From admin at rzmahdi.ir Thu Aug 1 14:56:29 2024 From: admin at rzmahdi.ir (Reza Mahdi) Date: Thu, 01 Aug 2024 18:26:29 +0330 Subject: Meson build system support Message-ID: Hi I recently test meson build system. It's syntax is something simple and looks really simple. The build system itself is in a good situation and many opensource projects migrated to meson. I wonder can it be an option for build? I may do it... -- Best regards Reza Mahdi From mdounin at mdounin.ru Thu Aug 1 18:21:35 2024 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 1 Aug 2024 21:21:35 +0300 Subject: Meson build system support In-Reply-To: References: Message-ID: Hello! On Thu, Aug 01, 2024 at 06:26:29PM +0330, Reza Mahdi wrote: > I recently test meson build system. It's syntax is something simple and looks > really simple. The build system itself is in a good situation and many opensource > projects migrated to meson. > > I wonder can it be an option for build? > I may do it... Do you suggest to replace the existing build system, or to add an additional build system? In general, I don't think more than one build system is justified, as this complicates support and not needed unless there are major limitations in all build systems being used which cannot be fixed. Also, I tend to think that switching to an external build system isn't really a good option due to inherent compatibility and portability limitations. Do you think there are issues with the existing build system? If you think there are, a better option might be to focus on resolving these issues. -- Maxim Dounin http://mdounin.ru/ From m.ddotx.f at gmail.com Sun Aug 11 12:16:05 2024 From: m.ddotx.f at gmail.com (Tatsuya Kaneko) Date: Sun, 11 Aug 2024 21:16:05 +0900 Subject: Inquiry on the Future Direction of Freenginx Message-ID: Thank you for developing Freenginx. I have some questions about its future direction. Do you want developers who currently use Nginx to switch to Freenginx? If so, I believe the following features are necessary: * Compelling features that encourage developers to choose Freenginx * A Docker image Many developers are satisfied with Nginx, so Freenginx needs features that stand out. For example, I would be interested in a feature that updates upstream via DNS. While this is possible with variables, it doesn't support keepalive connections with upstream. If Freenginx could offer this feature, many developers might choose it. Additionally, many developers, including myself, use Docker images. Since there is no Docker image for Freenginx, it?s not currently an option for us. So, if Freenginx has compelling features and a Docker image, I believe many developers would choose it. Is this something you want? I apologize, but I am not very familiar with Freenginx's source code. However, I am a maintainer of https://github.com/cubicdaiya/nginx-build and might be able to help if there are not enough resources to create a Docker image. -- Tatsuya Kaneko mail: m.ddotx.f at gmail.com From mdounin at mdounin.ru Sun Aug 11 20:11:24 2024 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 11 Aug 2024 23:11:24 +0300 Subject: Inquiry on the Future Direction of Freenginx In-Reply-To: References: Message-ID: Hello! (It looks like you aren't subscribed, so Cc'd explicitly.) On Sun, Aug 11, 2024 at 09:16:05PM +0900, Tatsuya Kaneko wrote: > Thank you for developing Freenginx. I have some questions about its > future direction. > > Do you want developers who currently use Nginx to switch to Freenginx? > > If so, I believe the following features are necessary: > > * Compelling features that encourage developers to choose Freenginx > * A Docker image > > Many developers are satisfied with Nginx, so Freenginx needs features > that stand out. For example, I would be interested in a feature that > updates upstream via DNS. While this is possible with variables, it > doesn't support keepalive connections with upstream. If Freenginx > could offer this feature, many developers might choose it. Certainly features are important, and almost every release of freenginx adds new features. As of now, important ones include better DoS protection in various areas (such as max_commands in mail proxy, max_headers, limits during request headers and body reading), error logging moderation, OAUTH authentication mechanisms in mail proxy, and a large cleanup of request body error handling which makes various complex error_page configurations a lot easier. Still, I tend to think that "developers are satisfied" isn't something to be taken as granted. Rather, this is a result of many years of work on the quality of the code. And it's an open question now if F5 will be able to maintain the quality of their code. > Additionally, many developers, including myself, use Docker images. > Since there is no Docker image for Freenginx, it?s not currently an > option for us. > > So, if Freenginx has compelling features