diff options
author | Valery Kartel <valery.kartel@gmail.com> | 2017-03-17 12:05:44 +0200 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2017-03-17 10:29:51 +0000 |
commit | e07695e1581744e63bd459f7fa827f51c4d8dbf7 (patch) | |
tree | 1ed3e7b5d9f9187a0fd195993eb1a1f69b864292 | |
parent | 3c979daea8b4edb2efde9199fe3ef7b4bb31f916 (diff) | |
download | aports-e07695e1581744e63bd459f7fa827f51c4d8dbf7.tar.bz2 aports-e07695e1581744e63bd459f7fa827f51c4d8dbf7.tar.xz |
main/nginx: add all modules from testing/nginx-naxsi
- added modules: naxsi, cache_purge, upstream-fair, sysguard
- remade dynamic modules definition
- upgrade modules
nchan to 1.1.2
rtmp to 1.1.11
naxsi to 0.55.3
- add checkconfig to init script
- cleaned and improved APKBUILD
-rw-r--r-- | main/nginx/APKBUILD | 336 | ||||
-rw-r--r-- | main/nginx/naxsi.conf | 24 | ||||
-rw-r--r-- | main/nginx/nginx.initd | 28 | ||||
-rw-r--r-- | main/nginx/nginx.post-upgrade | 23 | ||||
-rw-r--r-- | main/nginx/sysguard.patch | 10 |
5 files changed, 218 insertions, 203 deletions
diff --git a/main/nginx/APKBUILD b/main/nginx/APKBUILD index 8bacade21d..e325eafdb4 100644 --- a/main/nginx/APKBUILD +++ b/main/nginx/APKBUILD @@ -2,103 +2,119 @@ # Contributor: Jeff Bilyk <jbilyk@gmail.com> # Contributor: Bartłomiej Piotrowski <nospam@bpiotrowski.pl> # Contributor: Jakub Jirutka <jakub@jirutka.cz> +# Contributor: Valery Kartel <valery.kartel@gmail.com> pkgname=nginx pkgver=1.10.3 -pkgrel=0 +pkgrel=1 pkgdesc="HTTP and reverse proxy server" url="http://www.nginx.org/en" arch="all" +options="!check" license="custom" - -# Modules -_devel_kit_name=ngx_devel_kit -_devel_kit_ver=0.3.0 -_devel_kit_dir="$srcdir/$_devel_kit_name-$_devel_kit_ver" -_devel_kit_so="ndk_http_module.so" - -_http_echo_name=echo-nginx-module -_http_echo_ver=0.60 -_http_echo_dir="$srcdir/$_http_echo_name-$_http_echo_ver" - -_http_fancyindex_name=ngx-fancyindex -_http_fancyindex_ver=0.4.1 -_http_fancyindex_dir="$srcdir/$_http_fancyindex_name-$_http_fancyindex_ver" - -_http_headers_more_name=headers-more-nginx-module -_http_headers_more_ver=0.32 -_http_headers_more_dir="$srcdir/$_http_headers_more_name-$_http_headers_more_ver" -_http_headers_more_so="ngx_http_headers_more_filter_module.so" - -_http_lua_name=lua-nginx-module -_http_lua_ver=0.10.7 -_http_lua_dir="$srcdir/$_http_lua_name-$_http_lua_ver" -_http_lua_depends="$pkgname-mod-devel-kit" -_http_lua_provides="$pkgname-lua" # for backward compatibility - -_http_nchan_name=nchan -_http_nchan_ver=1.1.0 -_http_nchan_dir="$srcdir/$_http_nchan_name-$_http_nchan_ver" -_http_nchan_so="ngx_nchan_module.so" - -_http_upload_progress_name=nginx-upload-progress-module -_http_upload_progress_ver=0.9.2 -_http_upload_progress_dir="$srcdir/$_http_upload_progress_name-$_http_upload_progress_ver" -_http_upload_progress_so="ngx_http_uploadprogress_module.so" - -_rtmp_name=nginx-rtmp-module -_rtmp_ver=1.1.10 -_rtmp_dir="$srcdir/$_rtmp_name-$_rtmp_ver" -_rtmp_provides="$pkgname-rtmp" # for