# How to use Nginx modules that are not exposed by the OpenResty port?



## i.am.the.problem (Jun 20, 2022)

I need to OpenResty but also need the HTTP_GEOIP2 and HTTP_REALIP modules provided by Nginx.

The Nginx port, and therefore Nginx has the configure options, for enabling these modules but they are not exposed by the OpenResty port.

How can I make this work?


----------



## i.am.the.problem (Jun 21, 2022)

I've tried altering the Makefile


```
# Created by: Jochen Neumeister <joneum@FreeBSD.org>

PORTNAME=       openresty
PORTVERSION=    1.21.4.1rc2
CATEGORIES=     www
MASTER_SITES=   https://openresty.org/download/

MAINTAINER=     joneum@FreeBSD.org
COMMENT=        OpenResty a powerful web app server by extending nginx

LICENSE=        BSD2CLAUSE MIT
LICENSE_COMB=   multi
LICENSE_FILE=   ${WRKSRC}/COPYRIGHT

LIB_DEPENDS=    libluajit-5.1.so:lang/luajit-openresty \
        libpcre.so:devel/pcre

#RUN_DEPENDS=   net/libmaxminddb>0:${PORTSDIR}net/libmaxminddb

#BUILD_DEPENDS= ${RUN_DEPENDS}

USES=           cpe gmake perl5 ssl

HAS_CONFIGURE=  yes
CONFIGURE_ARGS= --group=${WWWGRP} \
        --prefix=${PREFIX} \
        --user=${WWWOWN} \
        --with-cc-opt="-I ${LOCALBASE}/include" \
        --with-ld-opt="-L ${LOCALBASE}/lib" \
        --with-luajit=${LOCALBASE}

OPTIONS_DEFINE=         ARRAYVAR AUTHREQ COOLKIT DRIZZLE ECHO ENCSESSION \
                HEADERSMORE ICONV LUACJSON LUARDS LUAREDISPARS \
                LUARESTYDNS LUARESTYMEM LUARESTYMYSQL LUARESTYREDIS \
                LUARESTYSTRING LUARESTYUPLOAD MEMC MISC NDK POSTGRES \
RDSCSV RDSJSON REDIS REDIS2 SRCACHE XSS HTTP_REALIP HTTP_GEOIP2
OPTIONS_DEFAULT=        ARRAYVAR AUTHREQ COOLKIT ECHO ENCSESSION HEADERMORE \
                ICONV MEMC MISC NDK PORTGRES RDSCSV RDSJSON REDIS \
REDIS2 SRCACHE XSS HTTP_REALIP HTTP_GEOIP2

OPTIONS_SUB=    yes

ARRAYVAR_DESC=          Add support for array variables to config
AUTHREQ_DESC=           Auth request module
COOLKIT_DESC=           Collection of small and useful nginx add-ons
DRIZZLE_DESC=           Module for talking to MySQL and Drizzle
ECHO_DESC=              Brings echo/sleep/time and more shell-style
ENCSESSION_DESC=        Encrypt and decrypt nginx variable values
HEADERSMORE_DESC=       Set and clear input and output headers
ICONV_DESC=             Iconv support
LUACJSON_DESC=          Lua cjson library
LUARDS_DESC=            Lua rds library
LUAREDISPARS_DESC=      Lua redis parser library
LUARESTYDNS_DESC=       Lua resty dns library
LUARESTYMEM_DESC=       Lua resty memcached library
LUARESTYMYSQL_DESC=     Lua resty mysql library
LUARESTYREDIS_DESC=     Lua resty redis library
LUARESTYSTRING_DESC=    Lua resty string library
LUARESTYUPLOAD_DESC=    Lua resty upload library
MEMC_DESC=              An extended memcached module
MISC_DESC=              Various set_xxx directives added
NDK_DESC=               Nginx Development Kit
POSTGRES_DESC=          Module for talking to Postgeres
RDSCSV_DESC=            Output filter module to convert CSV
RDSJSON_DESC=           An output filter that formats Resty
REDIS2_DESC=            Module for the Redis 2.0 protocol
REDIS_DESC=             HTTP redis module
SRCACHE_DESC=           Transparent subrequest-based caching layout
XSS_DESC=               Native cross-site scripting support in nginx

ARRAYVAR_CONFIGURE_OFF=  --without-http_array_var_module
AUTHREQ_CONFIGURE_ON=    --with-http_auth_request_module
COOLKIT_CONFIGURE_OFF=   --without-http_coolkit_module
DRIZZLE_LIB_DEPENDS=     libdrizzle.so:databases/libdrizzle
DRIZZLE_CONFIGURE_ON=    --with-http_drizzle_module
ECHO_CONFIGURE_OFF=      --without-http_echo_module
ENCSESSION_CONFIGURE_OFF=       --without-http_encrypted_session_module
HEADERSMORE_CONFIGURE_OFF=      --without-http_headers_more_module
ICONV_CONFIGURE_ON=      --with-http_iconv_module
LUACJSON_CONFIGURE_OFF=  --without-lua_cjson
LUARDS_CONFIGURE_OFF=    --without-lua_rds_parser
LUAREDISPARS_CONFIGURE_OFF=     --without-lua_redis_parser
LUARESTYDNS_CONFIGURE_OFF=      --without-lua_resty_dns
LUARESTYMEM_CONFIGURE_OFF=      --without-lua_resty_memcached
LUARESTYMYSQL_CONFIGURE_OFF=    --without-lua_resty_mysql
LUARESTYREDIS_CONFIGURE_OFF=    --without-lua_resty_redis
LUARESTYSTRING_CONFIGURE_OFF=   --without-lua_resty_string
LUARESTYUPLOAD_CONFIGURE_OFF=   --without-lua_resty_upload
MEMC_CONFIGURE_OFF=      --without-http_memc_module
MISC_CONFIGURE_OFF=      --without-http_set_misc_module
NDK_CONFIGURE_OFF=       --without-ngx_devel_kit_module
POSTGRES_USES=           pgsql
POSTGRES_CONFIGURE_ON=   --with-http_postgres_module
RDSCSV_CONFIGURE_OFF=    --without-http_rds_csv_module
RDSJSON_CONFIGURE_OFF=   --without-http_rds_json_module
REDIS2_CONFIGURE_OFF=    --without-http_redis2_module
REDIS_CONFIGURE_OFF=     --without-http_redis_module
SRCACHE_CONFIGURE_OFF=   --without-http_srcache_module
XSS_CONFIGURE_OFF= --without-http_xss_module
HTTP_REALIP_CONFIGURE_ON=       --with-http_realip_module
HTTP_GEOIP2_CONFIGURE_ON=       --with-http_geoip_module


post-install:
   ${STRIP_CMD} ${STAGEDIR}${PREFIX}/nginx/sbin/nginx
   ${FIND} ${STAGEDIR}${PREFIX} -name '*.so' -exec ${STRIP_CMD} {} +

.include <bsd.port.mk>
```