and a Docker image, I believe > many developers would choose it. Is this something you want? I personally don't use Docker much, mostly for testing with various Linux userlands. Do you think that a special Docker image is required? My personal impression is that it is something better achieved with a package in/for a particular distribution. -- Maxim Dounin http://mdounin.ru/ From m.ddotx.f at gmail.com Sun Aug 11 23:27:15 2024 From: m.ddotx.f at gmail.com (Tatsuya Kaneko) Date: Mon, 12 Aug 2024 08:27:15 +0900 Subject: Inquiry on the Future Direction of Freenginx In-Reply-To: References: Message-ID: Thank you for continuously adding new features to Freenginx. Regarding the Docker image, when Nginx is needed in development or production environments, it is common to use the official Nginx Docker image. Nginx distributes a Debian-slim based image. The official Nginx Docker image is created using packages distributed for specific distributions by Nginx. Therefore, by creating packages for specific distributions, it becomes easier to create Docker images. While having both packages and Docker images would be beneficial, packages might be more important. 2024?8?12?(?) 5:11 Maxim Dounin : > > Hello! > > (It looks like you aren't subscribed, so Cc'd explicitly.) > > On Sun, Aug 11, 2024 at 09:16:05PM +0900, Tatsuya Kaneko wrote: > > > Thank you for developing Freenginx. I have some questions about its > > future direction. > > > > Do you want developers who currently use Nginx to switch to Freenginx? > > > > If so, I believe the following features are necessary: > > > > * Compelling features that encourage developers to choose Freenginx > > * A Docker image > > > > Many developers are satisfied with Nginx, so Freenginx needs features > > that stand out. For example, I would be interested in a feature that > > updates upstream via DNS. While this is possible with variables, it > > doesn't support keepalive connections with upstream. If Freenginx > > could offer this feature, many developers might choose it. > > Certainly features are important, and almost every release of > freenginx adds new features. > > As of now, important ones include better DoS protection in various > areas (such as max_commands in mail proxy, max_headers, limits > during request headers and body reading), error logging > moderation, OAUTH authentication mechanisms in mail proxy, and a > large cleanup of request body error handling which makes various > complex error_page configurations a lot easier. > > Still, I tend to think that "developers are satisfied" isn't > something to be taken as granted. Rather, this is a result of > many years of work on the quality of the code. And it's an open > question now if F5 will be able to maintain the quality of their > code. > > > Additionally, many developers, including myself, use Docker images. > > Since there is no Docker image for Freenginx, it?s not currently an > > option for us. > > > > So, if Freenginx has compelling features and a Docker image, I believe > > many developers would choose it. Is this something you want? > > I personally don't use Docker much, mostly for testing with > various Linux userlands. Do you think that a special Docker image > is required? My personal impression is that it is something > better achieved with a package in/for a particular distribution. > > -- > Maxim Dounin > http://mdounin.ru/ -- Tatsuya Kaneko mail: m.ddotx.f at gmail.com From mdounin at mdounin.ru Tue Aug 13 14:49:48 2024 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 13 Aug 2024 17:49:48 +0300 Subject: freenginx-1.27.3 Message-ID: Changes with freenginx 1.27.3 13 Aug 2024 *) Change: now the "Age" backend response header line is taken into account when caching. Thanks to Hiroaki Nakamura. *) Feature: the $upstream_cache_age variable. *) Change: during graceful shutdown of old worker processes keepalive connections are now closed only after timeout specified with the "lingering_timeout" directive expires. *) Feature: improvements in building on Windows. -- Maxim Dounin http://freenginx.org/ From paul at stormy.ca Mon Aug 26 20:50:55 2024 From: paul at stormy.ca (Paul) Date: Mon, 26 Aug 2024 16:50:55 -0400 Subject: CSP and headers Message-ID: <35d818a3-4f1a-8cb5-af08-3ea277c9fa69@stormy.ca> [specifically to the new/freenginx list] We've used nginx (currently stable 1.18.0 (Ubuntu)) ahead of apache2 for a long time, happy. This is in production, some 800k transactions per day -- not huge, but... Reverted to a backup server yesterday (maintenance) and had embedded pdf's fail. Backup was supposed to be identical, but had a single diff: add_header Content-Security-Policy "frame-ancestors 'none'"; screwed up several thousand embedded pdf files. My can of worms, now corrected. QUESTIONS: What is best CSP policy for what most user browsers seem to expect? Opera and Mac had no problem, Firefox and Chrome are more sensitive.