backward compatibility - depends="" [ "$CARCH" = "s390x" ] && _lua_dep="lua5.1-dev" || _lua_dep="luajit-dev" makedepends="linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev $_lua_dep libressl-dev paxmark pcre-dev perl-dev pkgconf zlib-dev" -pkgusers="nginx" -_grp_ngx="nginx" -_grp_www="www-data" -pkggroups="$_grp_ngx $_grp_www" -install="$pkgname.pre-install $pkgname.post-upgrade" -subpackages="$pkgname-doc $pkgname-vim::noarch" -replaces="$pkgname-common $pkgname-initscripts $pkgname-lua $pkgname-rtmp" +pkgusers="$pkgname" +pkggroups="$pkgname www-data" +install="$pkgname.pre-install" +subpackages="$pkgname-doc $pkgname-vim::noarch $pkgname-mod-http-perl:_perl" + +# Modules with external sources +_dkmod=ngx_devel_kit +_dkver=0.3.0 +_modsub="$_modsub devel-kit:ndk_http_module" +_modcfg="$_modcfg --add-dynamic-module=${_dksrc:=$srcdir/$_dkmod-$_dkver}" +_modsrc="$_modsrc $_dkmod-$_dkver.tar.gz::https://github.com/simpl/$_dkmod/archive/v$_dkver.tar.gz" + +_ecmod=echo-nginx-module +_ecver=0.60 +_modsub="$_modsub http-echo" +_modcfg="$_modcfg --add-dynamic-module=${_ecsrc:=$srcdir/$_ecmod-$_ecver}" +_modsrc="$_modsrc $_ecmod-$_ecver.tar.gz::https://github.com/openresty/$_ecmod/archive/v$_ecver.tar.gz" + +_fimod=ngx-fancyindex +_fiver=0.4.1 +_modsub="$_modsub http-fancyindex" +_modcfg="$_modcfg --add-dynamic-module=${_fisrc:=$srcdir/$_fimod-$_fiver}" +_modsrc="$_modsrc $_fimod-$_fiver.tar.gz::https://github.com/aperezdc/$_fimod/archive/v$_fiver.tar.gz" + +_hmmod=headers-more-nginx-module +_hmver=0.32 +_modsub="$_modsub http-headers-more:ngx_http_headers_more_filter_module" +_modcfg="$_modcfg --add-dynamic-module=${_hmsrc:=$srcdir/$_hmmod-$_hmver}" +_modsrc="$_modsrc $_hmmod-$_hmver.tar.gz::https://github.com/openresty/$_hmmod/archive/v$_hmver.tar.gz" + +_lumod=lua-nginx-module +_luver=0.10.7 +_modsub="$_modsub http-lua" +_modcfg="$_modcfg --add-dynamic-module=${_lusrc:=$srcdir/$_lumod-$_luver}" +_modsrc="$_modsrc $_lumod-$_luver.tar.gz::https://github.com/openresty/$_lumod/archive/v$_luver.tar.gz" +_http_lua_depends="$pkgname-mod-devel-kit" + +_ncmod=nchan +_ncver=1.1.2 +_modsub="$_modsub http-nchan:ngx_nchan_module" +_modcfg="$_modcfg --add-dynamic-module=${_ncsrc:=$srcdir/$_ncmod-$_ncver}" +_modsrc="$_modsrc $_ncmod-$_ncver.tar.gz::https://github.com/slact/$_ncmod/archive/v$_ncver.tar.gz" + +_upmod=nginx-upload-progress-module +_upver=0.9.2 +_modsub="$_modsub http-upload-progress:ngx_http_uploadprogress_module" +_modcfg="$_modcfg --add-dynamic-module=${_upsrc:=$srcdir/$_upmod-$_upver}" +_modsrc="$_modsrc $_upmod-$_upver.tar.gz::https://github.com/masterzen/$_upmod/archive/v$_upver.tar.gz" + +_rtmod=nginx-rtmp-module +_rtver=1.1.11 +_modsub="$_modsub rtmp" +_modcfg="$_modcfg --add-dynamic-module=${_rtsrc:=$srcdir/$_rtmod-$_rtver}" +_modsrc="$_modsrc $_rtmod-$_rtver.tar.gz::https://github.com/arut/$_rtmod/archive/v$_rtver.tar.gz" + +_nxmod=naxsi +_nxver=0.55.3 +_modsub="$_modsub