And have libmaxminddb installed


```
pkg info libmaxminddb
libmaxminddb-1.6.0
Name           : libmaxminddb
Version        : 1.6.0
Installed on   : Tue Jun 21 08:39:24 2022 BST
Origin         : net/libmaxminddb
Architecture   : FreeBSD:13:amd64
Prefix         : /usr/local
Categories     : net
Licenses       : APACHE20
Maintainer     : sunpoet@FreeBSD.org
WWW            : https://github.com/maxmind/libmaxminddb
Comment        : Library for the MaxMind DB file format used for GeoIP2
Shared Libs provided:
   libmaxminddb.so.0
Annotations    :
   FreeBSD_version: 1300139
   cpe            : cpe:2.3:a:maxmind:libmaxminddb:1.6.0:::::freebsd13:x64
Flat size      : 94.5KiB
Description    :
The libmaxminddb library provides a C library for reading MaxMind DB
files, including the GeoIP2 databases from MaxMind. This is a custom
binary format designed to facilitate fast lookups of IP addresses while
allowing for great flexibility in the type of data associated with an
address.

WWW: https://github.com/maxmind/libmaxminddb
```

But when I try to make the port it fails with the following error.


```
===>   openresty-1.21.4.1rc2 depends on package: gmake>=4.3 - found
===>   openresty-1.21.4.1rc2 depends on file: /usr/local/lib/libcrypto.so.11 - found
===>   openresty-1.21.4.1rc2 depends on package: perl5>=5.32.r0<5.33 - found
===>   openresty-1.21.4.1rc2 depends on shared library: libluajit-5.1.so - found (/usr/local/lib/libluajit-5.1.so)
===>   openresty-1.21.4.1rc2 depends on shared library: libpcre.so - found (/usr/local/lib/libpcre.so)
===>  Configuring for openresty-1.21.4.1rc2
platform: freebsd (freebsd)
cp -rp bundle/ build
cd build
export LUAJIT_LIB='/usr/local/lib'
export LUAJIT_INC='/usr/local/include/luajit-2.1'
patching the resty script with hard-coded nginx binary path...
cd nginx-1.21.4
sh ./configure --prefix=/usr/local/nginx \
  --with-cc-opt='-O2 -I /usr/local/include' \
  --add-module=../ngx_devel_kit-0.3.1 \
  --add-module=../iconv-nginx-module-0.14 \
  --add-module=../echo-nginx-module-0.62 \
  --add-module=../xss-nginx-module-0.06 \
  --add-module=../ngx_coolkit-0.2 \
  --add-module=../set-misc-nginx-module-0.33 \
  --add-module=../form-input-nginx-module-0.12 \
  --add-module=../encrypted-session-nginx-module-0.09 \
  --add-module=../srcache-nginx-module-0.32 \
  --add-module=../ngx_lua-0.10.21rc2 \
  --add-module=../ngx_lua_upstream-0.07 \
  --add-module=../array-var-nginx-module-0.05 \
  --add-module=../memc-nginx-module-0.19 \
  --add-module=../redis2-nginx-module-0.15 \
  --add-module=../redis-nginx-module-0.3.9 \
  --add-module=../rds-json-nginx-module-0.15 \
  --add-module=../rds-csv-nginx-module-0.09 \
  --add-module=../ngx_stream_lua-0.0.11rc1 \
  --with-ld-opt='-Wl,-rpath,/usr/local/lib -L /usr/local/lib' \
  --group=www --user=www --with-http_auth_request_module --with-http_geoip_module --with-http_realip_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_ssl_module
checking for OS
 + FreeBSD 13.0-RELEASE amd64
checking for C compiler ... found
 + using Clang C compiler
checking for --with-ld-opt="-Wl,-rpath,/usr/local/lib -L /usr/local/lib" ... found
checking for -Wl,-E switch ... found
checking for gcc builtin atomic operations ... found
checking for C99 variadic macros ... found
checking for gcc variadic macros ... found
checking for gcc builtin 64 bit byteswap ... found
checking for unistd.h ... found
checking for inttypes.h ... found
checking for limits.h ... found
checking for sys/filio.h ... found
checking for sys/param.h ... found
checking for sys/mount.h ... found
checking for sys/statvfs.h ... found
