From SOURCES to PACKAGES
-
Hi, i have need to build nginx with a module that in the ports is off. I see that on pfsense we cannot compile, so i have to compile it to another freebsd machine, but now i cannot run make install on pfsense to install it.. Any suggestion?
-
If it's on nanobsd:
/etc/rc.conf_mount_rw
make install
/etc/rc.conf_mount_roedit: nevermind…there is no make on nanobsd versions of pfSense.
-
You could try something like this:
on the host where you have compiled the sources:
make install –prefix=/tmp/nginx
tar -C /tmp/nginx -c nginx.tar *
copy the tarball to your pfSense box, mount filesystem read-write (see my previous post)
extract the tarball in /usr/local or something -
Of course you realise that running nginx on your pfSense box is very much not recommended? What function are you planning to use it for?
Steve
-
It works, thanks! :) But i had to modify the sintax. This is what i used:
./configure --with-http_gzip_static_module --prefix=/usr/local/etc/nginx mkdir /tmp/nginx make install DESTDIR=/tmp/nginx cd /tmp/nginx tar -czf nginx.tz * #after moving the tarball to pfsens box: /etc/rc.conf_mount_rw mkdir /usr/local/etc/nginx tar xzf nginx.tz -C / # The tarball already contains the directory structure used in .configure
Yes, i know :) in fact i have 2 pfsense box:
1 without any plugins and another one that i'm using to do video and web-cache. -
Of course you realise that running nginx on your pfSense box is very much not recommended? What function are you planning to use it for?
Steve
Steve,
Can you elaborate on why nginx on pfSense is not recommended? I'm very interested in using at as a reverse proxy server. I've explored using the Squid3 package but it is missing features that I've been using from nginx (on OpenWRT). Namely, redirect with path & querystring (ie https://sub.mydomain.com/some/path?querystring to http://internal-server/some/path?querystring) and support for Basic Authentication (so I can force authentication for remote connections without implementing it on each internal web server).
-
Running as a web server is what's really not recommended. As a reverse proxy less so. However adding any packages yourself carries an inherent risk especially if they are services exposed to WAN. You would responsible for maintaining it against any new vulnerability.
There are several reverse proxy packages already. Does nginx offer something the others don't that you really need?
Steve
-
Too many people seem to think pfsense is a swiss army knife.
-
An nginx package doesn't seem like a terrible idea though, as long as it's limited to reverse proxy duties. People will inevitably use it as a web server I imagine. ::)
Steve
-
Too many people seem to think pfsense is a swiss army knife.
Actually, it is. And that's no problem. It's great.
The only thing is, that you have to use it cleverly. Like 5 posts before: he has two pfSense installs, one for main firewalling, and one for playing around. What's wrong with that? -
My personal opinion is that if you install too many services on your pfsense firewall, you no longer have a firewall - you have something that needs a firewall in front of it.
-
But he said he already has a firewall in front, which is a separate pfSense box.
-
http://www.youtube.com/watch?v=aXQ2lO3ieBA
-
I have no problem using pfSense as a base for an appliance. You just have to understand the security implications. pfSense had at one time a dedicated DNS version and it makes a nice VPN concentrator. No reason why it couldn't be a dedicated reverse proxy.
Steve
-
-
But… Can it blend?
-
???
-