aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorValery Kartel <valery.kartel@gmail.com>2017-03-17 12:05:44 +0200
committerLeonardo Arena <rnalrd@alpinelinux.org>2017-03-17 10:29:51 +0000
commite07695e1581744e63bd459f7fa827f51c4d8dbf7 (patch)
tree1ed3e7b5d9f9187a0fd195993eb1a1f69b864292
parent3c979daea8b4edb2efde9199fe3ef7b4bb31f916 (diff)
downloadaports-e07695e1581744e63bd459f7fa827f51c4d8dbf7.tar.bz2
aports-e07695e1581744e63bd459f7fa827f51c4d8dbf7.tar.xz
main/nginx: add all modules from testing/nginx-naxsi
- added modules: naxsi, cache_purge, upstream-fair, sysguard - remade dynamic modules definition - upgrade modules nchan to 1.1.2 rtmp to 1.1.11 naxsi to 0.55.3 - add checkconfig to init script - cleaned and improved APKBUILD
-rw-r--r--main/nginx/APKBUILD336
-rw-r--r--main/nginx/naxsi.conf24
-rw-r--r--main/nginx/nginx.initd28
-rw-r--r--main/nginx/nginx.post-upgrade23
-rw-r--r--main/nginx/sysguard.patch10
5 files changed, 218 insertions, 203 deletions
diff --git a/main/nginx/APKBUILD b/main/nginx/APKBUILD
index 8bacade21d..e325eafdb4 100644
--- a/main/nginx/APKBUILD
+++ b/main/nginx/APKBUILD
@@ -2,103 +2,119 @@
# Contributor: Jeff Bilyk <jbilyk@gmail.com>
# Contributor: Bartłomiej Piotrowski <nospam@bpiotrowski.pl>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
+# Contributor: Valery Kartel <valery.kartel@gmail.com>
pkgname=nginx
pkgver=1.10.3
-pkgrel=0
+pkgrel=1
pkgdesc="HTTP and reverse proxy server"
url="http://www.nginx.org/en"
arch="all"
+options="!check"
license="custom"
-
-# Modules
-_devel_kit_name=ngx_devel_kit
-_devel_kit_ver=0.3.0
-_devel_kit_dir="$srcdir/$_devel_kit_name-$_devel_kit_ver"
-_devel_kit_so="ndk_http_module.so"
-
-_http_echo_name=echo-nginx-module
-_http_echo_ver=0.60
-_http_echo_dir="$srcdir/$_http_echo_name-$_http_echo_ver"
-
-_http_fancyindex_name=ngx-fancyindex
-_http_fancyindex_ver=0.4.1
-_http_fancyindex_dir="$srcdir/$_http_fancyindex_name-$_http_fancyindex_ver"
-
-_http_headers_more_name=headers-more-nginx-module
-_http_headers_more_ver=0.32
-_http_headers_more_dir="$srcdir/$_http_headers_more_name-$_http_headers_more_ver"
-_http_headers_more_so="ngx_http_headers_more_filter_module.so"
-
-_http_lua_name=lua-nginx-module
-_http_lua_ver=0.10.7
-_http_lua_dir="$srcdir/$_http_lua_name-$_http_lua_ver"
-_http_lua_depends="$pkgname-mod-devel-kit"
-_http_lua_provides="$pkgname-lua" # for backward compatibility
-
-_http_nchan_name=nchan
-_http_nchan_ver=1.1.0
-_http_nchan_dir="$srcdir/$_http_nchan_name-$_http_nchan_ver"
-_http_nchan_so="ngx_nchan_module.so"
-
-_http_upload_progress_name=nginx-upload-progress-module
-_http_upload_progress_ver=0.9.2
-_http_upload_progress_dir="$srcdir/$_http_upload_progress_name-$_http_upload_progress_ver"
-_http_upload_progress_so="ngx_http_uploadprogress_module.so"
-
-_rtmp_name=nginx-rtmp-module
-_rtmp_ver=1.1.10
-_rtmp_dir="$srcdir/$_rtmp_name-$_rtmp_ver"
-_rtmp_provides="$pkgname-rtmp" # for backward compatibility
-