http-naxsi" +_modcfg="$_modcfg --add-dynamic-module=${_nxsrc:=$srcdir/$_nxmod-$_nxver/naxsi_src}" +_modsrc="$_modsrc $_nxmod-$_nxver.tar.gz::https://github.com/nbs-system/$_nxmod/archive/$_nxver.tar.gz + $_nxmod.conf" +_http_naxsi_conf="$srcdir/$_nxmod.conf:/etc/$pkgname/conf.d/$_nxmod.conf + $srcdir/$_nxmod-$_nxver/naxsi_config/naxsi_core.rules:/etc/$pkgname/naxsi_core.rules" + +_cpmod=ngx_cache_purge +_cpver=2.3.0.1 +_modsub="$_modsub http-cache-purge" +_modcfg="$_modcfg --add-dynamic-module=${_cpsrc:=$srcdir/$_cpmod-$_cpver}" +_modsrc="$_modsrc $_cpmod-$_cpver.tar.gz::https://github.com/itoffshore/$_cpmod/archive/v$_cpver.tar.gz" + +_ufmod=nginx-upstream-fair +_ufver=0.1.1 +_modsub="$_modsub http-upstream-fair" +_modcfg="$_modcfg --add-dynamic-module=${_ufsrc:=$srcdir/$_ufmod-$_ufver}" +_modsrc="$_modsrc $_ufmod-$_ufver.tar.gz::https://github.com/itoffshore/$_ufmod/archive/v$_ufver.tar.gz" + +_sgmod=tengine-http-sysguard +_sgver=2.2.0 +_modsub="$_modsub http-sysguard" +_modcfg="$_modcfg --add-dynamic-module=${_sgsrc:=$srcdir/$_sgmod-$_sgver}" +_modsrc="$_modsrc $_sgmod-$_sgver.tar.gz::https://github.com/itoffshore/$_sgmod/archive/v$_sgver.tar.gz + sysguard.patch" + source="http://nginx.org/download/$pkgname-$pkgver.tar.gz - $_devel_kit_name-$_devel_kit_ver.tar.gz::https://github.com/simpl/$_devel_kit_name/archive/v$_devel_kit_ver.tar.gz - $_http_echo_name-$_http_echo_ver.tar.gz::https://github.com/openresty/$_http_echo_name/archive/v$_http_echo_ver.tar.gz - $_http_fancyindex_name-$_http_fancyindex_ver.tar.gz::https://github.com/aperezdc/$_http_fancyindex_name/archive/v$_http_fancyindex_ver.tar.gz - $_http_headers_more_name-$_http_headers_more_ver.tar.gz::https://github.com/openresty/$_http_headers_more_name/archive/v$_http_headers_more_ver.tar.gz - $_http_lua_name-$_http_lua_ver.tar.gz::https://github.com/openresty/$_http_lua_name/archive/v$_http_lua_ver.tar.gz - $_http_nchan_name-$_http_nchan_ver.tar.gz::https://github.com/slact/$_http_nchan_name/archive/v$_http_nchan_ver.tar.gz - $_http_upload_progress_name-$_http_upload_progress_ver.tar.gz::https://github.com/masterzen/$_http_upload_progress_name/archive/v$_http_upload_progress_ver.tar.gz - $_rtmp_name-$_rtmp_ver.tar.gz::https://github.com/arut/$_rtmp_name/archive/v$_rtmp_ver.tar.gz nginx.conf default.conf $pkgname.logrotate $pkgname.initd ipv6.patch + $_modsrc " -builddir="$srcdir/$pkgname-$pkgver" - -_modules_dir="usr/lib/$pkgname/modules" -_modules=" - http-geoip - http-image-filter - http-perl - http-xslt-filter - mail - stream - devel-kit - http-echo - http-fancyindex - http-headers-more - http-lua - http-nchan - http-upload-progress - rtmp" -for _m in $_modules; do - subpackages="$subpackages $pkgname-mod-$_m:_module" +_module_dir=usr/lib/$pkgname +_module_conf=/etc/$pkgname/modules +for _module in http-geoip http-image-filter http-xslt-filter mail stream $_modsub; do + _modvar=${_module//-/_} + [ -z "${_module##*:*}" ] && eval _so_${_modvar%:*}=${_module#*:} + subpackages="$subpackages $pkgname-mod-${_module%:*}:_module" done - +builddir="$srcdir/$pkgname-$pkgver" build() { cd "$builddir" @@ -108,7 +124,7 @@ build() { ./configure \ --prefix=/var/lib/$pkgname \ --sbin-path=/usr/sbin/$pkgname \ - --modules-path=/$_modules_dir \ + --modules-path=/$_module_dir \ --conf-path=/etc/$pkgname/$pkgname.conf \ --pid-path=/run/$pkgname/$pkgname.pid \ --lock-path=/run/$pkgname/$pkgname.lock \ @@ -119,8 +135,8 @@ build() { --http-scgi-temp-path=/var/lib/$pkgname/tmp/scgi \ --with-perl_modules_path=/usr/lib/perl5/vendor_perl \ \ - --user=$pkgusers \ - --group=$_grp_ngx \ + --user=$pkgname \ + --group=$pkgname \ --with-threads \ --with-file-aio \ --with-ipv6 \ @@ -149,131 +165,107 @@ build() { --with-mail_ssl_module \ --with-stream=dynamic \ --with-stream_ssl_module \ - \ - --add-dynamic-module="$_devel_kit_dir" \ - --add-dynamic-module="$_http_echo_dir" \ - --add-dynamic-module="$_http_fancyindex_dir" \ - --add-dynamic-module="$_http_headers_more_dir" \ - --add-dynamic-module="$_http_lua_dir" \ - --add-dynamic-module="$_http_nchan_dir" \ - --add-dynamic-module="$_http_upload_progress_dir" \ - --add-dynamic-module="$_rtmp_dir" \ - || return 1 - - make || return 1 + $_modcfg || return 1 + make } package() { - cd "$builddir" - - make DESTDIR="$pkgdir" install || return 1 + make -C "$builddir" DESTDIR="$pkgdir" install || return 1 # Disable some PaX protections; this is needed for Lua module. local paxflags="-m" [ "$CARCH" = "x86" ] && paxflags="-msp" paxmark $paxflags "$pkgdir"/usr/sbin/nginx || return 1 - install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE - install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README - - install -Dm644 objs/$pkgname.8 \ + install -Dm644 "$builddir"/LICENSE \ + "$pkgdir"/usr/share/licenses/$pkgname/LICENSE || return 1 + install -Dm644 "$builddir"/README \ + "$pkgdir"/usr/share/doc/$pkgname/README || return 1 + install -Dm644 "$builddir"/objs/$pkgname.8 \ "$pkgdir"/usr/share/man/man8/$pkgname.8 || return 1 - cp -r "$_devel_kit_dir"/docs \ - "$pkgdir"/usr/share/doc/$pkgname/$_devel_kit_name || return 1 - cp -r "$_http_lua_dir"/doc \ - "$pkgdir"/usr/share/doc/$pkgname/$_http_lua_name || return 1 - cp -r "$_rtmp_dir"/doc \ - "$pkgdir"/usr/share/doc/$pkgname/$_rtmp_name || return 1 + cp -r "$_dksrc"/docs \ + "$pkgdir"/usr/share/doc/$pkgname/$_dkmod || return 1 + cp -r "$_lusrc"/doc \ + "$pkgdir"/usr/share/doc/$pkgname/$_lumod || return 1 + cp -r "$_rtsrc"/doc \ + "$pkgdir"/usr/share/doc/$pkgname/$_rtmod || return 1 - cd "$pkgdir" + mkdir -p "$pkgdir"/var/log \ + "$pkgdir"/$_module_conf || return 1 - install -Dm644 "$srcdir"/nginx.conf ./etc/$pkgname/nginx.conf - install -Dm644 "$srcdir"/default.conf ./etc/$pkgname/conf.d/default.conf - install -Dm755 "$srcdir"/$pkgname.initd ./etc/init.d/$pkgname - install -Dm644 "$srcdir"/$pkgname.logrotate ./etc/logrotate.d/$pkgname + install -Dm644 "$srcdir"/nginx.conf "$pkgdir"/etc/$pkgname/nginx.conf + install -Dm644 "$srcdir"/default.conf \ + "$pkgdir"/etc/$pkgname/conf.d/default.conf || return 1 + install -Dm755 "$srcdir"/$pkgname.initd \ + "$pkgdir"/etc/init.d/$pkgname || return 1 + install -Dm644 "$srcdir"/$pkgname.logrotate \ + "$pkgdir"/etc/logrotate.d/$pkgname || return 1 - install -dm755 ./etc/$pkgname/modules - install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname - install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname/tmp - install -dm755 -g $_grp_www ./var/www/localhost/htdocs + install -dm750 -o $pkgname -g $pkgname "$pkgdir"/var/lib/$pkgname || return 1 + install -dm700 -o $pkgname -g $pkgname "$pkgdir"/var/lib/$pkgname/tmp || return 1 + install -dm755 -g www-data "$pkgdir"/var/www/localhost/htdocs || return 1 - install -dm755 ./var/log - mv ./var/lib/$pkgname/logs ./var/log/$pkgname || return 1 + mv "$pkgdir"/var/lib/$pkgname/logs \ + "$pkgdir"/var/log/$pkgname || return 1 - ln -sf /$_modules_dir ./var/lib/$pkgname/modules - ln -sf /var/log/$pkgname ./var/lib/$pkgname/logs - ln -sf /run/$pkgname ./var/lib/$pkgname/run + ln -sf /$_module_dir "$pkgdir"/var/lib/$pkgname/modules + ln -sf /var/log/$pkgname "$pkgdir"/var/lib/$pkgname/logs + ln -sf /run/$pkgname "$pkgdir"/var/lib/$pkgname/run - rm -rf ./run ./etc/$pkgname/*.default + rm -rf "$pkgdir"/run "$pkgdir"/etc/$pkgname/*.default } vim() { pkgdesc="$pkgdesc (vim syntax)" - depends= - - mkdir -p "$subpkgdir"/usr/share/vim - cp -r "$builddir"/contrib/vim "$subpkgdir"/usr/share/vim/vimfiles + mkdir -p "$subpkgdir"/usr/share || return 1 + cp -r "$builddir"/contrib/vim "$subpkgdir"/usr/share/vim } _module() { - local name="${subpkgname#$pkgname-mod-}" - name="${name//-/_}" - local soname="$(eval "echo \$_${name}_so")"; - soname="${soname:-"ngx_${name}_module.so"}" - + local name=${subpkgname#$pkgname-mod-} + name=${name//-/_} + local soname=$(eval echo \$_so_$name) + soname="${soname:-ngx_${name}_module}.so" pkgdesc="$pkgdesc (module $name)" - depends="$pkgname $(eval "echo \$_${name}_depends")" - provides="$(eval "echo \$_${name}_provides")" + depends="$pkgname $(eval echo \$_${name}_depends)" + provides="$(eval echo \$_${name}_provides)" - mkdir -p "$subpkgdir"/$_modules_dir - cd "$subpkgdir" + mkdir -p "$subpkgdir"/$_module_dir \ + "$subpkgdir"/$_module_conf || return 1 - mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname || return 1 + mv "$pkgdir"/$_module_dir/$soname \ + "$subpkgdir"/$_module_dir/$soname || return 1 + echo "load_module \"modules/$soname\";" > "$subpkgdir"/$_module_conf/$name.conf - mkdir -p "$subpkgdir"/etc/nginx/modules - echo "load_module \"modules/$soname\";" > ./etc/nginx/modules/$name.conf + local conf; + for conf in $(eval echo \$_${name}_conf); do + install -Dm644 ${conf%:*} "$subpkgdir"/${conf#*:} + done +} + +_perl() { + _module || return 1 + mv "$pkgdir"/usr/lib/perl5 "$subpkgdir"/usr/lib/ } -md5sums="204a20cb4f0b0c9db746c630d89ff4ea