From f30d57caf6336ee2ddb597658b4a398987c340f7 Mon Sep 17 00:00:00 2001
From: Stuart Cardall <developer@it-offshore.co.uk>
Date: Tue, 3 Jan 2017 00:43:33 +0000
Subject: testing/nginx-naxsi: update to 1.11.8 with dynamic modules
Added support for dynamic modules
/usr/lib/nginx/modules:
3RD PARTY
================================
ngx_http_naxsi_module.so
ngx_http_cache_purge_module.so
ngx_http_upstream_fair_module.so
ngx_http_sysguard_module.so
* http-sysguard backported from tengine:
http://tengine.taobao.org/document/http_sysguard.html
CORE
================================
ngx_http_geoip_module.so
ngx_http_image_filter_module.so
ngx_http_perl_module.so
ngx_http_xslt_filter_module.so
ngx_mail_module.so
ngx_stream_module.so
----------------------------------------------------
To load dynamic modules add to /etc/nginx/nginx.conf
load_module "modules/ngx_module_name_above.so";
----------------------------------------------------
---
testing/nginx-naxsi/APKBUILD | 212 ++++++++++++++++++++++++---------------
testing/nginx-naxsi/default.conf | 18 ++++
testing/nginx-naxsi/nginx.conf | 92 +++++++++++++++++
testing/nginx-naxsi/nginx.initd | 79 ++++++++++-----
4 files changed, 295 insertions(+), 106 deletions(-)
create mode 100644 testing/nginx-naxsi/default.conf
create mode 100644 testing/nginx-naxsi/nginx.conf
(limited to 'testing/nginx-naxsi')
diff --git a/testing/nginx-naxsi/APKBUILD b/testing/nginx-naxsi/APKBUILD
index d12181a1ba..6a73aa716d 100644
--- a/testing/nginx-naxsi/APKBUILD
+++ b/testing/nginx-naxsi/APKBUILD
@@ -5,25 +5,44 @@
pkgname=nginx-naxsi
_pkgname=nginx
-pkgver=1.11.5
-_ngx_naxsi_ver=0.55.1
-_ngx_cache_purge_ver=2.3
-_ngx_upstream_fair_ver=0.1.0
-_ngx_http_sysguard_ver=2.1.0
-pkgrel=1
-pkgdesc="lightweight HTTP and reverse proxy server with Naxsi WAF support, see also 'nxapi'"
+pkgver=1.11.8
+pkgrel=0
+pkgdesc="Lightweight HTTP and reverse proxy server with Naxsi WAF support, see also 'nxapi'"
url="http://www.nginx.org | https://github.com/nbs-system/naxsi"
arch="all"
license="custom"
-install="$pkgname.pre-install $pkgname.pre-upgrade"
+
+# Modules
+_ngx_naxsi_name=naxsi
+_ngx_naxsi_ver=0.55.1
+_ngx_naxsi_dir="$srcdir/$_ngx_naxsi_name-$_ngx_naxsi_ver/naxsi_src"
+
+_ngx_cache_purge_name=ngx_cache_purge
+_ngx_cache_purge_ver=2.3.0.1
+_ngx_cache_purge_dir="$srcdir/$_ngx_cache_purge_name-$_ngx_cache_purge_ver"
+
+_ngx_upstream_fair_name=nginx-upstream-fair
+_ngx_upstream_fair_ver=0.1.1
+_ngx_upstream_fair_dir="$srcdir/$_ngx_upstream_fair_name-$_ngx_upstream_fair_ver"
+
+_ngx_http_sysguard_name=tengine-http-sysguard
+_ngx_http_sysguard_ver=2.2.0
+_ngx_http_sysguard_dir="$srcdir/$_ngx_http_sysguard_name-$_ngx_http_sysguard_ver"
+
depends="!nginx"
-makedepends="pcre-dev libressl-dev zlib-dev paxmark linux-headers"
-subpackages="$pkgname-doc $pkgname-vim:vim"