depends=""
[ "$CARCH" = "s390x" ] && _lua_dep="lua5.1-dev" || _lua_dep="luajit-dev"
makedepends="linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev $_lua_dep
libressl-dev paxmark pcre-dev perl-dev pkgconf zlib-dev"
-pkgusers="nginx"
-_grp_ngx="nginx"
-_grp_www="www-data"
-pkggroups="$_grp_ngx $_grp_www"
-install="$pkgname.pre-install $pkgname.post-upgrade"
-subpackages="$pkgname-doc $pkgname-vim::noarch"
-replaces="$pkgname-common $pkgname-initscripts $pkgname-lua $pkgname-rtmp"
+pkgusers="$pkgname"
+pkggroups="$pkgname www-data"
+install="$pkgname.pre-install"
+subpackages="$pkgname-doc $pkgname-vim::noarch $pkgname-mod-http-perl:_perl"
+
+# Modules with external sources
+_dkmod=ngx_devel_kit
+_dkver=0.3.0
+_modsub="$_modsub devel-kit:ndk_http_module"
+_modcfg="$_modcfg --add-dynamic-module=${_dksrc:=$srcdir/$_dkmod-$_dkver}"
+_modsrc="$_modsrc $_dkmod-$_dkver.tar.gz::https://github.com/simpl/$_dkmod/archive/v$_dkver.tar.gz"
+
+_ecmod=echo-nginx-module
+_ecver=0.60
+_modsub="$_modsub http-echo"
+_modcfg="$_modcfg --add-dynamic-module=${_ecsrc:=$srcdir/$_ecmod-$_ecver}"
+_modsrc="$_modsrc $_ecmod-$_ecver.tar.gz::https://github.com/openresty/$_ecmod/archive/v$_ecver.tar.gz"
+
+_fimod=ngx-fancyindex
+_fiver=0.4.1
+_modsub="$_modsub http-fancyindex"
+_modcfg="$_modcfg --add-dynamic-module=${_fisrc:=$srcdir/$_fimod-$_fiver}"
+_modsrc="$_modsrc $_fimod-$_fiver.tar.gz::https://github.com/aperezdc/$_fimod/archive/v$_fiver.tar.gz"
+
+_hmmod=headers-more-nginx-module
+_hmver=0.32
+_modsub="$_modsub http-headers-more:ngx_http_headers_more_filter_module"
+_modcfg="$_modcfg --add-dynamic-module=${_hmsrc:=$srcdir/$_hmmod-$_hmver}"
+_modsrc="$_modsrc $_hmmod-$_hmver.tar.gz::https://github.com/openresty/$_hmmod/archive/v$_hmver.tar.gz"
+
+_lumod=lua-nginx-module
+_luver=0.10.7
+_modsub="$_modsub http-lua"
+_modcfg="$_modcfg --add-dynamic-module=${_lusrc:=$srcdir/$_lumod-$_luver}"
+_modsrc="$_modsrc $_lumod-$_luver.tar.gz::https://github.com/openresty/$_lumod/archive/v$_luver.tar.gz"
+_http_lua_depends="$pkgname-mod-devel-kit"
+
+_ncmod=nchan
+_ncver=1.1.2
+_modsub="$_modsub http-nchan:ngx_nchan_module"
+_modcfg="$_modcfg --add-dynamic-module=${_ncsrc:=$srcdir/$_ncmod-$_ncver}"
+_modsrc="$_modsrc $_ncmod-$_ncver.tar.gz::https://github.com/slact/$_ncmod/archive/v$_ncver.tar.gz"
+
+_upmod=nginx-upload-progress-module
+_upver=0.9.2
+_modsub="$_modsub http-upload-progress:ngx_http_uploadprogress_module"
+_modcfg="$_modcfg --add-dynamic-module=${_upsrc:=$srcdir/$_upmod-$_upver}"
+_modsrc="$_modsrc $_upmod-$_upver.tar.gz::https://github.com/masterzen/$_upmod/archive/v$_upver.tar.gz"
+
+_rtmod=nginx-rtmp-module
+_rtver=1.1.11
+_modsub="$_modsub rtmp"
+_modcfg="$_modcfg --add-dynamic-module=${_rtsrc:=$srcdir/$_rtmod-$_rtver}"
+_modsrc="$_modsrc $_rtmod-$_rtver.tar.gz::https://github.com/arut/$_rtmod/archive/v$_rtver.tar.gz"
+
+_nxmod=naxsi
+_nxver=0.55.3
+_modsub="$_modsub http-naxsi"
