz) = d2e6c8439d6c6db5015d8eaab2470ab52aef85a7bf363182879977e084370497
+SIZE (nginx-1.26.0.tar.gz) = 1244118
SHA256 (nginx_mogilefs_module-1.0.4.tar.gz) = 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae
SIZE (nginx_mogilefs_module-1.0.4.tar.gz) = 11208
-SHA256 (nginx_mod_h264_streaming-2.2.7.tar.gz) = 6d974ba630cef59de1f60996c66b401264a345d25988a76037c2856cec756c19
-SIZE (nginx_mod_h264_streaming-2.2.7.tar.gz) = 44012
SHA256 (ngx_http_redis-0.3.9.tar.gz) = 21f87540f0a44b23ffa5df16fb3d788bc90803b255ef14f9c26e3847a6f26f46
SIZE (ngx_http_redis-0.3.9.tar.gz) = 13051
-SHA256 (naxsi-1.6-src-with-deps.tar.gz) = 1add95e5e473fca58b18356fd896221f98a122450d5b6e91b4352ef726f98a06
-SIZE (naxsi-1.6-src-with-deps.tar.gz) = 3352718
-SHA256 (passenger-6.0.17.tar.gz) = 385559ed1d78eb83165222d568721dcc4222bb57c1939811ecd2c4ef33937ba7
-SIZE (passenger-6.0.17.tar.gz) = 8422867
+SHA256 (passenger-6.0.20.tar.gz) = fa8d9a37edb92f4a8f064b3005b57bccf10392ce4eb067838883206060e27107
+SIZE (passenger-6.0.20.tar.gz) = 8476308
SHA256 (msva-nginx_ajp_module-fcbb2cc_GH0.tar.gz) = 522e94c59f5783f281d868ede2adf325bf2f8ffb9e62cf8451d4b9ac0516916c
SIZE (msva-nginx_ajp_module-fcbb2cc_GH0.tar.gz) = 110807
SHA256 (openresty-array-var-nginx-module-v0.05_GH0.tar.gz) = c949d4be6f3442c8e2937046448dc8d8def25c0e0fa6f4e805144cea45eabe80
SIZE (openresty-array-var-nginx-module-v0.05_GH0.tar.gz) = 11280
SHA256 (anomalizer-ngx_aws_auth-21931b2_GH0.tar.gz) = d8a2422da96a638e9a911e4edb592954d9c0fe1576456fec9809ef4e2a0a863d
SIZE (anomalizer-ngx_aws_auth-21931b2_GH0.tar.gz) = 15580
-SHA256 (google-ngx_brotli-9aec15e_GH0.tar.gz) = 0177b1158ff7092b9996346de28a0b296dc33addb2af4e8904794d19b4a9a808
-SIZE (google-ngx_brotli-9aec15e_GH0.tar.gz) = 16194
+SHA256 (google-ngx_brotli-a71f931_GH0.tar.gz) = b3312a045d5303a40d02beb34711b8ca27f7b72d647e9ee2012a8eddd14d9b22
+SIZE (google-ngx_brotli-a71f931_GH0.tar.gz) = 16376
SHA256 (nginx-modules-ngx_cache_purge-a84b0f3_GH0.tar.gz) = ddfd4fdd99075d906b7b75c49f56ec96b76df7951dfa54502e0f83890447031f
SIZE (nginx-modules-ngx_cache_purge-a84b0f3_GH0.tar.gz) = 17162
-SHA256 (nginx-clojure-nginx-clojure-v0.6.0_GH0.tar.gz) = e8215cdebc3eb13f852c10e9bbbf315f2e1b75bb4dec015ca60ec29efcb86509
-SIZE (nginx-clojure-nginx-clojure-v0.6.0_GH0.tar.gz) = 786029
-SHA256 (AirisX-nginx_cookie_flag_module-c4ff449_GH0.tar.gz) = 4b8c1c1e1ed59ed85751f4bd7d68026ad5051103c8b983e05ad17eb0cdab138e
-SIZE (AirisX-nginx_cookie_flag_module-c4ff449_GH0.tar.gz) = 4713
SHA256 (grahamedgecombe-nginx-ct-93e9884_GH0.tar.gz) = 72fdd125b9207cdda135f368095f85b943a78a4ff004d1cd217972e12b1571b2
SIZE (grahamedgecombe-nginx-ct-93e9884_GH0.tar.gz) = 7224
-SHA256 (vision5-ngx_devel_kit-v0.3.2_GH0.tar.gz) = aa961eafb8317e0eb8da37eb6e2c9ff42267edd18b56947384e719b85188f58b
-SIZE (vision5-ngx_devel_kit-v0.3.2_GH0.tar.gz) = 66551