+makedepends="linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev libressl-dev
+ pcre-dev perl-dev pkgconf zlib-dev"
+pkgusers="nginx"
+_grp_ngx="nginx"
+_grp_www="www-data"
+pkggroups="$_grp_ngx $_grp_www"
+install="$pkgname.pre-install $pkgname.pre-upgrade"
+subpackages="$pkgname-doc"
source="http://nginx.org/download/$_pkgname-$pkgver.tar.gz
- naxsi-$_ngx_naxsi_ver.tar.gz::https://github.com/nbs-system/naxsi/archive/$_ngx_naxsi_ver.tar.gz
- ngx_cache_purge-$_ngx_cache_purge_ver.tar.gz::https://github.com/FRiCKLE/ngx_cache_purge/archive/$_ngx_cache_purge_ver.tar.gz
- upstream-fair-$_ngx_upstream_fair_ver.tar.gz::https://github.com/hnlq715/nginx-upstream-fair/archive/v$_ngx_upstream_fair_ver.tar.gz
- sysguard-$_ngx_http_sysguard_ver.tar.gz::https://github.com/itoffshore/nginx-http-sysguard/archive/$_ngx_http_sysguard_ver.tar.gz
+ naxsi-$_ngx_naxsi_ver.tar.gz::https://github.com/nbs-system/$_ngx_naxsi_name/archive/$_ngx_naxsi_ver.tar.gz
+ ngx_cache_purge-$_ngx_cache_purge_ver.tar.gz::https://github.com/itoffshore/$_ngx_cache_purge_name/archive/v$_ngx_cache_purge_ver.tar.gz
+ upstream-fair-$_ngx_upstream_fair_ver.tar.gz::https://github.com/itoffshore/$_ngx_upstream_fair_name/archive/v$_ngx_upstream_fair_ver.tar.gz
+ sysguard-$_ngx_http_sysguard_ver.tar.gz::https://github.com/itoffshore/$_ngx_http_sysguard_name/archive/v$_ngx_http_sysguard_ver.tar.gz
anonymise.patch
ipv6.patch
@@ -32,34 +51,52 @@ source="http://nginx.org/download/$_pkgname-$pkgver.tar.gz
nginx.initd
nginx.logrotate
"
+builddir="$srcdir"/$_pkgname-$pkgver
-_builddir="$srcdir"/$_pkgname-$pkgver
+_modules_dir="usr/lib/nginx/modules"
+_modules="
+ http-geoip
+ http-image-filter
+ http-perl
+ http-xslt-filter
+ mail
+ stream
+ http-naxsi
+ http-cache-purge
+ http-upstream-fair
+ http-sysguard
+ "
+
+for _m in $_modules; do
+ subpackages="$subpackages $pkgname-mod-$_m:_module"
+done
-prepare() {
- local i
- cd "$_builddir"
- for i in $source; do
- case $i in
- *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
- esac
- done
-}
build() {
- cd "$_builddir"
+ cd "$builddir"
./configure \
- --prefix=/usr \
+ --prefix=/var/lib/$_pkgname \
+ --sbin-path=/usr/sbin/$_pkgname \
+ --modules-path=/$_modules_dir \
--conf-path=/etc/$_pkgname/$_pkgname.conf \
- --pid-path=/var/run/$_pkgname.pid \
- --lock-path=/var/run/$_pkgname.lock \
+ --pid-path=/run/$_pkgname/$_pkgname.pid \
+ --lock-path=/run/$_pkgname/$_pkgname.lock \
--error-log-path=/var/log/$_pkgname/error.log \
--http-log-path=/var/log/$_pkgname/access.log \
- --http-client-body-temp-path=/tmp/$_pkgname/client-body \
- --http-proxy-temp-path=/tmp/$_pkgname/proxy \
- --http-fastcgi-temp-path=/tmp/$_pkgname/fastcgi \
- --user=nginx \
- --group=nginx \
+ --http-client-body-temp-path=/var/lib/$_pkgname/tmp/client_body \
+ --http-proxy-temp-path=/var/lib/$_pkgname/tmp/proxy \