nginx-1.10.3.tar.gz -76c503918c003fcc55005b7688f47add ngx_devel_kit-0.3.0.tar.gz -897338c2c4bc44f2d56ae06ab9820372 echo-nginx-module-0.60.tar.gz -e1dd79f0ec82415bbf8a1cb938988955 ngx-fancyindex-0.4.1.tar.gz -5ce112f12afe155749e2c504997861f7 headers-more-nginx-module-0.32.tar.gz -6eb0161f495bb996af6bbb58f3cef764 lua-nginx-module-0.10.7.tar.gz -fbe5a95878ff4365435fd3223256f830 nchan-1.1.0.tar.gz -7c1a399d36a75bcfa874d98b5462fc09 nginx-upload-progress-module-0.9.2.tar.gz -2e82501ed423a901ab64bfe2228a0666 nginx-rtmp-module-1.1.10.tar.gz -256145c0f70d1d1d3b99f854553d48f0 nginx.conf -c4759cd2812220ab542317f54fbbe755 default.conf -db194cf3c6c4be12c70c757e0c9ad995 nginx.logrotate -16dcac0d7a2b406807d3377841d9b480 nginx.initd -801a87f7f9d27f8ad85b41a78b4c4461 ipv6.patch" -sha256sums="75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90 nginx-1.10.3.tar.gz -88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 ngx_devel_kit-0.3.0.tar.gz -1077da2229ac7d0a0215e9e6817e297c10697e095010d88f1adbd1add1ce9f4e echo-nginx-module-0.60.tar.gz -2b00d8e0ad2a67152a9cee7b7ee67990c742d501412df912baaf1eee9bb6dc71 ngx-fancyindex-0.4.1.tar.gz -c6d9dab8ea1fc997031007e2e8f47cced01417e203cd88d53a9fe9f6ae138720 headers-more-nginx-module-0.32.tar.gz -c21c8937dcdd6fc2b6a955f929e3f4d1388610f47180e60126e6dcab06786f77 lua-nginx-module-0.10.7.tar.gz -5781349bb460cf96d43e835a7ad3109724fba9ccefdbd967552538edee79c722 nchan-1.1.0.tar.gz -b286689355442657650421d8e8398bd4abf9dbbaade65947bb0cb74a349cc497 nginx-upload-progress-module-0.9.2.tar.gz -f9491dd24390b0d5d70dfe3553edf3d14efeb7c7a81b4d4a20c5cfeaefc1141c nginx-rtmp-module-1.1.10.tar.gz -df873f301f947192c854994bb0e1bac46f73a5d3cf91df997f1b6a8ed26b5724 nginx.conf -f53fd49af9b4bc308653abb85d9989879ce1fb48e43c508f5f45c84f74513865 default.conf -b063611c6cb2d33bd43c4b17bf4135dda25f209bb77e4e66d1b156cffc37fbe6 nginx.logrotate -3d8a90d2f75b7f24c4d74722b5b3ac11d85f416c2d7641b4280d7c126bfe8395 nginx.initd -a24ef5843ae0afa538b00c37eb7da7870f9d7f146f52a9668678f7296cf71d9b ipv6.patch" sha512sums="25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf nginx-1.10.3.tar.gz +ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41 nginx.conf +0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3 default.conf +09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb nginx.logrotate +e325d30d431a45801c4072f87f7bce27765e96de27c8f7821b5b0ce0716e1a8657435c93a2e9174c4b8d353fb468e65a8bc20119525e04d3d46ae5ff08cb6f5d nginx.initd +68d64a84568ec2df0366925ab282a05ebe21a85044b6c7844a47573cfd8cc8ed119cc772358bc3fff36e2d4fdf583a730592825f5f98632993ca86d1f8438d5f ipv6.patch 558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614 ngx_devel_kit-0.3.0.tar.gz c455bee73cebd0752449472452d15614b9587ddd199263d366484ede890c4d108eacbbeaef31adc9dc7732b56ef2bfc73c0fef3366366db03a8ec3fdc27a985c echo-nginx-module-0.60.tar.gz ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1 ngx-fancyindex-0.4.1.tar.gz