sulu-builder: enable nginx-mod-ws-auth as backend

2026-01-27 17:37:18 +01:00 · 2026-01-23 15:37:16 +05:30 · 2026-01-23 15:37:16 +05:30 · cdd7602283
commit cdd7602283
parent 4a5ec954c9
6 changed files with 37 additions and 50 deletions
--- a/sulu/sulu-base/Makefile
+++ b/sulu/sulu-base/Makefile
@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=sulu-base
-PKG_VERSION:=5.3.14
+PKG_VERSION:=5.4.0
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu.git
-PKG_SOURCE_VERSION:=0c393542cab0679016967558448f5ad5e8c03f81
+PKG_SOURCE_VERSION:=5261722b1f88be676b0bdcffcb08baadfdc269bd
 PKG_MIRROR_HASH:=skip
 SULU_MOD:=core
--- a/sulu/sulu-builder/Config.in
+++ b/sulu/sulu-builder/Config.in
@ -0,0 +1,6 @@
 if PACKAGE_sulu
 	config SULU_DEFAULT_UI
 		depends on PACKAGE_sulu
 		bool "Makes Sulu run on port 443 instead of 8443"
 		default n
 endif
--- a/sulu/sulu-builder/Config_builder.in
+++ b/sulu/sulu-builder/Config_builder.in
@ -0,0 +1,6 @@
 if PACKAGE_sulu-builder
 	config SULU_BUILDER_DEFAULT_UI
 		depends on PACKAGE_sulu-builder
 		bool "Makes Sulu run on port 443 instead of 8443"
 		default n
 endif
--- a/sulu/sulu-builder/Makefile
+++ b/sulu/sulu-builder/Makefile
@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=sulu-builder
-PKG_VERSION:=5.3.14
+PKG_VERSION:=5.4.0
 PKG_RELEASE:=1
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-builder.git
-PKG_SOURCE_VERSION:=17285a9a8262c664dd8da03a1257b9e6e495dd2c
+PKG_SOURCE_VERSION:=d66466774bdce454cb33e0e55f13da4ca4194dd4
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_BUILD_DIR:=$(BUILD_DIR)/sulu-$(PKG_VERSION)/sulu-builder-$(PKG_SOURCE_VERSION)
@ -28,8 +28,9 @@ define Package/sulu/default
 	CATEGORY:=Utilities
 	SUBMENU:=SULU
 	TITLE:=SULU-CE
-	DEPENDS:=+mosquitto-auth-plugin +usermngr +userinterface +obuspa
+	DEPENDS:=+usermngr +userinterface +obuspa
 	DEPENDS+=+@OBUSPA_LOCAL_MQTT_LISTENER
 	DEPENDS:=+nginx-mod-ws-auth
 	EXTRA_DEPENDS:=nginx
 endef
@ -58,26 +59,11 @@ define Package/sulu-builder/description
 endef
 define Package/sulu/config
-	config SULU_DEFAULT_UI
+	source "$(SOURCE)/Config.in"
 		depends on PACKAGE_sulu
 		bool "Makes Sulu run on port 443 instead of 8443"
 		default n
 endef
 define Package/sulu-builder/config
-	config SULU_BUILDER_EXTRA_PACKAGES
+	source "$(SOURCE)/Config_builder.in"
 		depends on PACKAGE_sulu-builder
 		string "Space separated list of sulu packages"
 		help
 			You can specify the list of non core sulu package,
 			so that sulu-builder include them before building the core.
 	config SULU_BUILDER_DEFAULT_UI
 		depends on PACKAGE_sulu-builder
 		bool "Makes Sulu run on port 443 instead of 8443"
 		default n
 endef
 ifeq ($(BUILD_VARIANT),builder)
--- a/sulu/sulu-builder/files/etc/sulu/nginx.locations
+++ b/sulu/sulu-builder/files/etc/sulu/nginx.locations
@ -16,11 +16,16 @@ location /maintenance.html {
 }
 location /wss {
-	proxy_pass_request_headers      on;
+	# Authenticate using JWT token
-	proxy_cache        off;
+	ws_auth;
 	proxy_http_version 1.1;
 	# WebSocket upgrade headers
 	proxy_set_header Upgrade $http_upgrade;
 	proxy_set_header Connection $connection_upgrade;
 	# Forward real client information
 	proxy_set_header    Host               $host;
 	proxy_set_header    X-Real-IP          $remote_addr;
 	proxy_set_header    X-Forwarded-For    $remote_addr;
@ -28,12 +33,15 @@ location /wss {
 	proxy_set_header    X-Forwarded-Server $host;
 	proxy_set_header    X-Forwarded-Port   $server_port;
 	proxy_set_header    X-Forwarded-Proto  $scheme;
-	add_header          Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
+	proxy_pass http://127.0.0.1:9009;
-	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+
-	add_header Pragma 'no-cache';
+	# Disable buffering for real-time communication
-	add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,Content-Type,Range' always;
+	proxy_buffering off;
-	expires 0;
+
-	proxy_pass http://websocket;
+	# Timeouts for WebSocket (1 hour)
 	proxy_connect_timeout 3600;
 	proxy_send_timeout 3600;
 	proxy_read_timeout 3600;
 }
 location / {
--- a/sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-config
+++ b/sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-config
@ -13,24 +13,6 @@ if [ ! -f "${UCI_TEMPLATE}" ]; then
 	return 1
 fi
 update_nginx_uci_template()
 {
 	local port
 	port="$(uci -q get mosquitto.sulu.port)"
 	port="${port:-9009}"
 	# Add map for WebSocket connection upgrade if not present
 	if ! grep -q "map \$http_upgrade \$connection_upgrade" ${UCI_TEMPLATE}; then
 		sed -i '/#UCI_HTTP_CONFIG$/i\   map $http_upgrade $connection_upgrade { default upgrade; "" close; }' ${UCI_TEMPLATE}
 	fi
 	# Add upstream websocket if not present
 	if ! grep -q "upstream websocket" ${UCI_TEMPLATE}; then
 		sed -i "/#UCI_HTTP_CONFIG$/i\   upstream websocket { server 127.0.0.1:${port}; }" ${UCI_TEMPLATE}
 	fi
 }
 add_sulu_config_to_mosquitto()
 {
 	uci_add mosquitto listener sulu
@ -38,7 +20,7 @@ add_sulu_config_to_mosquitto()
 	uci_set mosquitto sulu port '9009'
 	uci_set mosquitto sulu no_remote_access '1'
 	uci_set mosquitto sulu protocol 'websockets'
-	uci_set mosquitto sulu auth_plugin '/usr/lib/mosquitto_auth_plugin.so'
+	uci_set mosquitto sulu allow_anonymous '1'
 	uci_set mosquitto sulu acl_file '/etc/sulu/mqtt.acl'
 }
@ -67,6 +49,5 @@ add_sulu_userinterface_uci()
 add_sulu_config_to_mosquitto
 add_sulu_userinterface_uci
 update_nginx_uci_template
 /etc/sulu/sulu.sh