+SHA256 (vision5-ngx_devel_kit-v0.3.3_GH0.tar.gz) = faa2fcd5168b10764d35081356511d5f84db5c526a1aa4b6add2db94b6853b2b
+SIZE (vision5-ngx_devel_kit-v0.3.3_GH0.tar.gz) = 66561
SHA256 (openresty-drizzle-nginx-module-3504fc6_GH0.tar.gz) = 86076735597f14db28cffabc0ab1f233cd51aab7cf112c56e267783e7814fc65
SIZE (openresty-drizzle-nginx-module-3504fc6_GH0.tar.gz) = 51596
SHA256 (ZigzagAK-ngx_dynamic_upstream-960eef2_GH0.tar.gz) = 86e7c6ed6dba2d4c5f5b87ecb91f25ccdb7a08b8a88236e632114f830b9e354b
@@ -43,8 +35,8 @@ SHA256 (calio-form-input-nginx-module-v0.12_GH0.tar.gz) = 5c1869d55897075adb3fdf
SIZE (calio-form-input-nginx-module-v0.12_GH0.tar.gz) = 11090
SHA256 (nieoding-nginx-gridfs-059bdc3_GH0.tar.gz) = 9b059b5ae7b602d12d32d5ebe2700827ea625f22c0fb3b9956242e11de63845b
SIZE (nieoding-nginx-gridfs-059bdc3_GH0.tar.gz) = 4674
-SHA256 (openresty-headers-more-nginx-module-33b646d_GH0.tar.gz) = 4e68ef77ce8bc3c248c04ddc112bb2230adf2de84c77430cedc8a4458ffb7369
-SIZE (openresty-headers-more-nginx-module-33b646d_GH0.tar.gz) = 28812
+SHA256 (openresty-headers-more-nginx-module-06dc0be_GH0.tar.gz) = 883b1e31d59f3eb1e76b34259711ad65a3443102973dcf22df329397f3d5eaa4
+SIZE (openresty-headers-more-nginx-module-06dc0be_GH0.tar.gz) = 29438
SHA256 (dvershinin-nginx_accept_language_module-5683967_GH0.tar.gz) = a58feb576f2231498b8a3863d3c6fba45c7d48bc48735fa714e07a7bfbedb6e3
SIZE (dvershinin-nginx_accept_language_module-5683967_GH0.tar.gz) = 3425
SHA256 (atomx-nginx-http-auth-digest-274490c_GH0.tar.gz) = 0839c33c2f8d519f92daae274f62cf87eb68415d562c6500ee3e3721ce80557c
@@ -73,8 +65,6 @@ SHA256 (nginx-modules-ngx_http_json_status_module-1d2f303_GH0.tar.gz) = fdc34e0e
SIZE (nginx-modules-ngx_http_json_status_module-1d2f303_GH0.tar.gz) = 6736
SHA256 (kr-nginx-notice-3c95966_GH0.tar.gz) = e829fc94178cc8c91fef15a1fc44ee7ac162c13eddc0bba4c9427aaa23386885
SIZE (kr-nginx-notice-3c95966_GH0.tar.gz) = 3343
-SHA256 (chobits-ngx_http_proxy_connect_module-75febef_GH0.tar.gz) = 6169361f31607af0ec8c78b356e62c2aeb128649161d688d7ea92f4d2c1c39f9
-SIZE (chobits-ngx_http_proxy_connect_module-75febef_GH0.tar.gz) = 32645
SHA256 (slact-nchan-v1.3.6_GH0.tar.gz) = ba0b7cc6b710a20ce1ed2554caf56154035291aaf115e407d7a6bb699fde42df
SIZE (slact-nchan-v1.3.6_GH0.tar.gz) = 761436
SHA256 (wandenberg-nginx-push-stream-module-8c02220_GH0.tar.gz) = ab4fbe236e8bc500f0c5e13403d6a0e2e4e4ec17b81e0fcedaf669b4339626a6
@@ -93,10 +83,10 @@ SHA256 (jaygooby-nginx-upstream-fair-10ecdcf_GH0.tar.gz) = 93f71b7cf0db9c6dbf97e
SIZE (jaygooby-nginx-upstream-fair-10ecdcf_GH0.tar.gz) = 10433
SHA256 (dvershinin-nginx-sticky-module-ng-2753211_GH0.tar.gz) = e4a533dfa214ea28122301aeebbb1a38e1d1972edb7ee9bc72271c14f2693005
SIZE (dvershinin-nginx-sticky-module-ng-2753211_GH0.tar.gz) = 120676
-SHA256 (Novetta-nginx-video-thumbextractor-module-28861f2_GH0.tar.gz) = 04656da527d9e64cbdf1bf475a93193fa60324ffea160d05d4cc53c864943bc1