checking for crypt.h ... not found
checking for FreeBSD specific features
 + sendfile() found
 + POSIX semaphores should work
 + kqueue found
 + kqueue's NOTE_LOWAT found
 + kqueue's EVFILT_TIMER found
 + cpuset_setaffinity() found
checking for poll() ... found
checking for /dev/poll ... not found
checking for crypt() ... not found
checking for crypt() in libcrypt ... found
checking for F_READAHEAD ... found
checking for posix_fadvise() ... found
checking for O_DIRECT ... found
checking for F_NOCACHE ... not found
checking for directio() ... not found
checking for statfs() ... found
checking for statvfs() ... found
checking for dlopen() ... found
checking for sched_yield() ... found
checking for sched_setaffinity() ... not found
checking for SO_SETFIB ... found
checking for SO_REUSEPORT ... found
checking for SO_ACCEPTFILTER ... found
checking for SO_BINDANY ... not found
checking for IP_TRANSPARENT ... not found
checking for IP_BINDANY ... found
checking for IP_BIND_ADDRESS_NO_PORT ... not found
checking for IP_RECVDSTADDR ... found
checking for IP_SENDSRCADDR ... found
checking for IP_PKTINFO ... not found
checking for IPV6_RECVPKTINFO ... found
checking for TCP_DEFER_ACCEPT ... not found
checking for TCP_KEEPIDLE ... found
checking for TCP_FASTOPEN ... found
checking for TCP_INFO ... found
checking for accept4() ... found
checking for int size ... 4 bytes
checking for long size ... 8 bytes
checking for long long size ... 8 bytes
checking for void * size ... 8 bytes
checking for uint32_t ... found
checking for uint64_t ... found
checking for sig_atomic_t ... found
checking for sig_atomic_t size ... 8 bytes
checking for socklen_t ... found
checking for in_addr_t ... found
checking for in_port_t ... found
checking for rlim_t ... found
checking for uintptr_t ... uintptr_t found
checking for system byte ordering ... little endian
checking for size_t size ... 8 bytes
checking for off_t size ... 8 bytes
checking for time_t size ... 8 bytes
checking for AF_INET6 ... found
checking for setproctitle() ... found
checking for pread() ... found
checking for pwrite() ... found
checking for pwritev() ... found
checking for strerrordesc_np() ... not found
checking for sys_nerr ... found
checking for localtime_r() ... found
checking for clock_gettime(CLOCK_MONOTONIC) ... found
checking for posix_memalign() ... found
checking for memalign() ... found
checking for mmap(MAP_ANON|MAP_SHARED) ... found
checking for mmap("/dev/zero", MAP_SHARED) ... found
checking for System V shared memory ... found
checking for POSIX semaphores ... found
checking for struct msghdr.msg_control ... found
checking for ioctl(FIONBIO) ... found
checking for ioctl(FIONREAD) ... found
checking for struct tm.tm_gmtoff ... found
checking for struct dirent.d_namlen ... found
checking for struct dirent.d_type ... found
checking for sysconf(_SC_NPROCESSORS_ONLN) ... found
checking for sysconf(_SC_LEVEL1_DCACHE_LINESIZE) ... not found
checking for openat(), fstatat() ... found
checking for getaddrinfo() ... found
checking for SOCK_CLOEXEC support ... found
checking for FD_CLOEXEC support ... found
configuring additional modules
adding module in ../ngx_devel_kit-0.3.1
 + ngx_devel_kit was configured
adding module in ../iconv-nginx-module-0.14
found ngx_devel_kit for ngx_iconv; looks good.
checking for libiconv ... not found
checking for libiconv ... found
 + ngx_http_iconv_module was configured
adding module in ../echo-nginx-module-0.62
 + ngx_http_echo_module was configured
adding module in ../xss-nginx-module-0.06
 + ngx_http_xss_filter_module was configured
adding module in ../ngx_coolkit-0.2