+_modcfg="$_modcfg --add-dynamic-module=${_nxsrc:=$srcdir/$_nxmod-$_nxver/naxsi_src}"
+_modsrc="$_modsrc $_nxmod-$_nxver.tar.gz::https://github.com/nbs-system/$_nxmod/archive/$_nxver.tar.gz
+ $_nxmod.conf"
+_http_naxsi_conf="$srcdir/$_nxmod.conf:/etc/$pkgname/conf.d/$_nxmod.conf
+ $srcdir/$_nxmod-$_nxver/naxsi_config/naxsi_core.rules:/etc/$pkgname/naxsi_core.rules"
+
+_cpmod=ngx_cache_purge
+_cpver=2.3.0.1
+_modsub="$_modsub http-cache-purge"
+_modcfg="$_modcfg --add-dynamic-module=${_cpsrc:=$srcdir/$_cpmod-$_cpver}"
+_modsrc="$_modsrc $_cpmod-$_cpver.tar.gz::https://github.com/itoffshore/$_cpmod/archive/v$_cpver.tar.gz"
+
+_ufmod=nginx-upstream-fair
+_ufver=0.1.1
+_modsub="$_modsub http-upstream-fair"
+_modcfg="$_modcfg --add-dynamic-module=${_ufsrc:=$srcdir/$_ufmod-$_ufver}"
+_modsrc="$_modsrc $_ufmod-$_ufver.tar.gz::https://github.com/itoffshore/$_ufmod/archive/v$_ufver.tar.gz"
+
+_sgmod=tengine-http-sysguard
+_sgver=2.2.0
+_modsub="$_modsub http-sysguard"
+_modcfg="$_modcfg --add-dynamic-module=${_sgsrc:=$srcdir/$_sgmod-$_sgver}"
+_modsrc="$_modsrc $_sgmod-$_sgver.tar.gz::https://github.com/itoffshore/$_sgmod/archive/v$_sgver.tar.gz
+ sysguard.patch"
+
source="http://nginx.org/download/$pkgname-$pkgver.tar.gz
- $_devel_kit_name-$_devel_kit_ver.tar.gz::https://github.com/simpl/$_devel_kit_name/archive/v$_devel_kit_ver.tar.gz
- $_http_echo_name-$_http_echo_ver.tar.gz::https://github.com/openresty/$_http_echo_name/archive/v$_http_echo_ver.tar.gz
- $_http_fancyindex_name-$_http_fancyindex_ver.tar.gz::https://github.com/aperezdc/$_http_fancyindex_name/archive/v$_http_fancyindex_ver.tar.gz
- $_http_headers_more_name-$_http_headers_more_ver.tar.gz::https://github.com/openresty/$_http_headers_more_name/archive/v$_http_headers_more_ver.tar.gz
- $_http_lua_name-$_http_lua_ver.tar.gz::https://github.com/openresty/$_http_lua_name/archive/v$_http_lua_ver.tar.gz
- $_http_nchan_name-$_http_nchan_ver.tar.gz::https://github.com/slact/$_http_nchan_name/archive/v$_http_nchan_ver.tar.gz
- $_http_upload_progress_name-$_http_upload_progress_ver.tar.gz::https://github.com/masterzen/$_http_upload_progress_name/archive/v$_http_upload_progress_ver.tar.gz
- $_rtmp_name-$_rtmp_ver.tar.gz::https://github.com/arut/$_rtmp_name/archive/v$_rtmp_ver.tar.gz
nginx.conf
default.conf
$pkgname.logrotate
$pkgname.initd
ipv6.patch
+ $_modsrc
"
-builddir="$srcdir/$pkgname-$pkgver"
-
-_modules_dir="usr/lib/$pkgname/modules"
-_modules="
- http-geoip
- http-image-filter
- http-perl
- http-xslt-filter
- mail
- stream
- devel-kit
- http-echo
- http-fancyindex
- http-headers-more
- http-lua
- http-nchan
- http-upload-progress
- rtmp"
-for _m in $_modules; do
- subpackages="$subpackages $pkgname-mod-$_m:_module"
+_module_dir=usr/lib/$pkgname
+_module_conf=/etc/$pkgname/modules
+for _module in http-geoip http-image-filter http-xslt-filter mail stream $_modsub; do
+ _modvar=${_module//-/_}
+ [ -z "${_module##*:*}" ] && eval _so_${_modvar%:*}=${_module#*:}