-SIZE (Novetta-nginx-video-thumbextractor-module-28861f2_GH0.tar.gz) = 34447
-SHA256 (evanmiller-mod_zip-39dc908_GH0.tar.gz) = bc5c3d725268abbe1c5c38de5b18a4ad9dbe5821c4afeaccabd3eec38b272be4
-SIZE (evanmiller-mod_zip-39dc908_GH0.tar.gz) = 30275
+SHA256 (wandenberg-nginx-video-thumbextractor-module-e81f850_GH0.tar.gz) = 9113f887a8740fe72614ee32f481177d33e9542c3b0625627da19a1c4f3da2cb
+SIZE (wandenberg-nginx-video-thumbextractor-module-e81f850_GH0.tar.gz) = 2710072
+SHA256 (vince2678-mod_zip-5b2604b_GH0.tar.gz) = 4fe63be3b842882494152e586f0b87e73f51bfbfd801b78f033c71a011cba789
+SIZE (vince2678-mod_zip-5b2604b_GH0.tar.gz) = 29559
SHA256 (calio-iconv-nginx-module-v0.14_GH0.tar.gz) = b8b9f355c05c0790226512f6732348a2404d48531688a1fc04ce6768163bf462
SIZE (calio-iconv-nginx-module-v0.14_GH0.tar.gz) = 13133
SHA256 (baysao-nginx-let-module-c1f23aa_GH0.tar.gz) = 7393809d5d8877812da1bd5b5fbd1d8b00bc85e71f2f387c344f007773e49050
@@ -105,14 +95,20 @@ SHA256 (Taymindis-nginx-link-function-3.2.4_GH0.tar.gz) = 20c3679199ba7efe1598f0
SIZE (Taymindis-nginx-link-function-3.2.4_GH0.tar.gz) = 139656
SHA256 (openresty-lua-nginx-module-v0.10.26_GH0.tar.gz) = a75983287a2bdc5e964ace56a51b215dc2ec996639d4916cd393d6ebba94b565
SIZE (openresty-lua-nginx-module-v0.10.26_GH0.tar.gz) = 745785
+SHA256 (openresty-stream-lua-nginx-module-v0.0.14_GH0.tar.gz) = 8e2ff6ad5f91127da3c01757e7e654f1addf9769450d9159601d2cc153953c47
+SIZE (openresty-stream-lua-nginx-module-v0.0.14_GH0.tar.gz) = 381313
SHA256 (openresty-memc-nginx-module-v0.19_GH0.tar.gz) = 8c2bdbe875e4f5225d0778bfb09a2668f9281d7de6218c7b462a7ba2cee06fe8
SIZE (openresty-memc-nginx-module-v0.19_GH0.tar.gz) = 34654
SHA256 (SpiderLabs-ModSecurity-nginx-v1.0.3_GH0.tar.gz) = 32a42256616cc674dca24c8654397390adff15b888b77eb74e0687f023c8751b
SIZE (SpiderLabs-ModSecurity-nginx-v1.0.3_GH0.tar.gz) = 34063
-SHA256 (nginx-njs-0.8.0_GH0.tar.gz) = b98033fff6aadcbb8e108b96e80c0d94c6e2103bcbe75846b5ae0b560696084b
-SIZE (nginx-njs-0.8.0_GH0.tar.gz) = 715391
-SHA256 (opentracing-contrib-nginx-opentracing-v0.24.0_GH0.tar.gz) = 5328c5f37e0615b5252aed51b9cd40f3d14989d995ad54134076aeda4ab9b280
-SIZE (opentracing-contrib-nginx-opentracing-v0.24.0_GH0.tar.gz) = 679417
+SHA256 (wargio-naxsi-1.6_GH0.tar.gz) = e5920fdd09cae155b89eb21a94a21c029ebfdb056c284130221525be54044aae
+SIZE (wargio-naxsi-1.6_GH0.tar.gz) = 1116227
+SHA256 (libinjection-libinjection-4aa3894_GH0.tar.gz) = ededea133e89e238ef2e60d0d62ef7ef9e741449eed8c5d856007132505bcd5b
+SIZE (libinjection-libinjection-4aa3894_GH0.tar.gz) = 2218294
+SHA256 (nginx-njs-0.8.4_GH0.tar.gz) = fe197e254204c15e9f1df0acf375add57be3416901ec8d7b87319dccb490f90d
+SIZE (nginx-njs-0.8.4_GH0.tar.gz) = 743910
+SHA256 (osokin-nginx-otel-8f0857d_GH0.tar.gz) = bbf93813928460bdaf78f752f74ecc6c34d13078e97fdffcaa29dbd8689314fc