e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1 headers-more-nginx-module-0.32.tar.gz d060a13de4d01d77e6d6cd1635ecbb405330e4326b71b89341c1c128ee4182978a51d53355bc07c350e3c3a7df15325e3df380d9c3a98b2ff7d7efa18fa09b32 lua-nginx-module-0.10.7.tar.gz -bb3a9aec5e4c9f1c376126b4b07c2e5c6cddae3659a9218bd7b0dcaa5b0e1772036eea2c7e45bbb46f61a3a9090f0092fc93e91dbb57fc5b4e65eef6ba14fc23 nchan-1.1.0.tar.gz +14af65d57325afa961bc6606f2c938acff0206914248b8ca810293113fdab859c1db9c9abce9263b9da5c2371b299770682d9ec49fbf7a356da9fbfb3e15c3c7 nchan-1.1.2.tar.gz c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c nginx-upload-progress-module-0.9.2.tar.gz -bcc0aee3308af7c61bf01a5530fcf1dae938e6778306f6e3eb5995e6d0529f43d33b7ee2acb813d5a39acc92e4853d207a01e8e41b766a6e0dd07aade60cd98f nginx-rtmp-module-1.1.10.tar.gz -ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41 nginx.conf -0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3 default.conf -09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb nginx.logrotate -1ea032cf88021ec8aa1401d284ea738364511cdb9f8c01670deb8e59aae570f5bbe17f0cbab73c0e08d6b342a621b6a9c014832168ed41f6028ecfa4211b60cf nginx.initd -68d64a84568ec2df0366925ab282a05ebe21a85044b6c7844a47573cfd8cc8ed119cc772358bc3fff36e2d4fdf583a730592825f5f98632993ca86d1f8438d5f ipv6.patch" +e7c897265d1e93b06f7e46a653b113e24d2451e2112a7a6da415f130928437444a0346832fd9c10042397fea6120e4e44acc2bccf649ec30ca5bffbf985672e2 nginx-rtmp-module-1.1.11.tar.gz +9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0 naxsi-0.55.3.tar.gz +3f6cb5ae900d0d9938f0da9788efde5c1ff80522313dd91a7e170811976facb647a734a8a58924993d95f069ec5fadfde728655ac9b37a965cd7200a9785055d naxsi.conf +c49c81dbdb8bd507fccf31295e603cea8f0a964867c27eff0436dcea3b4a547c8ae2f11ecf49c4d82c693cf8138c17ebbed395738539d0d61254951e5f0db7e3 ngx_cache_purge-2.3.0.1.tar.gz +fd305b859c868ef55171b05f64071a2836c12073bcd89d6197af4946a3d1177f77c6708d4d589d460c84967273dee87ca9de97ab0f0d47e6d65f86b465d70316 nginx-upstream-fair-0.1.1.tar.gz +2743d9aea60bd4984b650213e571cf27e6ff5b3db708242ccb53b8fc669d1cc82ee224ba79aee2f6969b6e13821cfdd3df7b412541e1fdbb867ecc95326e07e1 tengine-http-sysguard-2.2.0.tar.gz +2dca2ac74fb92e330fde7b6b6120b2fd2565c377a629c9536cf77beebe41aa4b092d4229d5b487b0fb02be4f2cc5b897c429c87bbbbc7b0d31e1cbb94231ddce sysguard.patch" diff --git a/main/nginx/naxsi.conf b/main/nginx/naxsi.conf new file mode 100644 index 0000000000..e3d8d4afd3 --- /dev/null +++ b/main/nginx/naxsi.conf @@ -0,0 +1,24 @@ +include /etc/nginx/naxsi_core.rules; + +server { + listen 4242; + server_name localhost; + location / { + LearningMode; + SecRulesEnabled; + DeniedUrl "/50x.html"; + CheckRule "$SQL >= 8" BLOCK; + CheckRule "$RFI >= 8" BLOCK; + CheckRule "$TRAVERSAL >= 4" BLOCK; + CheckRule "$EVADE >= 4" BLOCK; + CheckRule "$XSS >= 8" BLOCK; + error_log /var/log/nginx/naxsi_error.log debug; + access_log /var/log/nginx/naxsi_access.log; + root html; + index index.html index.htm; + } + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root html; + } +} diff --git a/main/nginx/nginx.initd b/main/nginx/nginx.initd index 992d5fd5b9..d01874e4f4 100644 --- a/main/nginx/nginx.initd +++ b/main/nginx/nginx.initd @@ -1,9 +1,15 @@ #!