 + ngx_coolkit_module was configured
adding module in ../set-misc-nginx-module-0.33
found ngx_devel_kit for ngx_set_misc; looks good.
 + ngx_http_set_misc_module was configured
adding module in ../form-input-nginx-module-0.12
found ngx_devel_kit for ngx_form_input; looks good.
 + ngx_http_form_input_module was configured
adding module in ../encrypted-session-nginx-module-0.09
found ngx_devel_kit for ngx_encrypted_session; looks good.
 + ngx_http_encrypted_session_module was configured
adding module in ../srcache-nginx-module-0.32
 + ngx_http_srcache_filter_module was configured
adding module in ../ngx_lua-0.10.21rc2
checking for LuaJIT library in /usr/local/lib and /usr/local/include/luajit-2.1 (specified by the LUAJIT_LIB and LUAJIT_INC env, with -ldl) ... found
checking for LuaJIT 2.x ... found
checking for Lua language 5.1 ... found
checking for LuaJIT has FFI ... found
checking for export symbols by default (-E) ... found
checking for export symbols by default (--export-all-symbols) ... not found
checking for SO_PASSCRED ... not found
checking for SA_RESTART ... found
checking for malloc_trim ... not found
checking for pipe2 ... found
checking for signalfd ... not found
checking for execvpe ... not found
 + ngx_http_lua_module was configured
adding module in ../ngx_lua_upstream-0.07
 + ngx_http_lua_upstream_module was configured
adding module in ../array-var-nginx-module-0.05
found ngx_devel_kit for ngx_array_var; looks good.
 + ngx_http_array_var_module was configured
adding module in ../memc-nginx-module-0.19
 + ngx_http_memc_module was configured
adding module in ../redis2-nginx-module-0.15
 + ngx_http_redis2_module was configured
adding module in ../redis-nginx-module-0.3.9
 + ngx_http_redis_module was configured
adding module in ../rds-json-nginx-module-0.15
 + ngx_http_rds_json_filter_module was configured
adding module in ../rds-csv-nginx-module-0.09
 + ngx_http_rds_csv_filter_module was configured
adding module in ../ngx_stream_lua-0.0.11rc1
checking for LuaJIT library in /usr/local/lib and /usr/local/include/luajit-2.1 (specified by the LUAJIT_LIB and LUAJIT_INC env, with -ldl) ... found
checking for LuaJIT 2.x ... found
checking for Lua language 5.1 ... found
checking for LuaJIT has FFI ... found
checking for export symbols by default (-E) ... found
checking for export symbols by default (--export-all-symbols) ... not found
checking for SO_PASSCRED ... not found
checking for SA_RESTART ... found
checking for require defined symbols (--require-defined) ... not found
 + ngx_stream_lua_module was configured
checking for PCRE library ... found
checking for PCRE JIT support ... found
checking for OpenSSL library ... found
checking for zlib library ... found
checking for GeoIP library ... not found
checking for GeoIP library in /usr/local/ ... not found
checking for GeoIP library in /usr/pkg/ ... not found
checking for GeoIP library in /opt/local/ ... not found

./configure: error: the GeoIP module requires the GeoIP library.
You can either do not enable the module or install the library.

ERROR: failed to run command: sh ./configure --prefix=/usr/local/nginx \...
===>  Script "configure" failed unexpectedly.
Please report the problem to joneum@FreeBSD.org [maintainer] and attach the
"/usr/ports/www/openresty/work/openresty-1.21.4.1rc2/config.log" including
the output of the failure of your make command. Also, it might be a good idea
to provide an overview of all packages installed on your system (e.g. a
/usr/local/sbin/pkg-static info -g -Ea).
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/www/openresty
*** Error code 1

Stop.
```