+SIZE (osokin-nginx-otel-8f0857d_GH0.tar.gz) = 30197
SHA256 (konstruxi-ngx_postgres-8aa7359_GH0.tar.gz) = c69ad4495de7c7883ebc23e1e6c4cc83a4ac6a7fddd4d5c12e49d33b65f7c50b
SIZE (konstruxi-ngx_postgres-8aa7359_GH0.tar.gz) = 48544
SHA256 (openresty-rds-csv-nginx-module-v0.09_GH0.tar.gz) = 896be99c0cad50218417800a159e43ec088d6b58c099472ed3b3d7f179d6c0ea
diff --git a/www/freenginx/files/extra-patch-httpv3 b/www/freenginx/files/extra-patch-httpv3
deleted file mode 100644
index c49f591c25d5..000000000000
--- a/www/freenginx/files/extra-patch-httpv3
+++ /dev/null
@@ -1,26867 +0,0 @@
-diff -r ac779115ed6e README
---- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ b/README Thu May 11 11:48:37 2023 -0400
-@@ -0,0 +1,386 @@
-+Experimental QUIC support for nginx
-+-----------------------------------
-+
-+1. Introduction
-+2. Building from sources
-+3. Configuration
-+4. Directives
-+5. Clients
-+6. Troubleshooting
-+7. Contributing
-+8. Links
-+
-+1. Introduction
-+
-+ This is an experimental QUIC [1] / HTTP/3 [2] support for nginx.
-+
-+ The code is developed in a separate "quic" branch available
-+ at https://hg.nginx.org/nginx-quic. Currently it is based
-+ on nginx mainline 1.23.x. We merge new nginx releases into
-+ this branch regularly.
-+
-+ The project code base is under the same BSD license as nginx.
-+
-+ The code is currently at a beta level of quality, however
-+ there are several production deployments with it.
-+
-+ NGINX Development Team is working on improving HTTP/3 support to
-+ integrate it into the main NGINX codebase. Thus, expect further
-+ updates of this code, including features, changes in behaviour,
-+ bug fixes, and refactoring. NGINX Development team will be
-+ grateful for any feedback and code submissions.
-+
-+ Please contact NGINX Development Team via nginx-devel mailing list [3].
-+
-+ What works now:
-+
-+ IETF QUIC version 1 is supported. Internet drafts are no longer supported.
-+
-+ nginx should be able to respond to HTTP/3 requests over QUIC and
-+ it should be possible to upload and download big files without errors.
-+
-+ + The handshake completes successfully
-+ + One endpoint can update keys and its peer responds correctly
-+ + 0-RTT data is being received and acted on
-+ + Connection is established using TLS Resume Ticket
-+ + A handshake that includes a Retry packet completes successfully
-+ + Stream data is being exchanged and ACK'ed
-+ + An H3 transaction succeeded
-+ + One or both endpoints insert entries into dynamic table and
-+ subsequently reference them from header blocks
-+ + Version Negotiation packet is sent to client with unknown version
-+ + Lost packets are detected and retransmitted properly
-+ + Clients may migrate to new address
-+
-+2. Building from sources
-+
-+ The build is configured using the configure command.