+ subpackages="$subpackages $pkgname-mod-${_module%:*}:_module"
done
-
+builddir="$srcdir/$pkgname-$pkgver"
build() {
cd "$builddir"
@@ -108,7 +124,7 @@ build() {
./configure \
--prefix=/var/lib/$pkgname \
--sbin-path=/usr/sbin/$pkgname \
- --modules-path=/$_modules_dir \
+ --modules-path=/$_module_dir \
--conf-path=/etc/$pkgname/$pkgname.conf \
--pid-path=/run/$pkgname/$pkgname.pid \
--lock-path=/run/$pkgname/$pkgname.lock \
@@ -119,8 +135,8 @@ build() {
--http-scgi-temp-path=/var/lib/$pkgname/tmp/scgi \
--with-perl_modules_path=/usr/lib/perl5/vendor_perl \
\
- --user=$pkgusers \
- --group=$_grp_ngx \
+ --user=$pkgname \
+ --group=$pkgname \
--with-threads \
--with-file-aio \
--with-ipv6 \
@@ -149,131 +165,107 @@ build() {
--with-mail_ssl_module \
--with-stream=dynamic \
--with-stream_ssl_module \
- \
- --add-dynamic-module="$_devel_kit_dir" \
- --add-dynamic-module="$_http_echo_dir" \
- --add-dynamic-module="$_http_fancyindex_dir" \
- --add-dynamic-module="$_http_headers_more_dir" \
- --add-dynamic-module="$_http_lua_dir" \
- --add-dynamic-module="$_http_nchan_dir" \
- --add-dynamic-module="$_http_upload_progress_dir" \
- --add-dynamic-module="$_rtmp_dir" \
- || return 1
-
- make || return 1
+ $_modcfg || return 1
+ make
}
package() {
- cd "$builddir"
-
- make DESTDIR="$pkgdir" install || return 1
+ make -C "$builddir" DESTDIR="$pkgdir" install || return 1
# Disable some PaX protections; this is needed for Lua module.
local paxflags="-m"
[ "$CARCH" = "x86" ] && paxflags="-msp"
paxmark $paxflags "$pkgdir"/usr/sbin/nginx || return 1
- install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
- install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README
-
- install -Dm644 objs/$pkgname.8 \
+ install -Dm644 "$builddir"/LICENSE \
+ "$pkgdir"/usr/share/licenses/$pkgname/LICENSE || return 1
+ install -Dm644 "$builddir"/README \
+ "$pkgdir"/usr/share/doc/$pkgname/README || return 1
+ install -Dm644 "$builddir"/objs/$pkgname.8 \
"$pkgdir"/usr/share/man/man8/$pkgname.8 || return 1
- cp -r "$_devel_kit_dir"/docs \
- "$pkgdir"/usr/share/doc/$pkgname/$_devel_kit_name || return 1
- cp -r "$_http_lua_dir"/doc \
- "$pkgdir"/usr/share/doc/$pkgname/$_http_lua_name || return 1
- cp -r "$_rtmp_dir"/doc \
- "$pkgdir"/usr/share/doc/$pkgname/$_rtmp_name || return 1
+ cp -r "$_dksrc"/docs \
+ "$pkgdir"/usr/share/doc/$pkgname/$_dkmod || return 1
+ cp -r "$_lusrc"/doc \
+ "$pkgdir"/usr/share/doc/$pkgname/$_lumod || return 1
+ cp -r "$_rtsrc"/doc \
+ "$pkgdir"/usr/share/doc/$pkgname/$_rtmod || return 1
- cd "$pkgdir"
+ mkdir -p "$pkgdir"/var/log \
+ "$pkgdir"/$_module_conf || return 1
- install -Dm644 "$srcdir"/nginx.conf ./etc/$pkgname/nginx.conf
- install -Dm644 "$srcdir"/default.conf ./etc/$pkgname/conf.d/default.conf
- install -Dm755 "$srcdir"/$pkgname.initd ./etc/init.d/$pkgname
- install -Dm644 "$srcdir"/$pkgname.logrotate ./etc/logrotate.d/$pkgname
+ install -Dm644 "$srcdir"/nginx.conf "$pkgdir"/etc/$pkgname/nginx.conf
