diff options
| author | Stuart Cardall <developer@it-offshore.co.uk> | 2014-09-18 03:20:50 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-09-18 09:47:11 +0000 |
| commit | 7596de12a5a72588a318d4768303b18635ab44b7 (patch) | |
| tree | fad92b3d4e2aab3b3001b611398253dfd020ed37 /testing/nginx-naxsi/APKBUILD | |
| parent | 080e012e1cc56363171c2544a7591918c7be26ad (diff) | |
| download | aports-7596de12a5a72588a318d4768303b18635ab44b7.tar.bz2 aports-7596de12a5a72588a318d4768303b18635ab44b7.tar.xz | |
testing/nginx-naxsi: new aport
NGINX with naxsi WAF support https://github.com/nbs-system/naxsi
Built with the same modules as Debian + SysGuard from Tengine.
Nginx patched to anonymise server strings.
With the WAF & SysGuard enabled nginx-naxsi benchmarked @ approx
600 connections / second (the same as the standard Alpine nginx pkg).
With the WAF disabled 640 connections / second (as the mail modules
are removed as per the naxsi author's recommendation).
Diffstat (limited to 'testing/nginx-naxsi/APKBUILD')
| -rw-r--r-- | testing/nginx-naxsi/APKBUILD | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/testing/nginx-naxsi/APKBUILD b/testing/nginx-naxsi/APKBUILD new file mode 100644 index 0000000000..a7ec5ca2ae --- /dev/null +++ b/testing/nginx-naxsi/APKBUILD @@ -0,0 +1,127 @@ +# Maintainer: Cameron Banta <cbanta@gmail.com> +# Contributor: Jeff Bilyk <jbilyk@gmail.com> +# Contributor: Bartłomiej Piotrowski <nospam@bpiotrowski.pl> +# Contributor: Stuart Cardall <developer@it-offshore.co.uk> + +pkgname=nginx-naxsi +_pkgname=nginx +pkgver=1.6.1 +_ngx_naxsi_ver=0.53-2 +_ngx_cache_purge_ver=2.1 +pkgrel=0 +pkgdesc="lightweight HTTP and reverse proxy server with Naxsi WAF support, see also 'naxsi-utils'" +url="http://www.nginx.org | https://github.com/nbs-system/naxsi" +arch="all" +license="Custom" +install="$pkgname.pre-install $pkgname.pre-upgrade" +depends="!nginx" +makedepends="pcre-dev openssl-dev zlib-dev paxctl" +source="http://nginx.org/download/$_pkgname-$pkgver.tar.gz + naxsi-$_ngx_naxsi_ver.tar.gz::https://github.com/nbs-system/naxsi/archive/$_ngx_naxsi_ver.tar.gz + ngx_cache_purge-$_ngx_cache_purge_ver.tar.gz::https://github.com/FRiCKLE/ngx_cache_purge/archive/2.1.tar.gz + upstream-fair.zip::https://github.com/gnosek/nginx-upstream-fair/archive/master.zip + sysguard.zip::https://github.com/alibaba/nginx-http-sysguard/archive/master.zip + + anonymise.patch + musl-crypt-fix.patch + ipv6.patch + sysguard.patch + + nginx.initd + nginx.logrotate + " + +_builddir="$srcdir"/$_pkgname-$pkgver + +prepare() { + local i + cd "$_builddir" + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done +} + +build() { + cd "$_builddir" + ./configure \ + --add-module="$srcdir/naxsi-$_ngx_naxsi_ver/naxsi_src" \ + --add-module="$srcdir/nginx-http-sysguard-master" \ + --prefix=/usr \ + --conf-path=/etc/$_pkgname/$_pkgname.conf \ + --pid-path=/var/run/$_pkgname.pid \ + --lock-path=/var/run/$_pkgname.lock \ + --error-log-path=/var/log/$_pkgname/error.log \ + --http-log-path=/var/log/$_pkgname/access.log \ + --http-client-body-temp-path=/tmp/$_pkgname/client-body \ + --http-proxy-temp-path=/tmp/$_pkgname/proxy \ + --http-fastcgi-temp-path=/tmp/$_pkgname/fastcgi \ + --user=nginx \ + --group=nginx \ + --with-ipv6 \ + --with-pcre-jit \ + --with-http_ssl_module \ + --with-http_gzip_static_module \ + --with-http_spdy_module \ + --without-mail_pop3_module \ + --without-mail_smtp_module \ + --without-mail_imap_module \ + --without-http_uwsgi_module \ + --without-http_scgi_module \ + --with-http_realip_module \ + --with-http_stub_status_module \ + --with-http_auth_request_module \ + --add-module="$srcdir/ngx_cache_purge-$_ngx_cache_purge_ver" \ + --add-module="$srcdir/nginx-upstream-fair-master" \ + || return 1 + make || return 1 +} + +package() { + cd "$_builddir" + make DESTDIR="$pkgdir" install + + local paxflags="-m" + [ "$CARCH" = "x86" ] && paxflags="-msp" + paxctl -c $paxflags "$pkgdir"/usr/sbin/nginx || return 1 + + install -m755 -D "$srcdir"/$_pkgname.initd "$pkgdir"/etc/init.d/$_pkgname + install -m644 -D "$srcdir"/$_pkgname.logrotate "$pkgdir"/etc/logrotate.d/$_pkgname + + install -m644 -D LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE + install -m644 -D "$srcdir"/naxsi-$_ngx_naxsi_ver/naxsi_config/naxsi_core.rules "$pkgdir"/etc/nginx/naxsi_core.rules +} +md5sums="45e5a11f48b001644676f7767980a2bf nginx-1.6.1.tar.gz +348b50914a1eedaed09a2509621adf43 naxsi-0.53-2.tar.gz +e63c0ff65be23f877a9975a65298e8fe ngx_cache_purge-2.1.tar.gz +2c8537e2c6eb11baebd26d863d528d64 upstream-fair.zip +a72a0ec1176b47c6ceecc3b30c85d07c sysguard.zip +a07569b8a023f1b89dcd11e0beda4df6 anonymise.patch +3aeb488921109e60d02ed64d36790aeb musl-crypt-fix.patch +801a87f7f9d27f8ad85b41a78b4c4461 ipv6.patch +50357b75049d878c0bcce10d0c60f9ed sysguard.patch +a00403a764478f5459d850bb387ca19b nginx.initd +8823274a834332d3db4f62bf7dd1fb7d nginx.logrotate" +sha256sums="f5cfe682a1aeef4602c2ca705402d5049b748f946563f41d8256c18674836067 nginx-1.6.1.tar.gz +3eadff1d91995beae41b92733ade28091c2075a24ae37058f4d6aa90b0f4b660 naxsi-0.53-2.tar.gz +c8d67b9c0ed7ec23315071df352e95b69e9f14285cd7f8883d26a7fda237bd87 ngx_cache_purge-2.1.tar.gz +e7c4208f19175db896dd2aede9326960314fc131c3a8829b19d3024d475562cf upstream-fair.zip +800536eb9f269e1478500758e859ef7c4b4c7852580f2aeee8d7eb4c1fb51f18 sysguard.zip +1923ebdb4a64a22f8903c3da619677bd3aaf769c99bee1aa4262edac58f05ba3 anonymise.patch +8c398640bd379c1c6a2fafcd2b3848a72902e47924e8e2490b312c141eec5d70 musl-crypt-fix.patch +a24ef5843ae0afa538b00c37eb7da7870f9d7f146f52a9668678f7296cf71d9b ipv6.patch +18090329435c32d91621a5943acc5b8bbe89aaa3c2fa334c3a4cdeb00efb6226 sysguard.patch +67df748bd7ef4f3c3b5eef9dd7e3b352ef671dd7cfb9db56e096eed77a442d67 nginx.initd +cea0c6f8de55a4c3a3eccc57910de1c3116634082c8e5b660630fb927a29f38d nginx.logrotate" +sha512sums="07762a7b25b7624142e9d8633eb952e7627501a183c82de7f31b20336f3f997171b366124a41c0fbc8c2a73ed6c68db1a084ca89cf8c5ad4f2bc5e8e7c7be105 nginx-1.6.1.tar.gz +ada592f5e7f80a6d549cc435ee8720df01a788dc88cf27a7d55521bb7e4c66fa11b9ec28216aff7e13c70a5faf12cb745bd398b8a782ed4dea1eecd04b07e24c naxsi-0.53-2.tar.gz +9c958c9cbc16206c023f2e879bf301005117a2358104439513c1a3965894ba2c035fc68518ce7c7a4e23548477826ac0c6439bf1da4d4560c972d9a6a75f2a01 ngx_cache_purge-2.1.tar.gz +bbe1330e86a9650326858d893a1143df9b431873062b64a89b0befdbaca9f135e872225c7a7874231537c74da85ca8c56ac3d80739227721246c096cf4f2b7da upstream-fair.zip +b361a8316d6e1f419d63f229756d3af08b32e235199285a18f8478be42a57a9c0b2ff126e7018ba750c6e9d1e33bb053f83aacd96ebc5d3b876bedb973a92712 sysguard.zip +5899097b6b6ed04deb7ae474fb65205d9c50843f30929c1370c0c1d70df3f02fe51b8ea90d3d2c3b4c53aeb3895717729e0c9773b880ca529e89a5b07fc26a5b anonymise.patch +21114c775e4bdd1f7b8b9abc143284945e96ed1d8c49904ddf918abad87b16253f918ba47976cd2df32f0fdb8a7dad399d4200e879db2da6cf93a28aab236a75 musl-crypt-fix.patch +68d64a84568ec2df0366925ab282a05ebe21a85044b6c7844a47573cfd8cc8ed119cc772358bc3fff36e2d4fdf583a730592825f5f98632993ca86d1f8438d5f ipv6.patch +2dca2ac74fb92e330fde7b6b6120b2fd2565c377a629c9536cf77beebe41aa4b092d4229d5b487b0fb02be4f2cc5b897c429c87bbbbc7b0d31e1cbb94231ddce sysguard.patch +9c6b357c460998187d7a26c0f3c8abc69c91b523a6f340c1f6ed3c863101a39eeb61e92b4cfec6a04af2b495c354c33f232ce5e59ed29edd6855e430ca73d168 nginx.initd +01b77cff16f6e8bfd7fa1d4d20f625bbcddd08f0509173452d060c342c93dc315a7b0560f4734323a5d29ea294de0491f2e3f32e5337574e1a28ebc005eceea8 nginx.logrotate" |