-+ Refer to http://nginx.org/en/docs/configure.html for details.
-+
-+ When configuring nginx, it's possible to enable QUIC and HTTP/3
-+ using the following new configuration options:
-+
-+ --with-http_v3_module - enable QUIC and HTTP/3
-+ --with-stream_quic_module - enable QUIC in Stream
-+
-+ A library that provides QUIC support is recommended to build nginx, there
-+ are several of those available on the market:
-+ + BoringSSL [4]
-+ + LibreSSL [5]
-+ + QuicTLS [6]
-+
-+ Alternatively, nginx can be configured with OpenSSL compatibility
-+ layer, which emulates BoringSSL QUIC API for OpenSSL. This mode is
-+ enabled by default if native QUIC support is not detected.
-+ 0-RTT is not supported in OpenSSL compatibility mode.
-+
-+ Clone the NGINX QUIC repository
-+
-+ $ hg clone -b quic https://hg.nginx.org/nginx-quic
-+ $ cd nginx-quic
-+
-+ Use the following command to configure nginx with BoringSSL [4]
-+
-+ $ ./auto/configure --with-debug --with-http_v3_module \
-+ --with-cc-opt="-I../boringssl/include" \
-+ --with-ld-opt="-L../boringssl/build/ssl \
-+ -L../boringssl/build/crypto"
-+ $ make
-+
-+ Alternatively, nginx can be configured with QuicTLS [6]
-+
-+ $ ./auto/configure --with-debug --with-http_v3_module \
-+ --with-cc-opt="-I../quictls/build/include" \
-+ --with-ld-opt="-L../quictls/build/lib"
-+
-+ Alternatively, nginx can be configured with a modern version
-+ of LibreSSL [7]
-+
-+ $ ./auto/configure --with-debug --with-http_v3_module \
-+ --with-cc-opt="-I../libressl/build/include" \
-+ --with-ld-opt="-L../libressl/build/lib"
-+
-+3. Configuration
-+
-+ The HTTP "listen" directive got a new option "quic" which enables
-+ QUIC as client transport protocol instead of TCP.
-+
-+ The Stream "listen" directive got a new option "quic" which enables
-+ QUIC as client transport protocol instead of TCP or plain UDP.
-+
-+ Along with "quic", it's also possible to specify "reuseport"
-+ option [8] to make it work properly with multiple workers.
-+
-+ To enable address validation:
-+
-+ quic_retry on;
-+
-+ To enable 0-RTT:
-+
-+ ssl_early_data on;
-+
-+ To enable GSO (Generic Segmentation Offloading):
-+
-+ quic_gso on;
-+
-+ To limit maximum UDP payload size on receive path:
-+
-+ quic_mtu <size>;
-+
-+ To set host key for various tokens:
-+
-+ quic_host_key <filename>;
-+
-+ QUIC requires TLSv1.3 protocol, which is enabled by the default
-+ by "ssl_protocols" directive.
-+
-+ By default, GSO Linux-specific optimization [10] is disabled.
-+ Enable it in case a corresponding network interface is configured to
-+ support GSO.
-+
-+ A number of directives were added that configure HTTP/3:
-+
-+ http3
-+ http3_hq
-+ http3_stream_buffer_size
-+ http3_max_concurrent_pushes
-+ http3_max_concurrent_streams
-+ http3_push
-+ http3_push_preload
-+
-+ In http, an additional variable is available: $http3.
-+ The value of $http3 is "h3" for HTTP/3 connections,
-+ "hq" for hq connections, or an empty string otherwise.
-+
-+ In stream, an additional variable is available: $quic.
-+ The value of $quic is "quic" if QUIC connection is used,
-+ or an empty string otherwise.