+ install -Dm644 "$srcdir"/default.conf \
+ "$pkgdir"/etc/$pkgname/conf.d/default.conf || return 1
+ install -Dm755 "$srcdir"/$pkgname.initd \
+ "$pkgdir"/etc/init.d/$pkgname || return 1
+ install -Dm644 "$srcdir"/$pkgname.logrotate \
+ "$pkgdir"/etc/logrotate.d/$pkgname || return 1
- install -dm755 ./etc/$pkgname/modules
- install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname
- install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname/tmp
- install -dm755 -g $_grp_www ./var/www/localhost/htdocs
+ install -dm750 -o $pkgname -g $pkgname "$pkgdir"/var/lib/$pkgname || return 1
+ install -dm700 -o $pkgname -g $pkgname "$pkgdir"/var/lib/$pkgname/tmp || return 1
+ install -dm755 -g www-data "$pkgdir"/var/www/localhost/htdocs || return 1
- install -dm755 ./var/log
- mv ./var/lib/$pkgname/logs ./var/log/$pkgname || return 1
+ mv "$pkgdir"/var/lib/$pkgname/logs \
+ "$pkgdir"/var/log/$pkgname || return 1
- ln -sf /$_modules_dir ./var/lib/$pkgname/modules
- ln -sf /var/log/$pkgname ./var/lib/$pkgname/logs
- ln -sf /run/$pkgname ./var/lib/$pkgname/run
+ ln -sf /$_module_dir "$pkgdir"/var/lib/$pkgname/modules
+ ln -sf /var/log/$pkgname "$pkgdir"/var/lib/$pkgname/logs
+ ln -sf /run/$pkgname "$pkgdir"/var/lib/$pkgname/run
- rm -rf ./run ./etc/$pkgname/*.default
+ rm -rf "$pkgdir"/run "$pkgdir"/etc/$pkgname/*.default
}
vim() {
pkgdesc="$pkgdesc (vim syntax)"
- depends=
-
- mkdir -p "$subpkgdir"/usr/share/vim
- cp -r "$builddir"/contrib/vim "$subpkgdir"/usr/share/vim/vimfiles
+ mkdir -p "$subpkgdir"/usr/share || return 1
+ cp -r "$builddir"/contrib/vim "$subpkgdir"/usr/share/vim
}
_module() {
- local name="${subpkgname#$pkgname-mod-}"
- name="${name//-/_}"
- local soname="$(eval "echo \$_${name}_so")";
- soname="${soname:-"ngx_${name}_module.so"}"
-
+ local name=${subpkgname#$pkgname-mod-}
+ name=${name//-/_}
+ local soname=$(eval echo \$_so_$name)
+ soname="${soname:-ngx_${name}_module}.so"
pkgdesc="$pkgdesc (module $name)"
- depends="$pkgname $(eval "echo \$_${name}_depends")"
- provides="$(eval "echo \$_${name}_provides")"
+ depends="$pkgname $(eval echo \$_${name}_depends)"
+ provides="$(eval echo \$_${name}_provides)"
- mkdir -p "$subpkgdir"/$_modules_dir
- cd "$subpkgdir"
+ mkdir -p "$subpkgdir"/$_module_dir \
+ "$subpkgdir"/$_module_conf || return 1
- mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname || return 1
+ mv "$pkgdir"/$_module_dir/$soname \
+ "$subpkgdir"/$_module_dir/$soname || return 1
+ echo "load_module \"modules/$soname\";" > "$subpkgdir"/$_module_conf/$name.conf
- mkdir -p "$subpkgdir"/etc/nginx/modules
- echo "load_module \"modules/$soname\";" > ./etc/nginx/modules/$name.conf
+ local conf;
+ for conf in $(eval echo \$_${name}_conf); do
+ install -Dm644 ${conf%:*} "$subpkgdir"/${conf#*:}
+ done
+}
+
+_perl() {
+ _module || return 1
+ mv "$pkgdir"/usr/lib/perl5 "$subpkgdir"/usr/lib/
}
-md5sums="204a20cb4f0b0c9db746c630d89ff4ea nginx-1.10.3.tar.gz