/sbin/openrc-run description="Nginx http and reverse proxy server" +description_checkconfig="Verify configuration" +description_upgrade="Upgrade running binary" +description_reload="Reload configuration" +description_reopen="Reopen log files" + +extra_commands="checkconfig" extra_started_commands="reload reopen upgrade" -cfgfile=${cfgfile:-/etc/nginx/nginx.conf} +cfgfile=${NGINX_CONFIG:-/etc/nginx/nginx.conf} pidfile=/run/nginx/nginx.pid command=/usr/sbin/nginx command_args="-c $cfgfile" @@ -14,29 +20,35 @@ depend() { use dns logger netmount } +checkconfig() { + ebegin "Checking $RC_SVCNAME config" + $command $command_args -t + eend $? +} + start_pre() { ebegin - checkpath --directory --owner nginx:nginx ${pidfile%/*} - $command $command_args -t -q + checkpath -d -o ${NGINX_OWNER:-nginx:nginx} ${pidfile%/*} + checkconfig >/dev/null 2>&1 eend $? } reload() { - ebegin "Reloading ${SVCNAME} configuration" - start_pre && start-stop-daemon --signal HUP --pidfile $pidfile + ebegin "Reloading $RC_SVCNAME configuration" + checkconfig >/dev/null 2>&1 && start-stop-daemon --signal HUP --pidfile $pidfile eend $? } reopen() { - ebegin "Reopening ${SVCNAME} log files" + ebegin "Reopening $RC_SVCNAME log files" start-stop-daemon --signal USR1 --pidfile $pidfile eend $? } upgrade() { - start_pre || return 1 + checkconfig || return $? - ebegin "Upgrading ${SVCNAME} binary" + ebegin "Upgrading $RC_SVCNAME binary" einfo "Sending USR2 to old binary" start-stop-daemon --signal USR2 --pidfile $pidfile diff --git a/main/nginx/nginx.post-upgrade b/main/nginx/nginx.post-upgrade deleted file mode 100644 index 6d9e698dc7..0000000000 --- a/main/nginx/nginx.post-upgrade +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh - -ver_new="$1" -ver_old="$2" - -if [ "$(apk version -t "$ver_old" "1.10.1-r3")" = "<" ]; then - cat 1>&2 <<-EOF - * - * The nginx package has been modified to use dynamic modules. Now there's - * just single package providing nginx executable and bunch of nginx-mod-* - * subpackages. - * - * Lua support is now provided by package nginx-mod-http-lua, RTMP support - * is provided by nginx-mod-rtmp. - * - * Modules mail and stream are dynamic modules too and so not included - * by default anymore. If you use them, install nginx-mod-mail and - * nginx-mod-stream. - * - EOF -fi - -exit 0 diff --git a/main/nginx/sysguard.patch b/main/nginx/sysguard.patch new file mode 100644 index 0000000000..be8b0d2ee4 --- /dev/null +++ b/main/nginx/sysguard.patch @@ -0,0 +1,10 @@ +--- a/src/http/ngx_http_request.h ++++ b/src/http/ngx_http_request.h +@@ -498,6 +498,7 @@ + */ + unsigned limit_conn_set:1; + unsigned limit_req_set:1; ++ unsigned sysguard_set:1; + + #if 0 + unsigned cacheable:1; |