-+
-+Example configuration:
-+
-+ http {
-+ log_format quic '$remote_addr - $remote_user [$time_local] '
-+ '"$request" $status $body_bytes_sent '
-+ '"$http_referer" "$http_user_agent" "$http3"';
-+
-+ access_log logs/access.log quic;
-+
-+ server {
-+ # for better compatibility it's recommended
-+ # to use the same port for quic and https
-+ listen 8443 quic reuseport;
-+ listen 8443 ssl;
-+
-+ ssl_certificate certs/example.com.crt;
-+ ssl_certificate_key certs/example.com.key;
-+
-+ location / {
-+ # required for browsers to direct them into quic port
-+ add_header Alt-Svc 'h3=":8443"; ma=86400';
-+ }
-+ }
-+ }
-+
-+4. Directives
-+
-+ Syntax: quic_bpf on | off;
-+ Default: quic_bpf off;
-+ Context: main
-+
-+ Enables routing of QUIC packets using eBPF.
-+ When enabled, this allows to support QUIC connection migration.
-+ The directive is only supported on Linux 5.7+.
-+
-+
-+ Syntax: quic_retry on | off;
-+ Default: quic_retry off;
-+ Context: http | stream, server
-+
-+ Enables the QUIC Address Validation feature. This includes:
-+ - sending a new token in a Retry packet or a NEW_TOKEN frame
-+ - validating a token received in the Initial packet
-+
-+
-+ Syntax: quic_gso on | off;
-+ Default: quic_gso off;
-+ Context: http | stream, server
-+
-+ Enables sending in optimized batch mode using segmentation offloading.
-+ Optimized sending is only supported on Linux featuring UDP_SEGMENT.
-+
-+
-+ Syntax: quic_mtu size;
-+ Default: quic_mtu 65527;
-+ Context: http | stream, server
-+
-+ Sets the QUIC max_udp_payload_size transport parameter value.
-+ This is the maximum UDP payload that we are willing to receive.
-+
-+
-+ Syntax: quic_host_key file;
-+ Default: -
-+ Context: http | stream, server
-+
-+ Specifies a file with the secret key used to encrypt stateless reset and
-+ address validation tokens. By default, a randomly generated key is used.
-+
-+
-+ Syntax: quic_active_connection_id_limit number;
-+ Default: quic_active_connection_id_limit 2;
-+ Context: http | stream, server
-+
-+ Sets the QUIC active_connection_id_limit transport parameter value.
-+ This is the maximum number of connection IDs we are willing to store.
-+
-+
-+ Syntax: quic_timeout time;
-+ Default: quic_timeout 60s;
-+ Context: stream, server
-+
-+ Defines a timeout used to negotiate the QUIC idle timeout.
-+ In the http module, it is taken from the keepalive_timeout directive.
-+
-+
-+ Syntax: quic_stream_buffer_size size;
-+ Default: quic_stream_buffer_size 64k;
-+ Context: stream, server
-+
-+ Syntax: http3_stream_buffer_size size;
-+ Default: http3_stream_buffer_size 64k;
-+ Context: http, server
-+
-+ Sets buffer size for reading and writing of the QUIC STREAM payload.
-+ The buffer size is used to calculate initial flow control limits
-+ in the following QUIC transport parameters:
-+ - initial_max_data
-+ - initial_max_stream_data_bidi_local
-+ - initial_max_stream_data_bidi_remote
-+ - initial_max_stream_data_uni
-+
-+
-+ Syntax: http3_max_concurrent_pushes number;
-+ Default: http3_max_concurrent_pushes 10;
-+ Context: http, server
-+
-+ Limits the maximum number of concurrent push requests in a connection.
-+
-+
-+ Syntax: http3_max_concurrent_streams number;
-+ Default: http3_max_concurrent_streams 128;
-+ Context: http, server
-+
-+ Sets the maximum number of concurrent HTTP/3 streams in a connection.
-+
-+
-+ Syntax: http3_push uri | off;
-+ Default: http3_push off;
-+ Context: http, server, location
-+
-+ Pre-emptively sends (pushes) a request to the specified uri along with
-+ the response to the original request. Only relative URIs with absolute
-+ path will be processed, for example:
-+
-+ http3_push /static/css/main.css;
-+
-+ The uri value can contain variables.
-+
-+ Several http3_push directives can be specified on the same configuration
-+ level. The off parameter cancels the effect of the http3_push directives
-+ inherited from the previous configuration level.
