SEnginx 1.5.11configuration bug for 'ngx_http_neteye_security' [optional module]

[peterbowey]

Please add this patch for src/http/ngx_http.c

        case NGX_HTTP_CONTENT_PHASE:
            checker = ngx_http_core_content_phase;
            break;

+#if (NGX_HTTP_NETEYE_SECURITY)
        case NGX_HTTP_NETEYE_SECURITY_PHASE:
            if (cmcf->phase_engine.neteye_security_index == (ngx_uint_t) -1) {
                cmcf->phase_engine.neteye_security_index = n;
            }
            checker = ngx_http_core_generic_phase;

            break;
+#endif

        default:
            checker = ngx_http_core_generic_phase;

Otherwise, the compile will fail - if the optional 'ngx_http_neteye_security' is not selected by choice.

[peterbowey]

Else-wise, you will see an error like this:

src/http/ngx_http.c:554:14: error: 'NGX_HTTP_NETEYE_SECURITY_PHASE' undeclared (first use in this function)
         case NGX_HTTP_NETEYE_SECURITY_PHASE:

[InfoHunter]

Yep, this is an expectable result. Because "ngx_http_neteye_security" is not "optional", in fact it's a core component of SEnginx, many other modules depend on it, although it looks like a "3rd party" module. Not compiling this module will cause unexpectable results. But anyway, what you suggested could make the code more perfect (and I do know some other modules also have the same problems like this), I will apply this patch in future versions. Thanks a lot.

[peterbowey]

Thanks Paul,

I did realize that - after I did some more 'live' tests.

So there are some 'conditional' dependencies here with SEnginx.

In fact, I found the live run-time for SEnginx 'fails' with 'worker process exited on signal 11' if I even try to remove some of those 'third-party' modules. (I did not expect this..)

My serious 'mistake' was thinking of the SEnginx '3rd party' modules as 'optional.
Unlike with Tengine, I now realize the '3rd party' modules are not really separate 'options'.

Many thanks, I built (compiled) with the 'default' 3rd party options (minus MODSecurity) and I have a productive 'nginx' that meets my very high expectations. (load balancing and other specs).

[peterbowey]

Paul, therefore, is it 'wise' to move the real dependencies into the nginx core; as 'Tengine' do?

See: https://github.com/alibaba/tengine/tree/master/src/http/modules

Again, I love the clean and effective code that SEnginx utilizes.
(I am so sorry that I misunderstood the 3rd party code concept)...
I do consider this SEnginx could compete with the commercial Nginx Plus release!

[InfoHunter]

Hi Peter, not your mistake : ), the name "3rd-party" itself is confusing. The original meaning of 3rd-party was "3rd-party modules to original nginx", which includes modules by SEnginx and some "real" 3rd-party modules by other developers.

Yeah, you are right, since SEnginx is a "variant" of nginx, this situation should be changed. The name "3rd-party" should mean "3rd-party modules to SEnginx", this is what you thought before, isn't it?

Tengine is a good example, if I have enough time, I'll cleanup the code hierarchy in SEnginx in the future. Thanks a lot for the suggestion.

[InfoHunter]

SEnginx is still very young, and it needs to be improved in many area, such as bug-fixes, new features, performance ...

I hope more users could use it and give me some feedbacks just like what you did. That would be very helpful.

[InfoHunter]

At current stage, really have no time to do the cleanup work in SEnginx to make the file hierarchy perfect. Close the issue now, maybe it could be reopened in the future.