From megatux at gmail.com  Mon Feb  4 19:00:40 2019
From: megatux at gmail.com (megatux at gmail.com)
Date: Mon, 4 Feb 2019 16:00:40 -0300
Subject: Support of listener routing with paths or subdomains
Message-ID: <CADXsxMeviXumeqOhHaV1SpOzaoADLW5Wa7msrLwcbPEwi6-K2Q@mail.gmail.com>

Hi,
  does Unit supports paths like "*/api/v2:3000" in the listener config?
I want to migrate incrementally API functionality between two apps.

Kind regards
-- 
-----------------------------------------------------
   .^. In an open world, who needs windows or gates?
   /V\   Cristian Molina <http://www.megatux.me/>
  //  \\   GNU/Linux User #73047, Ubuntu User # 14733
 /( _ )\       Merlo, San Luis - Argentina
  ^^ ^^ ---------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/unit/attachments/20190204/24f298b6/attachment.html>

From vbart at nginx.com  Tue Feb  5 13:34:17 2019
From: vbart at nginx.com (Valentin V. Bartenev)
Date: Tue, 05 Feb 2019 16:34:17 +0300
Subject: Support of listener routing with paths or subdomains
In-Reply-To: <CADXsxMeviXumeqOhHaV1SpOzaoADLW5Wa7msrLwcbPEwi6-K2Q@mail.gmail.com>
References: <CADXsxMeviXumeqOhHaV1SpOzaoADLW5Wa7msrLwcbPEwi6-K2Q@mail.gmail.com>
Message-ID: <2514606.hlbLZPHfio@vbart-workstation>

On Monday 04 February 2019 16:00:40 megatux at gmail.com wrote:
> Hi,
>   does Unit supports paths like "*/api/v2:3000" in the listener config?
> I want to migrate incrementally API functionality between two apps.
> 
> Kind regards
> 

URI paths is a part of HTTP protocol, but the listeners config doesn't know
about protocols.  It only creates sockets and in future they can be used for
UDP/TCP streaming as well.

In 1.8 (planned for the end of February) we're going to introduce internal
routing capabilities via a new "routes" option in config.  This will allow
to route requests between applications depending on URI and other request
parameters.

  wbr, Valentin V. Bartenev


From vbart at nginx.com  Thu Feb  7 16:44:23 2019
From: vbart at nginx.com (Valentin V. Bartenev)
Date: Thu, 07 Feb 2019 19:44:23 +0300
Subject: Unit 1.7.1 release
Message-ID: <4135617.2MqDKeG70M@vbart-workstation>

Hi,

This is a bugfix release of NGINX Unit that eliminates a security flaw.
All versions of Unit from 0.3 to 1.7 are affected.

Everybody is strongly advised to update to a new version.

Changes with Unit 1.7.1                                          07 Feb 2019

    *) Security: a heap memory buffer overflow might have been caused in the
       router process by a specially crafted request, potentially resulting
       in a segmentation fault or other unspecified behavior
       (CVE-2019-7401).

    *) Bugfix: install of Go module failed without prior building of Unit
       daemon; the bug had appeared in 1.7.

Release of Unit 1.8 with support for internal request routing and an
experimental Java module is planned for end of February.

  wbr, Valentin V. Bartenev


From vbart at nginx.com  Thu Feb  7 16:45:34 2019
From: vbart at nginx.com (Valentin V. Bartenev)
Date: Thu, 07 Feb 2019 19:45:34 +0300
Subject: Unit security advisory (CVE-2019-7401)
Message-ID: <4092006.NRvlMOIZbK@vbart-workstation>

Hi,

A security issue was identified in NGINX Unit, which might allow an
attacker to cause a heap memory buffer overflow in the router process
with a specially crafted request.  This may result in a denial of
service (router process crash) or other unspecified behavior
(CVE-2019-7401).

The issue affects Unit 0.3 - 1.7.
The issue is fixed in Unit 1.7.1.

   wbr, Valentin V. Bartenev


From tarkhil at over.ru  Sun Feb 10 08:25:44 2019
From: tarkhil at over.ru (=?UTF-8?B?0JDQu9C10LrRgdCw0L3QtNGAINCf0L7QstC+0LvQvtGG0LrQuNC5?=)
Date: Sun, 10 Feb 2019 11:25:44 +0300
Subject: Unit 1.7.1 release
In-Reply-To: <4135617.2MqDKeG70M@vbart-workstation>
References: <4135617.2MqDKeG70M@vbart-workstation>
Message-ID: <90c8ee67-a995-6142-3601-ea83bd5276f4@over.ru>

And patches for perl and Mojolicious (and maybe some other frameworks) 
has been integrated or not yet?