-+
-+
-+ Syntax: http3_push_preload on | off;
-+ Default: http3_push_preload off;
-+ Context: http, server, location
-+
-+ Enables automatic conversion of preload links specified in the “Link”
-+ response header fields into push requests.
-+
-+
-+ Syntax: http3 on | off;
-+ Default: http3 on;
-+ Context: http, server
-+
-+ Enables HTTP/3 protocol negotiation.
-+
-+
-+ Syntax: http3_hq on | off;
-+ Default: http3_hq off;
-+ Context: http, server
-+
-+ Enables HTTP/0.9 protocol negotiation used in QUIC interoperability tests.
-+
-+5. Clients
-+
-+ * Browsers
-+
-+ Known to work: Firefox 90+ and Chrome 92+ (QUIC version 1)
-+
-+ Beware of strange issues: sometimes browser may decide to ignore QUIC
-+ Cache clearing/restart might help. Always check access.log and
-+ error.log to make sure the browser is using HTTP/3 and not TCP https.
-+
-+ * Console clients
-+
-+ Known to work: ngtcp2, firefox's neqo and chromium's console clients:
-+
-+ $ examples/client 127.0.0.1 8443 https://example.com:8443/index.html
-+
-+ $ ./neqo-client https://127.0.0.1:8443/
-+
-+ $ chromium-build/out/my_build/quic_client http://example.com:8443
-+
-+
-+ In case everyhing is right, the access log should show something like:
-+
-+ 127.0.0.1 - - [24/Apr/2020:11:27:29 +0300] "GET / HTTP/3" 200 805 "-"
-+ "nghttp3/ngtcp2 client" "quic"
-+
-+
-+6. Troubleshooting
-+
-+ Here are some tips that may help to identify problems:
-+
-+ + Ensure nginx is built with proper SSL library that supports QUIC
-+
-+ + Ensure nginx is using the proper SSL library in runtime
-+ (`nginx -V` shows what it's using)
-+
-+ + Ensure a client is actually sending requests over QUIC
-+ (see "Clients" section about browsers and cache)
-+
-+ We recommend to start with simple console client like ngtcp2
-+ to ensure the server is configured properly before trying
-+ with real browsers that may be very picky with certificates,
-+ for example.
-+
-+ + Build nginx with debug support [9] and check the debug log.
-+ It should contain all details about connection and why it
-+ failed. All related messages contain "quic " prefix and can
-+ be easily filtered out.
-+
-+ + For a deeper investigation, please enable additional debugging
-+ in src/event/quic/ngx_event_quic_connection.h:
-+
-+ #define NGX_QUIC_DEBUG_PACKETS
-+ #define NGX_QUIC_DEBUG_FRAMES
-+ #define NGX_QUIC_DEBUG_ALLOC
-+ #define NGX_QUIC_DEBUG_CRYPTO
-+
-+7. Contributing
-+
-+ Please refer to
-+ http://nginx.org/en/docs/contributing_changes.html
-+
-+8. Links
-+
-+ [1] https://datatracker.ietf.org/doc/html/rfc9000
-+ [2] https://datatracker.ietf.org/doc/html/rfc9114
-+ [3] https://mailman.nginx.org/mailman/listinfo/nginx-devel
-+ [4] https://boringssl.googlesource.com/boringssl/
-+ [5] https://www.libressl.org/
-+ [6] https://github.com/quictls/openssl
-+ [7] https://github.com/libressl-portable/portable/releases/tag/v3.6.0
-+ [8] https://nginx.org/en/docs/http/ngx_http_core_module.html#listen
-+ [9] https://nginx.org/en/docs/debugging_log.html
-+ [10] http://vger.kernel.org/lpc_net2018_talks/willemdebruijn-lpc2018-udpgso-paper-DRAFT-1.pdf
