clearlinux/graphene
2
0
Fork 0
mirror of https://github.com/clearlinux/graphene.git synced 2026-04-28 19:23:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
graphene/Examples/nginx
History
borysp c24bddd5aa [LibOS] Rework signal handling and syscall emulation 
Change log (most important only):
- unify CPU context structures - now we have only one version -
  `PAL_CONTEXT` - which is shared between LibOS and PALs and it should
  depend only on the host architecture (not OS),
- syscalls emulation changed:
  - dedicated LibOS stack is now used for syscalls emulation,
  - removed one indirection level in syscalls table - now it stores
    `shim_do_*` functions directly,
- signal handling - completely rewritten:
  - all signal queues use proper locking schemes now,
  - signals are handled *only* when returning to the user app from LibOS
    or PAL,
  - nested signals are now possible,
  - the app is allowed to jump out of signal handler with the same
    sematics as on normal Linux,
  - signal altstack is now fully supported,
  - syscall restarting is now supported,
  - doing a backtrace from the signal handler works properly,
- disallow injecting host-level signals, with one exception, see
  `sys.enable_sigterm_injection` manifest option for more details.
2021-02-05 14:11:21 +01:00
..
ssl
[LibOS] test/apps: Allow SSL/TLS connections in Nginx
2021-01-13 23:13:34 -08:00
.gitignore
[LibOS] test/apps: Allow SSL/TLS connections in Nginx
2021-01-13 23:13:34 -08:00
Makefile
[Pal,LibOS] New logging system
2021-01-20 17:27:29 +01:00
nginx-graphene.conf.template
[LibOS] test/apps: Allow SSL/TLS connections in Nginx
2021-01-13 23:13:34 -08:00
nginx.manifest.template
[LibOS] Rework signal handling and syscall emulation
2021-02-05 14:11:21 +01:00
README.md
[LibOS] test/apps: Allow SSL/TLS connections in Nginx
2021-01-13 23:13:34 -08:00

README.md

Nginx

This directory contains the Makefile and the template manifest for the most recent version of Nginx web server (as of this writing, version 1.16.1). This was tested on a machine with SGX v1 and Ubuntu 18.04.

The Makefile and the template manifest contain extensive comments. Please review them to understand the requirements for Nginx running under Graphene-SGX.

We build Nginx from the source code instead of using an existing installation. On Ubuntu 18.04, please make sure that the following packages are installed:

sudo apt-get install -y build-essential apache2-utils libssl-dev

NOTE: The "benchmark-http.sh" script uses the Apache Benchmark (ab) under the hood. At least the default version of ab shipped with Ubuntu 18.04 (v2.3) does not work correctly with Nginx and HTTPS (it fails on KeepAlive HTTPS requests). We recommend to use the wrk benchmarking tool.

Quick Start

# build Nginx and the final manifest
make SGX=1

# run original Nginx against HTTP and HTTPS benchmarks (benchmark-http.sh, uses ab)
./install/sbin/nginx -c conf/nginx-graphene.conf &
../common_tools/benchmark-http.sh 127.0.0.1:8002
../common_tools/benchmark-http.sh https://127.0.0.1:8444
kill -SIGINT %%

# run Nginx in non-SGX Graphene against HTTP and HTTPS benchmarks
./pal_loader ./nginx -c conf/nginx-graphene.conf &
../common_tools/benchmark-http.sh 127.0.0.1:8002
../common_tools/benchmark-http.sh https://127.0.0.1:8444
kill -SIGINT %%

# run Nginx in Graphene-SGX against HTTP and HTTPS benchmarks
SGX=1 ./pal_loader ./nginx -c conf/nginx-graphene.conf &
../common_tools/benchmark-http.sh 127.0.0.1:8002
../common_tools/benchmark-http.sh https://127.0.0.1:8444
kill -SIGINT %%

# you can also test the server using other utilities like wget
wget http://127.0.0.1:8002/random/10K.1.html
wget https://127.0.0.1:8444/random/10K.1.html

Alternatively, to run the Nginx server, use one of the following commands:

make start-native-server
make start-graphene-server
make SGX=1 start-graphene-server
Reference in New Issue View Git Blame Copy Permalink