+ --http-fastcgi-temp-path=/var/lib/$_pkgname/tmp/fastcgi \
+ --with-perl_modules_path=/usr/lib/perl5/vendor_perl \
+ \
+ --user=$pkgusers \
+ --group=$_grp_ngx \
+ --with-threads \
+ --with-file-aio \
+ --without-http_uwsgi_module \
+ --without-http_scgi_module \
+ \
--with-http_ssl_module \
+ --with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
@@ -68,83 +105,100 @@ build() {
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
+ --with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
- --with-http_stub_status_module \
- --with-http_auth_request_module \
- --with-threads \
- --with-stream \
- --with-stream_ssl_module \
--with-http_slice_module \
- --with-mail \
+ --with-http_stub_status_module \
+ --with-http_realip_module \
+ --with-http_xslt_module=dynamic \
+ --with-http_image_filter_module=dynamic \
+ --with-http_geoip_module=dynamic \
+ --with-http_perl_module=dynamic \
+ --with-mail=dynamic \
--with-mail_ssl_module \
- --with-file-aio \
- --with-http_v2_module \
- --without-http_uwsgi_module \
- --without-http_scgi_module \
- --add-module="$srcdir/naxsi-$_ngx_naxsi_ver/naxsi_src" \
- --add-module="$srcdir/ngx_cache_purge-$_ngx_cache_purge_ver" \
- --add-module="$srcdir/nginx-upstream-fair-$_ngx_upstream_fair_ver" \
- --add-module="$srcdir/nginx-http-sysguard-$_ngx_http_sysguard_ver" \
+ --with-stream=dynamic \
+ --with-stream_ssl_module \
+ \
+ --add-dynamic-module="$_ngx_naxsi_dir" \
+ --add-dynamic-module="$_ngx_cache_purge_dir" \
+ --add-dynamic-module="$_ngx_upstream_fair_dir" \
+ --add-dynamic-module="$_ngx_http_sysguard_dir" \
|| return 1
make || return 1
}
package() {
- cd "$_builddir"
+ cd "$builddir"
+
make DESTDIR="$pkgdir" install
- local paxflags="-m"
- [ "$CARCH" = "x86" ] && paxflags="-msp"
- paxmark "$paxflags" "$pkgdir"/usr/sbin/nginx || return 1
+ install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
+ install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README
- install -m755 -D "$srcdir"/$_pkgname.initd "$pkgdir"/etc/init.d/$_pkgname
- install -m644 -D "$srcdir"/$_pkgname.logrotate "$pkgdir"/etc/logrotate.d/$_pkgname
+ cd "$pkgdir"
- install -m644 -D LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
- install -m644 -D "$srcdir"/naxsi-$_ngx_naxsi_ver/naxsi_config/naxsi_core.rules "$pkgdir"/etc/nginx/naxsi_core.rules
+ install -Dm644 "$srcdir"/nginx.conf ./etc/$_pkgname/nginx.conf
+ install -Dm644 "$srcdir"/default.conf ./etc/$_pkgname/conf.d/default.conf
+ install -m755 -D "$srcdir"/$_pkgname.initd ./etc/init.d/$_pkgname
+ install -m644 -D "$srcdir"/$_pkgname.logrotate ./etc/logrotate.d/$_pkgname
+ install -m644 -D "$srcdir"/naxsi-$_ngx_naxsi_ver/naxsi_config/naxsi_core.rules ./etc/nginx/naxsi_core.rules
+
+ install -dm755 ./etc/$_pkgname/modules
+ install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname
+ install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname/tmp
+
+ ln -sf /$_modules_dir ./var/lib/$_pkgname/modules
+ ln -sf /var/log/$_pkgname ./var/lib/$_pkgname/logs
+ ln -sf /run/$_pkgname ./var/lib/$_pkgname/run
+
+ rm -rf ./run ./etc/$_pkgname/*.default
}
-vim() {
- local t
+_module() {
+ local name="${subpkgname#$pkgname-mod-}"
+ name="${name//-/_}"
+ soname="ngx_${name}_module.so"
+
+ pkgdesc="$pkgdesc (module $name)"
+ depends="!nginx-mod-$name"
+ provides="$name"
- depends=""
- pkgdesc="Vim syntax for Nginx"
- arch="noarch"
+ mkdir -p "$subpkgdir"/$_modules_dir
+ cd "$subpkgdir"
- for t in ftdetect syntax indent; do
- install -Dm644 "$_builddir"/contrib/vim/$t/$_pkgname.vim \
- "$subpkgdir"/usr/share/vim/vimfiles/$t/$_pkgname.vim
- done
+ mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname || return 1
+ mkdir -p "$subpkgdir"/etc/nginx/modules
+ echo "load_module \"modules/$soname\";" > ./etc/nginx/modules/$name.conf
}
-md5sums="db43f2b19746f6f47401c3afc3924dc6 nginx-1.11.5.tar.gz
+md5sums="8f68f49b6db510e567bba9e0c271a3ac nginx-1.11.8.tar.gz
b894ea5327a3d102a56aeddb79d2e047 naxsi-0.55.1.tar.gz
-dc4c0688ed03ca7f5563097c2a8a76ca ngx_cache_purge-2.3.tar.gz
-f3562ef6573f616e254d382d6f86b8e1 upstream-fair-0.1.0.tar.gz
-fdb072dc8d67b573a0ea7983530a7d2b sysguard-2.1.0.tar.gz
+dedef1e47a26500993a88c96112d5d0f ngx_cache_purge-2.3.0.1.tar.gz
+233861df4dc0872f727fc4c7e5c72dca upstream-fair-0.1.1.tar.gz
+3a72f075bb114f1a97976c088a81c7f7 sysguard-2.2.0.tar.gz
31d29937da95b31714faa399aeb07407 anonymise.patch
f478d8391dafa32a8b0b3a9f21d7a080 ipv6.patch
50357b75049d878c0bcce10d0c60f9ed sysguard.patch
-609ea97ab6c3c30f9e8329968aadc4f3 nginx.initd
+2e56b3f21f19aecc5500c9efc9222782 nginx.initd
8823274a834332d3db4f62bf7dd1fb7d nginx.logrotate"
-sha256sums="223f8a2345a75f891098cf26ccdf208b293350388f51ce69083674c9432db6f6 nginx-1.11.5.tar.gz
+sha256sums="53aef3715d79015314c2dcb18f2b185a0c64368cc01b30bdf0737a215f666b34 nginx-1.11.8.tar.gz
45dd0df7a6b0b6aa9c64eb8c39a8e294d659d87fb18e192cf58f1402f3cdb0a8 naxsi-0.55.1.tar.gz
-cb7d5f22919c613f1f03341a1aeb960965269302e9eb23425ccaabd2f5dcbbec ngx_cache_purge-2.3.tar.gz
-dd0bfb79d2489f48ea63ac004d91890cd471eb4020500ce9179c3612cb13246c upstream-fair-0.1.0.tar.gz
-97e0cc9a36fcce375c5b0667b002d2f7acd580e968a2318e3276fbdc1b99f8e4 sysguard-2.1.0.tar.gz
+5da9360cd805a432ea7a08832ec3dd3a5d9f1574f71b3acdd53210610aee94e5 ngx_cache_purge-2.3.0.1.tar.gz
+e8aec578f03259c6f457575360f70d57aea385a1864562b0ba6e57d6a75d52c7 upstream-fair-0.1.1.tar.gz
+6051eb52361d602011b4c7e88b63384bcc8ebc4b004bd4b12eec3e5dce953f1d sysguard-2.2.0.tar.gz
28adf3605875197d5822fa382f5fd3c9c80f7d3a561e904fee223fa051f98810 anonymise.patch
4a1a24a92657432012f08c52e8099c7abae390c9c4cb76483cacd012e26a57ac ipv6.patch
18090329435c32d91621a5943acc5b8bbe89aaa3c2fa334c3a4cdeb00efb6226 sysguard.patch
-8cbef405295eac299dfc3b9b119c02bda354a9b335923bed6ff6992c1fd8f493 nginx.initd
+decb084e29b584fb54b57a199f5a480dd77a4c1b3ef3da515c2eb76bd32172c5 nginx.initd
cea0c6f8de55a4c3a3eccc57910de1c3116634082c8e5b660630fb927a29f38d nginx.logrotate"
-sha512sums="f41b21b5d8c6b7fe7f8713e96fb6b1c40da49bf64ebb790fb5aa38f036a37b36fcf048ff72c2216552b2f75366b30c5fcdef26312bd4e5515b2476a1cd944b8c nginx-1.11.5.tar.gz
+sha512sums="4bbecf17579022cc925af8808554983c57e4f438edc8f987751413f0a023267a4766edc8321cbbe8a8b675f7e86d8a2cba76bd52236c8d9509b2b301ab349ffa nginx-1.11.8.tar.gz
aebda20e5b78e9111b7bac1e15829258e6b85b80e4ce333e4dba8caead36287b3f0fcb453c51d7c59f07d637fa62f5c6b23aecd3bf6a3c3da4abebf1a6689f14 naxsi-0.55.1.tar.gz
-81929ca57ce5c2e1af6ec43882a54ff1da8dc77786bfb7505ff94fbcf970ae8870b419dc5c0bc7b80794d75a359e0100f360c1cf458a300f802b1d8bd7053811 ngx_cache_purge-2.3.tar.gz
-2ff9894986c5cd483ecee97d8818675ef6d063e5f45bb66e8cf56c78bbd043b9c0c37eb3cf650b7cfb6d40da9f7a4ba0e030fe39de5ef1f715cbcd6560248428 upstream-fair-0.1.0.tar.gz
-f9587b8aa7a2b09be016dc6f7a07fe3fee154d16172194e899bf3c78a3f4e373c78f79932794cd9ac75793514c606ab878f88be9400b70e37528d263f1541b34 sysguard-2.1.0.tar.gz
+c49c81dbdb8bd507fccf31295e603cea8f0a964867c27eff0436dcea3b4a547c8ae2f11ecf49c4d82c693cf8138c17ebbed395738539d0d61254951e5f0db7e3 ngx_cache_purge-2.3.0.1.tar.gz
+fd305b859c868ef55171b05f64071a2836c12073bcd89d6197af4946a3d1177f77c6708d4d589d460c84967273dee87ca9de97ab0f0d47e6d65f86b465d70316 upstream-fair-0.1.1.tar.gz
+2743d9aea60bd4984b650213e571cf27e6ff5b3db708242ccb53b8fc669d1cc82ee224ba79aee2f6969b6e13821cfdd3df7b412541e1fdbb867ecc95326e07e1 sysguard-2.2.0.tar.gz
f8e46dafcf553edd35699dc2a47a54756e0a4c690fc13f81436ad9db1026739ba331ad99d3d05d8a7c089a5c067bf45f4aca3a98fdd9483b7b0123a837e695be anonymise.patch
cae9f842c3d1188730d4355440476ad2338b19c027c4b329efe88d4487e90d96bf60dea6feb4be6a6f96d4b356fc154345e32c2bb643d70f68e428df26330a49 ipv6.patch
2dca2ac74fb92e330fde7b6b6120b2fd2565c377a629c9536cf77beebe41aa4b092d4229d5b487b0fb02be4f2cc5b897c429c87bbbbc7b0d31e1cbb94231ddce sysguard.patch
-6e9a37176c0ca5a463a2745401bc5a6f9c002a236244b615a2803ec04404cc768678a1fa27ee047f81f4ccf002f7bea4b803522049f4ef839c61bb83577b9d65 nginx.initd
+6c27d605536a31159b65776098926ede0b5045210b190e803681a10c06a10556283d873e772fd635642b18846549ec3a18989ca9fe6466f120ce9e1327dcacd5 nginx.initd
01b77cff16f6e8bfd7fa1d4d20f625bbcddd08f0509173452d060c342c93dc315a7b0560f4734323a5d29ea294de0491f2e3f32e5337574e1a28ebc005eceea8 nginx.logrotate"
diff --git a/testing/nginx-naxsi/default.conf b/testing/nginx-naxsi/default.conf
new file mode 100644
index 0000000000..9ae25d8fca
--- /dev/null
+++ b/testing/nginx-naxsi/default.conf
@@ -0,0 +1,18 @@
+# This is a default site configuration which will simply return 404, preventing
+# chance access to any other virtualhost.