-diff -r ac779115ed6e auto/lib/openssl/conf
---- a/auto/lib/openssl/conf Tue Mar 28 18:01:53 2023 +0300
-+++ b/auto/lib/openssl/conf Thu May 11 11:48:37 2023 -0400
-@@ -5,12 +5,17 @@
-
- if [ $OPENSSL != NONE ]; then
-
-+ have=NGX_OPENSSL . auto/have
-+ have=NGX_SSL . auto/have
-+
-+ if [ $USE_OPENSSL_QUIC = YES ]; then
-+ have=NGX_QUIC . auto/have
-+ have=NGX_QUIC_OPENSSL_COMPAT . auto/have
-+ fi
-+
- case "$CC" in
-
- cl | bcc32)
-- have=NGX_OPENSSL . auto/have
-- have=NGX_SSL . auto/have
--
- CFLAGS="$CFLAGS -DNO_SYS_TYPES_H"
-
- CORE_INCS="$CORE_INCS $OPENSSL/openssl/include"
-@@ -33,9 +38,6 @@ if [ $OPENSSL != NONE ]; then
- ;;
-
- *)
-- have=NGX_OPENSSL . auto/have
-- have=NGX_SSL . auto/have
--
- CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"
- CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"
- CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"
-@@ -123,6 +125,35 @@ else
- CORE_INCS="$CORE_INCS $ngx_feature_path"
- CORE_LIBS="$CORE_LIBS $ngx_feature_libs"
- OPENSSL=YES
-+
-+ if [ $USE_OPENSSL_QUIC = YES ]; then
-+
-+ ngx_feature="OpenSSL QUIC support"
-+ ngx_feature_name="NGX_QUIC"
-+ ngx_feature_test="SSL_set_quic_method(NULL, NULL)"
-+ . auto/feature
-+
-+ if [ $ngx_found = no ]; then
-+ have=NGX_QUIC_OPENSSL_COMPAT . auto/have
-+
-+ ngx_feature="OpenSSL QUIC compatibility"
-+ ngx_feature_test="SSL_CTX_add_custom_ext(NULL, 0, 0,
-+ NULL, NULL, NULL, NULL, NULL)"
-+ . auto/feature
-+ fi
-+
-+ if [ $ngx_found = no ]; then
-+cat << END
-+
-+$0: error: certain modules require OpenSSL QUIC support.
-+You can either do not enable the modules, or install the OpenSSL library with
-+QUIC support into the system, or build the OpenSSL library with QUIC support
-+statically from the source with nginx by using --with-openssl=<path> option.
-+
-+END
-+ exit 1
-+ fi
-+ fi
- fi
- fi
-
-diff -r ac779115ed6e auto/make
---- a/auto/make Tue Mar 28 18:01:53 2023 +0300
-+++ b/auto/make Thu May 11 11:48:37 2023 -0400
-@@ -6,9 +6,10 @@
- echo "creating $NGX_MAKEFILE"
-
- mkdir -p $NGX_OBJS/src/core $NGX_OBJS/src/event $NGX_OBJS/src/event/modules \
-+ $NGX_OBJS/src/event/quic \
- $NGX_OBJS/src/os/unix $NGX_OBJS/src/os/win32 \
-- $NGX_OBJS/src/http $NGX_OBJS/src/http/v2 $NGX_OBJS/src/http/modules \
-- $NGX_OBJS/src/http/modules/perl \
-+ $NGX_OBJS/src/http $NGX_OBJS/src/http/v2 $NGX_OBJS/src/http/v3 \
-+ $NGX_OBJS/src/http/modules $NGX_OBJS/src/http/modules/perl \
- $NGX_OBJS/src/mail \
- $NGX_OBJS/src/stream \
- $NGX_OBJS/src/misc
-diff -r ac779115ed6e auto/modules
---- a/auto/modules Tue Mar 28 18:01:53 2023 +0300
-+++ b/auto/modules Thu May 11 11:48:37 2023 -0400
-@@ -102,7 +102,7 @@ if [ $HTTP = YES ]; then
- fi
-
-
-- if [ $HTTP_V2 = YES ]; then
-+ if [ $HTTP_V2 = YES -o $HTTP_V3 = YES ]; then
- HTTP_SRCS="$HTTP_SRCS $HTTP_HUFF_SRCS"
- fi
-
-@@ -124,6 +124,7 @@ if [ $HTTP = YES ]; then
- # ngx_http_header_filter
- # ngx_http_chunked_filter
- # ngx_http_v2_filter
-+ # ngx_http_v3_filter
- # ngx_http_range_header_filter
- # ngx_http_gzip_filter
- # ngx_http_postpone_filter
*** 26690 LINES SKIPPED ***