-76c503918c003fcc55005b7688f47add ngx_devel_kit-0.3.0.tar.gz
-897338c2c4bc44f2d56ae06ab9820372 echo-nginx-module-0.60.tar.gz
-e1dd79f0ec82415bbf8a1cb938988955 ngx-fancyindex-0.4.1.tar.gz
-5ce112f12afe155749e2c504997861f7 headers-more-nginx-module-0.32.tar.gz
-6eb0161f495bb996af6bbb58f3cef764 lua-nginx-module-0.10.7.tar.gz
-fbe5a95878ff4365435fd3223256f830 nchan-1.1.0.tar.gz
-7c1a399d36a75bcfa874d98b5462fc09 nginx-upload-progress-module-0.9.2.tar.gz
-2e82501ed423a901ab64bfe2228a0666 nginx-rtmp-module-1.1.10.tar.gz
-256145c0f70d1d1d3b99f854553d48f0 nginx.conf
-c4759cd2812220ab542317f54fbbe755 default.conf
-db194cf3c6c4be12c70c757e0c9ad995 nginx.logrotate
-16dcac0d7a2b406807d3377841d9b480 nginx.initd
-801a87f7f9d27f8ad85b41a78b4c4461 ipv6.patch"
-sha256sums="75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90 nginx-1.10.3.tar.gz
-88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 ngx_devel_kit-0.3.0.tar.gz
-1077da2229ac7d0a0215e9e6817e297c10697e095010d88f1adbd1add1ce9f4e echo-nginx-module-0.60.tar.gz
-2b00d8e0ad2a67152a9cee7b7ee67990c742d501412df912baaf1eee9bb6dc71 ngx-fancyindex-0.4.1.tar.gz
-c6d9dab8ea1fc997031007e2e8f47cced01417e203cd88d53a9fe9f6ae138720 headers-more-nginx-module-0.32.tar.gz
-c21c8937dcdd6fc2b6a955f929e3f4d1388610f47180e60126e6dcab06786f77 lua-nginx-module-0.10.7.tar.gz
-5781349bb460cf96d43e835a7ad3109724fba9ccefdbd967552538edee79c722 nchan-1.1.0.tar.gz
-b286689355442657650421d8e8398bd4abf9dbbaade65947bb0cb74a349cc497 nginx-upload-progress-module-0.9.2.tar.gz
-f9491dd24390b0d5d70dfe3553edf3d14efeb7c7a81b4d4a20c5cfeaefc1141c nginx-rtmp-module-1.1.10.tar.gz
-df873f301f947192c854994bb0e1bac46f73a5d3cf91df997f1b6a8ed26b5724 nginx.conf
-f53fd49af9b4bc308653abb85d9989879ce1fb48e43c508f5f45c84f74513865 default.conf
-b063611c6cb2d33bd43c4b17bf4135dda25f209bb77e4e66d1b156cffc37fbe6 nginx.logrotate
-3d8a90d2f75b7f24c4d74722b5b3ac11d85f416c2d7641b4280d7c126bfe8395 nginx.initd
-a24ef5843ae0afa538b00c37eb7da7870f9d7f146f52a9668678f7296cf71d9b ipv6.patch"
sha512sums="25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf nginx-1.10.3.tar.gz
+ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41 nginx.conf
+0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3 default.conf
+09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb nginx.logrotate
+e325d30d431a45801c4072f87f7bce27765e96de27c8f7821b5b0ce0716e1a8657435c93a2e9174c4b8d353fb468e65a8bc20119525e04d3d46ae5ff08cb6f5d nginx.initd
+68d64a84568ec2df0366925ab282a05ebe21a85044b6c7844a47573cfd8cc8ed119cc772358bc3fff36e2d4fdf583a730592825f5f98632993ca86d1f8438d5f ipv6.patch
558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 ngx_devel_kit-0.3.0.tar.gz
c455bee73cebd0752449472452d15614b9587ddd199263d366484ede890c4d108eacbbeaef31adc9dc7732b56ef2bfc73c0fef3366366db03a8ec3fdc27a985c echo-nginx-module-0.60.tar.gz
ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1 ngx-fancyindex-0.4.1.tar.gz