On 07.02.2019 19:44, Valentin V. Bartenev wrote:
> Hi,
>
> This is a bugfix release of NGINX Unit that eliminates a security flaw.
> All versions of Unit from 0.3 to 1.7 are affected.
>
> Everybody is strongly advised to update to a new version.
>
> Changes with Unit 1.7.1                                          07 Feb 2019
>
>      *) Security: a heap memory buffer overflow might have been caused in the
>         router process by a specially crafted request, potentially resulting
>         in a segmentation fault or other unspecified behavior
>         (CVE-2019-7401).
>
>      *) Bugfix: install of Go module failed without prior building of Unit
>         daemon; the bug had appeared in 1.7.
>
> Release of Unit 1.8 with support for internal request routing and an
> experimental Java module is planned for end of February.
>
>    wbr, Valentin V. Bartenev
>
> _______________________________________________
> unit mailing list
> unit at nginx.org
> https://mailman.nginx.org/mailman/listinfo/unit

From vbart at nginx.com  Sun Feb 10 11:20:58 2019
From: vbart at nginx.com (Valentin V. Bartenev)
Date: Sun, 10 Feb 2019 14:20:58 +0300
Subject: Unit 1.7.1 release
In-Reply-To: <90c8ee67-a995-6142-3601-ea83bd5276f4@over.ru>
References: <4135617.2MqDKeG70M@vbart-workstation>
 <90c8ee67-a995-6142-3601-ea83bd5276f4@over.ru>
Message-ID: <70447414.MiyDBSqi98@vbart-laptop>

On Sunday, 10 February 2019 11:25:44 MSK ????????? ?????????? wrote:
> And patches for perl and Mojolicious (and maybe some other frameworks) 
> has been integrated or not yet?
> 
[..]

Not yet.  The 1.7.1 release contains trivial fixes in the existing code.
The Perl patch adds new code (expands coverage of PSGI specification).
It will be included in 1.8 (end of February). 

  wbr, Valentin V. Bartenev




From dmatheis at usaddiction.com  Mon Feb 18 19:52:15 2019
From: dmatheis at usaddiction.com (Dave Matheis)
Date: Mon, 18 Feb 2019 14:52:15 -0500
Subject: PHP FPM settings
Message-ID: <01c001d4c7c3$72d48ef0$587dacd0$@usaddiction.com>

Hello,

 

When setting up a php application, is there a place within the unit settings
to put the directives that would otherwise be in a /etc/php-fpm.d/*.conf
file? For example the security.limit_extensions directive and the user and
group directives?  The values in my .conf file do not seem to applied to my
unit php app, although the app is otherwise working.

 

Thanks,

 

Dave Matheis

MIS Director

269-704-7584

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/unit/attachments/20190218/490f985c/attachment.html>

From vbart at nginx.com  Tue Feb 19 12:25:42 2019
From: vbart at nginx.com (Valentin V. Bartenev)
Date: Tue, 19 Feb 2019 15:25:42 +0300
Subject: PHP FPM settings
In-Reply-To: <01c001d4c7c3$72d48ef0$587dacd0$@usaddiction.com>
References: <01c001d4c7c3$72d48ef0$587dacd0$@usaddiction.com>
Message-ID: <4263391.PMMDQWbiV8@vbart-workstation>

On Monday 18 February 2019 14:52:15 Dave Matheis wrote:
> Hello,
> 
> When setting up a php application, is there a place within the unit settings
> to put the directives that would otherwise be in a /etc/php-fpm.d/*.conf
> file? For example the security.limit_extensions directive and the user and
> group directives?  The values in my .conf file do not seem to applied to my
> unit php app, although the app is otherwise working.
[..]

The default path depends on how libphp is built in your OS.  You can check it
in phpinfo() output.  Also, with Unit you can reconfigure it via control API.
See the relevant documentation: https://unit.nginx.org/configuration/#php-application

  wbr, Valentin V. Bartenev