We're currently using nginx-full which also includes the Image filter module. It links against a wide range of media libraries:
linux-vdso.so.1 (0x00007ffcc07e0000) libgd.so.3 => /usr/lib/x86_64-linux-gnu/libgd.so.3 (0x00007f1ace787000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1ace3dc000) libjpeg.so.62 => /usr/lib/x86_64-linux-gnu/libjpeg.so.62 (0x00007f1ace184000) libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f1acdf69000) libpng12.so.0 => /lib/x86_64-linux-gnu/libpng12.so.0 (0x00007f1acdd42000) libfreetype.so.6 => /usr/lib/x86_64-linux-gnu/libfreetype.so.6 (0x00007f1acda97000) libfontconfig.so.1 => /usr/lib/x86_64-linux-gnu/libfontconfig.so.1 (0x00007f1acd85a000) libXpm.so.4 => /usr/lib/x86_64-linux-gnu/libXpm.so.4 (0x00007f1acd648000) libX11.so.6 => /usr/lib/x86_64-linux-gnu/libX11.so.6 (0x00007f1acd304000) libvpx.so.1 => /usr/lib/x86_64-linux-gnu/libvpx.so.1 (0x00007f1accf0c000) libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f1accc0b000) libtiff.so.5 => /usr/lib/x86_64-linux-gnu/libtiff.so.5 (0x00007f1acc995000) /lib64/ld-linux-x86-64.so.2 (0x0000562181c27000) libexpat.so.1 => /lib/x86_64-linux-gnu/libexpat.so.1 (0x00007f1acc76c000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f1acc54e000) libxcb.so.1 => /usr/lib/x86_64-linux-gnu/libxcb.so.1 (0x00007f1acc32c000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f1acc128000) liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f1acbf04000) libjbig.so.0 => /usr/lib/x86_64-linux-gnu/libjbig.so.0 (0x00007f1acbcf5000) libXau.so.6 => /usr/lib/x86_64-linux-gnu/libXau.so.6 (0x00007f1acbaf1000) libXdmcp.so.6 => /usr/lib/x86_64-linux-gnu/libXdmcp.so.6 (0x00007f1acb8eb000)
We don't use the module in our nginx.conf, but it still triggers a lot of spurious restart warnings for nginx whenever one of those libs are updated.
This isn't important enough to have a round of nginx builds/deployments by itself, but the next time we update nginx for other reasons (say TLS 1.3), I'd like to piggyback that change.
In addition to the systems using tlsproxy, there's also a few systems using nginx-extras or nginx-full, which could be reviewed/migrated:
- thumbor
- francium
- labstore1006/1007
- install*
- sodium
- archiva1001