e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1 headers-more-nginx-module-0.32.tar.gz
d060a13de4d01d77e6d6cd1635ecbb405330e4326b71b89341c1c128ee4182978a51d53355bc07c350e3c3a7df15325e3df380d9c3a98b2ff7d7efa18fa09b32 lua-nginx-module-0.10.7.tar.gz
-bb3a9aec5e4c9f1c376126b4b07c2e5c6cddae3659a9218bd7b0dcaa5b0e1772036eea2c7e45bbb46f61a3a9090f0092fc93e91dbb57fc5b4e65eef6ba14fc23 nchan-1.1.0.tar.gz
+14af65d57325afa961bc6606f2c938acff0206914248b8ca810293113fdab859c1db9c9abce9263b9da5c2371b299770682d9ec49fbf7a356da9fbfb3e15c3c7 nchan-1.1.2.tar.gz
c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c nginx-upload-progress-module-0.9.2.tar.gz
-bcc0aee3308af7c61bf01a5530fcf1dae938e6778306f6e3eb5995e6d0529f43d33b7ee2acb813d5a39acc92e4853d207a01e8e41b766a6e0dd07aade60cd98f nginx-rtmp-module-1.1.10.tar.gz
-ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41 nginx.conf
-0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3 default.conf
-09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb nginx.logrotate
-1ea032cf88021ec8aa1401d284ea738364511cdb9f8c01670deb8e59aae570f5bbe17f0cbab73c0e08d6b342a621b6a9c014832168ed41f6028ecfa4211b60cf nginx.initd
-68d64a84568ec2df0366925ab282a05ebe21a85044b6c7844a47573cfd8cc8ed119cc772358bc3fff36e2d4fdf583a730592825f5f98632993ca86d1f8438d5f ipv6.patch"
+e7c897265d1e93b06f7e46a653b113e24d2451e2112a7a6da415f130928437444a0346832fd9c10042397fea6120e4e44acc2bccf649ec30ca5bffbf985672e2 nginx-rtmp-module-1.1.11.tar.gz
+9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0 naxsi-0.55.3.tar.gz
+3f6cb5ae900d0d9938f0da9788efde5c1ff80522313dd91a7e170811976facb647a734a8a58924993d95f069ec5fadfde728655ac9b37a965cd7200a9785055d naxsi.conf
+c49c81dbdb8bd507fccf31295e603cea8f0a964867c27eff0436dcea3b4a547c8ae2f11ecf49c4d82c693cf8138c17ebbed395738539d0d61254951e5f0db7e3 ngx_cache_purge-2.3.0.1.tar.gz
+fd305b859c868ef55171b05f64071a2836c12073bcd89d6197af4946a3d1177f77c6708d4d589d460c84967273dee87ca9de97ab0f0d47e6d65f86b465d70316 nginx-upstream-fair-0.1.1.tar.gz
+2743d9aea60bd4984b650213e571cf27e6ff5b3db708242ccb53b8fc669d1cc82ee224ba79aee2f6969b6e13821cfdd3df7b412541e1fdbb867ecc95326e07e1 tengine-http-sysguard-2.2.0.tar.gz
+2dca2ac74fb92e330fde7b6b6120b2fd2565c377a629c9536cf77beebe41aa4b092d4229d5b487b0fb02be4f2cc5b897c429c87bbbbc7b0d31e1cbb94231ddce sysguard.patch"
diff --git a/main/nginx/naxsi.conf b/main/nginx/naxsi.conf
new file mode 100644
index 0000000000..e3d8d4afd3
--- /dev/null
+++ b/main/nginx/naxsi.conf
@@ -0,0 +1,24 @@
+include /etc/nginx/naxsi_core.rules;
+
+server {
+ listen 4242;
+ server_name localhost;
+ location / {
+ LearningMode;
+ SecRulesEnabled;
+ DeniedUrl "/50x.html";
+ CheckRule "$SQL >= 8" BLOCK;
+ CheckRule "$RFI >= 8" BLOCK;
+ CheckRule "$TRAVERSAL >= 4" BLOCK;
+ CheckRule "$EVADE >= 4" BLOCK;
+ CheckRule "$XSS >= 8" BLOCK;
+ error_log /var/log/nginx/naxsi_error.log debug;
+ access_log /var/log/nginx/naxsi_access.log;
+ root html;
+ index index.html index.htm;
+ }
