testing/nginx-naxsi: new aport

NGINX with naxsi WAF support https://github.com/nbs-system/naxsi

Built with the same modules as Debian + SysGuard from Tengine.

Nginx patched to anonymise server strings.

With the WAF & SysGuard enabled nginx-naxsi benchmarked @ approx
600 connections / second (the same as the standard Alpine nginx pkg).
With the WAF disabled 640 connections / second (as the mail modules
are removed as per the naxsi author's recommendation).

1 files changed, 42 insertions, 0 deletions

diff --git a/testing/nginx-naxsi/nginx.initd b/testing/nginx-naxsi/nginx.initd
new file mode 100644
index 0000000000..ce2b7b8bb9
--- /dev/null
+++ b/testing/nginx-naxsi/nginx.initd
@@ -0,0 +1,42 @@
+#!/sbin/runscript
+
+extra_started_commands="reload"
+extra_commands="configtest"
+
+depend() {
+	need net
+	use dns logger netmount
+}
+
+CONFFILE=${CONFFILE:-/etc/nginx/${SVCNAME}.conf}
+PIDFILE=${PIDFILE:-/var/run/${SVCNAME}.pid}
+
+configtest() {
+	ebegin "Checking ${SVCNAME} configuration"
+	mkdir -p /tmp/nginx
+	/usr/sbin/nginx -c ${CONFFILE} -t
+	eend $? "failed, please correct errors above"
+}
+
+start() {
+	configtest || return 1
+	ebegin "Starting ${SVCNAME}"
+	start-stop-daemon --start --pidfile "${PIDFILE}" \
+		--exec /usr/sbin/nginx -- -c ${CONFFILE} -g "pid ${PIDFILE};"
+	eend $? "Failed to start ${SVCNAME}"
+}
+
+stop() {
+	configtest || return 1
+	ebegin "Stopping ${SVCNAME}"
+	start-stop-daemon --stop --pidfile "${PIDFILE}"
+	eend $? "Failed to stop ${SVCNAME}"
+	rm -f "${PIDFILE}"
+}
+
+reload() {
+	configtest || return 1
+	ebegin "Refreshing ${SVCNAME} configuration"
+	kill -HUP $(cat "${PIDFILE}") &>/dev/null
+	eend $? "Failed to reload nginx"
+}