----------



## SirDice (Jun 21, 2022)

I had no idea what OpenResty was, so I figured this was more a configuration setting, thus moved the thread to "web and network services". But now I see these are actually build options of the port itself, so I moved it back to "Ports and packages". 

If you look at the option settings from www/nginx you can see the GEOIP option also adds a CFLAGS when it's enabled:

```
HTTP_GEOIP2_GH_TUPLE=		leev:ngx_http_geoip2_module:3.3:geoip2
HTTP_GEOIP2_CFLAGS=		-I${LOCALBASE}/include
HTTP_GEOIP2_VARS=		DSO_EXTMODS+=geoip2
HTTP_GEOIP2_LIB_DEPENDS=	libmaxminddb.so:net/libmaxminddb
```

What this does, when the GEOIP2 option is _enabled_ those CFLAGS are added. In your changes you are not setting those CFLAGS, which causes the build to fail because it cannot find the header files. The `-I` flag adds a search path to the compiler, it needs to be told to add the /usr/local/include directory. 

You probably have to add this:

```
HTTP_GEOIP2_CFLAGS=		-I${LOCALBASE}/include
```


----------



## i.am.the.problem (Jun 21, 2022)

Sadly adding the CFLAG had no effect.


----------



## SirDice (Jun 21, 2022)

i.am.the.problem said:


> Sadly adding the CFLAG had no effect.


Ok, then there's probably some more missing. We know www/nginx builds fine with the option set. So we just need to compare the settings between that and your modified version of the OpenResty port.

It's probably not going to change the outcome of the build but this should be added too:

```
HTTP_GEOIP2_LIB_DEPENDS=	libmaxminddb.so:net/libmaxminddb
```
That will make sure OpenResty has a proper library dependency on net/libmaxminddb if that GEOIP2 option is enabled.

I'm honestly unsure what the HTTP_GEOIP2_VARS is for. That DSO_EXTMODS looks specific to the nginx build.


----------



## i.am.the.problem (Jun 21, 2022)

From what I can see the OpenResty port builds a bundled version of Nginx. Which includes the following file:


```
cat /usr/ports/www/openrestywork/openresty-1.21.4.1rc2/build/nginx-1.21.4/src/http/modules/ngx_http_geoip_module.c

/*
 * Copyright (C) Igor Sysoev
 * Copyright (C) Nginx, Inc.
 */


#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_http.h>

#include <GeoIP.h>
#include <GeoIPCity.h>
...
```

The Nginx port downloads a seperate geoip module which contains the following file:


```
cat /usr/ports/www/nginx/work/ngx_http_geoip2_module-3.3/ngx_http_geoip2_module.c   
/*
 * Copyright (C) Lee Valentine <lee@leev.net>
 *
 * Based on nginx's 'ngx_http_geoip_module.c' by Igor Sysoev
 */


#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_http.h>

#include <maxminddb.h>
...
```

So the bundled Nginx code from OpenResty is using the discontinued GeoIP database rather than the GeoIP2 database. The libmaxminddb provides the api for the GeoIP2 database.


----------



## SirDice (Jun 21, 2022)

i.am.the.problem said:


> So the bundled Nginx code from OpenResty is using the discontinued GeoIP database rather than the GeoIP2 database.


Ah, that explains it. Can't you use the same code nginx uses here?


----------



## i.am.the.problem (Jun 21, 2022)

SirDice said:


> Ah, that explains it. Can't you use the same code nginx uses here?


If I can work out how to get OpenResty to build it and produce a repeatable build yes.


----------



## i.am.the.problem (Jun 22, 2022)

I think for now I'm going to resurrect the the deprecated GeoIP port and use the script from here to convert the newer geo2 databases to the legacy format.


----------



## SWIFTYLIFT (Jun 24, 2022)

Dealing with the same thing right now - lemme know if I can help with anything.


----------