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root html;
+ }
+}
diff --git a/main/nginx/nginx.initd b/main/nginx/nginx.initd
index 992d5fd5b9..d01874e4f4 100644
--- a/main/nginx/nginx.initd
+++ b/main/nginx/nginx.initd
@@ -1,9 +1,15 @@
#!/sbin/openrc-run
description="Nginx http and reverse proxy server"
+description_checkconfig="Verify configuration"
+description_upgrade="Upgrade running binary"
+description_reload="Reload configuration"
+description_reopen="Reopen log files"
+
+extra_commands="checkconfig"
extra_started_commands="reload reopen upgrade"
-cfgfile=${cfgfile:-/etc/nginx/nginx.conf}
+cfgfile=${NGINX_CONFIG:-/etc/nginx/nginx.conf}
pidfile=/run/nginx/nginx.pid
command=/usr/sbin/nginx
command_args="-c $cfgfile"
@@ -14,29 +20,35 @@ depend() {
use dns logger netmount
}
+checkconfig() {
+ ebegin "Checking $RC_SVCNAME config"
+ $command $command_args -t
+ eend $?
+}
+
start_pre() {
ebegin
- checkpath --directory --owner nginx:nginx ${pidfile%/*}
- $command $command_args -t -q
+ checkpath -d -o ${NGINX_OWNER:-nginx:nginx} ${pidfile%/*}
+ checkconfig >/dev/null 2>&1
eend $?
}
reload() {
- ebegin "Reloading ${SVCNAME} configuration"
- start_pre && start-stop-daemon --signal HUP --pidfile $pidfile
+ ebegin "Reloading $RC_SVCNAME configuration"
+ checkconfig >/dev/null 2>&1 && start-stop-daemon --signal HUP --pidfile $pidfile
eend $?
}
reopen() {
- ebegin "Reopening ${SVCNAME} log files"
+ ebegin "Reopening $RC_SVCNAME log files"
start-stop-daemon --signal USR1 --pidfile $pidfile
eend $?
}
upgrade() {
- start_pre || return 1
+ checkconfig || return $?
- ebegin "Upgrading ${SVCNAME} binary"
+ ebegin "Upgrading $RC_SVCNAME binary"
einfo "Sending USR2 to old binary"
start-stop-daemon --signal USR2 --pidfile $pidfile
diff --git a/main/nginx/nginx.post-upgrade b/main/nginx/nginx.post-upgrade
deleted file mode 100644
index 6d9e698dc7..0000000000
--- a/main/nginx/nginx.post-upgrade
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-
-ver_new="$1"
-ver_old="$2"
-
-if [ "$(apk version -t "$ver_old" "1.10.1-r3")" = "<" ]; then
- cat 1>&2 <<-EOF
- *
- * The nginx package has been modified to use dynamic modules. Now there's
- * just single package providing nginx executable and bunch of nginx-mod-*
- * subpackages.
- *
- * Lua support is now provided by package nginx-mod-http-lua, RTMP support
- * is provided by nginx-mod-rtmp.
- *
- * Modules mail and stream are dynamic modules too and so not included
- * by default anymore. If you use them, install nginx-mod-mail and
- * nginx-mod-stream.
- *
- EOF
-fi
-
-exit 0
diff --git a/main/nginx/sysguard.patch b/main/nginx/sysguard.patch
new file mode 100644
index 0000000000..be8b0d2ee4
--- /dev/null
+++ b/main/nginx/sysguard.patch
@@ -0,0 +1,10 @@
+--- a/src/http/ngx_http_request.h
++++ b/src/http/ngx_http_request.h
+@@ -498,6 +498,7 @@
+ */
+ unsigned limit_conn_set:1;
+ unsigned limit_req_set:1;
++ unsigned sysguard_set:1;
+
+ #if 0
+ unsigned cacheable:1;