+
+server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+
+ # Everything is a 404
+ location / {
+ return 404;
+ }
+
+ # You may need this to prevent return 404 recursion.
+ location = /404.html {
+ internal;
+ }
+}
+
diff --git a/testing/nginx-naxsi/nginx.conf b/testing/nginx-naxsi/nginx.conf
new file mode 100644
index 0000000000..c637b92e32
--- /dev/null
+++ b/testing/nginx-naxsi/nginx.conf
@@ -0,0 +1,92 @@
+# /etc/nginx/nginx.conf
+
+user nginx;
+
+# Set number of worker processes automatically based on number of CPU cores.
+worker_processes auto;
+
+# Enables the use of JIT for regular expressions to speed-up their processing.
+pcre_jit on;
+
+# Configures default error logger.
+error_log /var/log/nginx/error.log warn;
+
+# Includes files with directives to load dynamic modules.
+include /etc/nginx/modules/*.conf;
+
+
+events {
+ # The maximum number of simultaneous connections that can be opened by
+ # a worker process.
+ worker_connections 1024;
+}
+
+http {
+ # Includes mapping of file name extensions to MIME types of responses
+ # and defines the default type.
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ # Name servers used to resolve names of upstream servers into addresses.
+ # It's also needed when using tcpsocket and udpsocket in Lua modules.
+ #resolver 208.67.222.222 208.67.220.220;
+
+ # Don't tell nginx version to clients.
+ server_tokens off;
+
+ # Specifies the maximum accepted body size of a client request, as
+ # indicated by the request header Content-Length. If the stated content
+ # length is greater than this size, then the client receives the HTTP
+ # error code 413. Set to 0 to disable.
+ client_max_body_size 1m;
+
+ # Timeout for keep-alive connections. Server will close connections after
+ # this time.
+ keepalive_timeout 65;
+
+ # Sendfile copies data between one FD and other from within the kernel,
+ # which is more efficient than read() + write().
+ sendfile on;
+
+ # Don't buffer data-sends (disable Nagle algorithm).
+ # Good for sending frequent small bursts of data in real time.
+ tcp_nodelay on;
+
+ # Causes nginx to attempt to send its HTTP response head in one packet,
+ # instead of using partial frames.
+ #tcp_nopush on;
+
+
+ # Path of the file with Diffie-Hellman parameters for EDH ciphers.
+ #ssl_dhparam /etc/ssl/nginx/dh2048.pem;
+
+ # Specifies that our cipher suits should be preferred over client ciphers.
+ ssl_prefer_server_ciphers on;
+
+ # Enables a shared SSL cache with size that can hold around 8000 sessions.
+ ssl_session_cache shared:SSL:2m;
+
+
+ # Enable gzipping of responses.
+ #gzip on;
+
+ # Set the Vary HTTP header as defined in the RFC 2616.
+ gzip_vary on;
+
+ # Enable checking the existence of precompressed files.
+ #gzip_static on;
+
+
+ # Specifies the main log format.
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ # Sets the path, format, and configuration for a buffered log write.
+ access_log /var/log/nginx/access.log main;
+
+
+ # Includes virtual hosts configs.
+ include /etc/nginx/conf.d/*.conf;
+}
+
diff --git a/testing/nginx-naxsi/nginx.initd b/testing/nginx-naxsi/nginx.initd
index bec20dddaa..9e51e7dfa3 100644
--- a/testing/nginx-naxsi/nginx.initd
+++ b/testing/nginx-naxsi/nginx.initd
@@ -1,42 +1,67 @@
#!/sbin/openrc-run
-extra_started_commands="reload"
-extra_commands="configtest"
+description="Nginx http and reverse proxy server"
+extra_started_commands="reload reopen upgrade"
+
+cfgfile=${cfgfile:-/etc/nginx/nginx.conf}
+pidfile=/run/nginx/nginx.pid
+command=/usr/sbin/nginx
+command_args="-c $cfgfile"
+required_files="$cfgfile"
depend() {
need net
use dns logger netmount
}
-CONFFILE=${CONFFILE:-/etc/nginx/${SVCNAME}.conf}
-PIDFILE=${PIDFILE:-/var/run/${SVCNAME}.pid}
-
-configtest() {
- ebegin "Checking ${SVCNAME} configuration"
- mkdir -p /tmp/nginx
- /usr/sbin/nginx -c ${CONFFILE} -t
- eend $? "failed, please correct errors above"
+start_pre() {
+ ebegin
+ checkpath --directory --owner nginx:nginx ${pidfile%/*}
+ $command $command_args -t -q
+ eend $?
}
-start() {
- configtest || return 1
- ebegin "Starting ${SVCNAME}"
- start-stop-daemon --start --pidfile "${PIDFILE}" \
- --exec /usr/sbin/nginx -- -c ${CONFFILE} -g "pid ${PIDFILE};"
- eend $? "Failed to start ${SVCNAME}"
+reload() {
+ ebegin "Reloading ${SVCNAME} configuration"
+ start_pre && start-stop-daemon --signal HUP --pidfile $pidfile
+ eend $?
}
-stop() {
- configtest || return 1
- ebegin "Stopping ${SVCNAME}"
- start-stop-daemon --stop --pidfile "${PIDFILE}"
- eend $? "Failed to stop ${SVCNAME}"
- rm -f "${PIDFILE}"
+reopen() {
+ ebegin "Reopening ${SVCNAME} log files"
+ start-stop-daemon --signal USR1 --pidfile $pidfile
+ eend $?
}
-reload() {
- configtest || return 1
- ebegin "Refreshing ${SVCNAME} configuration"
- kill -HUP $(cat "${PIDFILE}") &>/dev/null
- eend $? "Failed to reload nginx"
+upgrade() {
+ start_pre || return 1
+
+ ebegin "Upgrading ${SVCNAME} binary"
+
+ einfo "Sending USR2 to old binary"
+ start-stop-daemon --signal USR2 --pidfile $pidfile
+
+ einfo "Sleeping 3 seconds before pid-files checking"
+ sleep 3
+
+ if [ ! -f $pidfile.oldbin ]; then
+ eerror "File with old pid ($pidfile.oldbin) not found"
+ return 1
+ fi
+
+ if [ ! -f $pidfile ]; then
+ eerror "New binary failed to start"
+ return 1
+ fi
+
+ einfo "Sleeping 3 seconds before WINCH"
+ sleep 3 ; start-stop-daemon --signal 28 --pidfile $pidfile.oldbin
+
+ einfo "Sending QUIT to old binary"
+ start-stop-daemon --signal QUIT --pidfile $pidfile.oldbin
+
+ einfo "Upgrade completed"
+
+ eend $? "Upgrade failed"
}
+
--
cgit v1.2.3