-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
APT installation broken when using Nginx's APT repository. #30
Comments
Same problem here, using ubuntu 20.04 updated. root@host:~# sudo apt install lua5.1 libnginx-mod-http-lua luarocks gettext-base
Reading package lists... Done
Building dependency tree
Reading state information... Done
gettext-base is already the newest version (0.19.8.1-10build1).
gettext-base set to manually installed.
The following additional packages will be installed:
autoconf automake autotools-dev file libdpkg-perl libfile-fcntllock-perl libltdl-dev liblua5.1-0 liblua5.1-0-dev libluajit-5.1-2
libluajit-5.1-common libncurses-dev libnginx-mod-http-ndk libreadline-dev libtool libtool-bin lua-any lua-sec lua-socket nginx-common
pkg-config
Suggested packages:
autoconf-archive gnu-standards autoconf-doc gettext debian-keyring bzr libtool-doc ncurses-doc readline-doc gfortran | fortran95-compiler
gcj-jdk fcgiwrap nginx-doc dpkg-dev
The following packages will be REMOVED:
nginx
The following NEW packages will be installed:
autoconf automake autotools-dev file libdpkg-perl libfile-fcntllock-perl libltdl-dev liblua5.1-0 liblua5.1-0-dev libluajit-5.1-2
libluajit-5.1-common libncurses-dev libnginx-mod-http-lua libnginx-mod-http-ndk libreadline-dev libtool libtool-bin lua-any lua-sec
lua-socket lua5.1 luarocks nginx-common pkg-config
0 upgraded, 24 newly installed, 1 to remove and 103 not upgraded.
Need to get 3,092 kB of archives.
After this operation, 13.6 MB of additional disk space will be used.
Do you want to continue? [Y/n] root@host:~# sudo apt install nginx lua5.1 libnginx-mod-http-lua luarocks gettext-base
Reading package lists... Done
Building dependency tree
Reading state information... Done
gettext-base is already the newest version (0.19.8.1-10build1).
gettext-base set to manually installed.
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
libnginx-mod-http-lua : Depends: libnginx-mod-http-ndk (= 1.18.0-0ubuntu1.2) but it is not going to be installed
Depends: nginx-common (= 1.18.0-0ubuntu1.2) but it is not going to be installed
E: Unable to correct problems, you have held broken packages.
root@host:~# there is no problem to run nginx 1.22 with crowdsec, as far i know. Basically it wants to remove my nginx 1.21 and setup nginx-comon 1.18. |
Hello, When using the nginx provided by ubuntu/debian, we need the dependancy on AFAIK, the nginx repository does not provide the LUA module (please correct me if this is wrong) so the bouncer won't work with it anyway. We are currently exploring how to support the official nginx repositories, but for now the only way for you to use the bouncer would probably be to manually build the LUA module and install the bouncer using the install script in this repo or switch to openresty (should work pretty much out of the box with your nginx config, but that's likely a big change) and use the openresty bouncer. |
Of course we need to support nginx, at least from the linux repo, but as an extra comment: most of linux sysadmin use nginx bouncer because you can not see the real IP using iptables when you have a proxy between you and the user. Maybe I am missing windows servers or customized nginx configs, I do not know. So maybe the simplest and efficient solution is to provide a middleware between 80/443 ports and nginx, using iptables, like bitninja does. using iptables rules it will forward the traffic to the middleware and filter. and this middleware can be a simple nginx, that works out of the box. I do not want to make it more complex, I am just saying that maybe most of the cases this is the problem about nginx use. - A very popular opensource panel called hestiacp use nginx from the oficial repo.
So maybe a simple docker solution or a custom nginx instance that read 80/443 traffic just to block some IPs will not just fix the most common nginx use, but also will expand the crowdsec solution to another 3 very popular web server panels. |
The solution to this issue is ppa/odrej repositories. The steps below work on Ubuntu 20.04 and 22.04:
|
But it's not recommended here url "do NOT use the ondrej nginx stable PPA which has the module, it causes nginx to segfault, most likely due to an incompatiblity between recent nginx versions and older LUA module versions" |
When using nginx's APT repo's the standard apt installation for the bouncer breaks due to a dependency issue.
Mainly because package names differ between the repos and the standard nginx-lua module is not included as separate package in the nginx repo.
When apt attempts to install this, this results in a dependency conflict as shown below:
Suggested resolution
Update the
debian/control
file to reflect a situation where onlynginx
being installed instead of bothnginx
andlibnginx-mod-http-lua
would be sufficient.The text was updated successfully, but these errors were encountered: