# Maintainer: Stuart Cardall # Contributor: Cameron Banta # Contributor: Jeff Bilyk # Contributor: Bartłomiej Piotrowski pkgname=nginx-naxsi _pkgname=nginx pkgver=1.16.0 pkgrel=1 pkgdesc="Lightweight HTTP and reverse proxy server with Naxsi WAF support, see also 'nxapi'" url="https://github.com/nbs-system/naxsi" arch="all" license="custom" # Modules _ngx_naxsi_name=naxsi _ngx_naxsi_ver=0.56 _ngx_naxsi_dir="$srcdir/$_ngx_naxsi_name-$_ngx_naxsi_ver/naxsi_src" _ngx_cache_purge_name=ngx_cache_purge _ngx_cache_purge_ver=2.3.0.1 _ngx_cache_purge_dir="$srcdir/$_ngx_cache_purge_name-$_ngx_cache_purge_ver" _ngx_upstream_fair_name=nginx-upstream-fair _ngx_upstream_fair_ver=0.1.3 _ngx_upstream_fair_dir="$srcdir/$_ngx_upstream_fair_name-$_ngx_upstream_fair_ver" _ngx_http_sysguard_name=tengine-http-sysguard _ngx_http_sysguard_ver=2.2.0 _ngx_http_sysguard_dir="$srcdir/$_ngx_http_sysguard_name-$_ngx_http_sysguard_ver" depends="!nginx" makedepends="linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev openssl-dev pcre-dev perl-dev pkgconf zlib-dev" pkgusers="nginx" _grp_ngx="nginx" _grp_www="www-data" pkggroups="$_grp_ngx $_grp_www" install="$pkgname.pre-install $pkgname.pre-upgrade" options="!check" subpackages="$pkgname-doc" source="https://nginx.org/download/$_pkgname-$pkgver.tar.gz naxsi-$_ngx_naxsi_ver.tar.gz::https://github.com/nbs-system/$_ngx_naxsi_name/archive/$_ngx_naxsi_ver.tar.gz ngx_cache_purge-$_ngx_cache_purge_ver.tar.gz::https://github.com/itoffshore/$_ngx_cache_purge_name/archive/v$_ngx_cache_purge_ver.tar.gz upstream-fair-$_ngx_upstream_fair_ver.tar.gz::https://github.com/itoffshore/$_ngx_upstream_fair_name/archive/$_ngx_upstream_fair_ver.tar.gz sysguard-$_ngx_http_sysguard_ver.tar.gz::https://github.com/itoffshore/$_ngx_http_sysguard_name/archive/v$_ngx_http_sysguard_ver.tar.gz anonymise.patch sysguard.patch nginx.initd nginx.logrotate nginx.conf default.conf sysguard.conf " builddir="$srcdir"/$_pkgname-$pkgver _modules_dir="usr/lib/nginx/modules" _modules=" http-geoip http-image-filter http-perl http-xslt-filter mail stream http-naxsi http-cache-purge http-upstream-fair http-sysguard " for _m in $_modules; do subpackages="$subpackages $pkgname-mod-$_m:_module" done build() { ./configure \ --prefix=/var/lib/$_pkgname \ --sbin-path=/usr/sbin/$_pkgname \ --modules-path=/$_modules_dir \ --conf-path=/etc/$_pkgname/$_pkgname.conf \ --pid-path=/run/$_pkgname/$_pkgname.pid \ --lock-path=/run/$_pkgname/$_pkgname.lock \ --error-log-path=/var/log/$_pkgname/error.log \ --http-log-path=/var/log/$_pkgname/access.log \ --http-client-body-temp-path=/var/lib/$_pkgname/tmp/client_body \ --http-proxy-temp-path=/var/lib/$_pkgname/tmp/proxy \ --http-fastcgi-temp-path=/var/lib/$_pkgname/tmp/fastcgi \ --with-perl_modules_path=/usr/lib/perl5/vendor_perl \ \ --user=$pkgusers \ --group=$_grp_ngx \ --with-threads \ --with-file-aio \ --without-http_uwsgi_module \ --without-http_scgi_module \ \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_realip_module \ --with-http_addition_module \ --with-http_sub_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_auth_request_module \ --with-http_random_index_module \ --with-http_secure_link_module \ --with-http_slice_module \ --with-http_stub_status_module \ --with-http_xslt_module=dynamic \ --with-http_image_filter_module=dynamic \ --with-http_geoip_module=dynamic \ --with-http_perl_module=dynamic \ --with-mail=dynamic \ --with-mail_ssl_module \ --with-stream=dynamic \ --with-stream_ssl_module \ \ --add-dynamic-module="$_ngx_naxsi_dir" \ --add-dynamic-module="$_ngx_cache_purge_dir" \ --add-dynamic-module="$_ngx_upstream_fair_dir" \ --add-dynamic-module="$_ngx_http_sysguard_dir" make } package() { make DESTDIR="$pkgdir" install install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README cd "$pkgdir" install -Dm644 "$srcdir"/nginx.conf ./etc/$_pkgname/nginx.conf install -Dm644 "$srcdir"/default.conf ./etc/$_pkgname/conf.d/default.conf install -m755 -D "$srcdir"/$_pkgname.initd ./etc/init.d/$_pkgname install -m644 -D "$srcdir"/$_pkgname.logrotate ./etc/logrotate.d/$_pkgname install -m644 -D "$srcdir"/naxsi-$_ngx_naxsi_ver/naxsi_config/naxsi_core.rules ./etc/nginx/naxsi_core.rules install -dm755 ./etc/$_pkgname/modules install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname/tmp ln -sf /$_modules_dir ./var/lib/$_pkgname/modules ln -sf /var/log/$_pkgname ./var/lib/$_pkgname/logs ln -sf /run/$_pkgname ./var/lib/$_pkgname/run rm -rf ./run ./etc/$_pkgname/*.default # scgi & uwsgi servers are disabled rm ./etc/$_pkgname/scgi_params ./etc/$_pkgname/uwsgi_params # add module configuration _mod_conf sysguard.conf nginx-naxsi-mod-http-sysguard } _module() { local name="${subpkgname#$pkgname-mod-}" name="${name//-/_}" soname="ngx_${name}_module.so" pkgdesc="$pkgdesc (module $name)" depends="!nginx-mod-$name" provides="$name" mkdir -p "$subpkgdir"/$_modules_dir cd "$subpkgdir" mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname mkdir -p "$subpkgdir"/etc/nginx/modules echo "load_module \"modules/$soname\";" > ./etc/nginx/modules/$name.conf } _mod_conf() { local conf=$1 module=$2 install -Dm644 "$srcdir"/$conf ${pkgdir%/*}/$module/etc/nginx/conf.d/$conf } sha512sums="e99cfaa4538f209c096ea2f93c04b5019756617f3bcd3305c273e98ddc89fed5bf90d65fb9b493149bc47d55ff79e73850bfcac20505fab74930d0102075df3d nginx-1.16.0.tar.gz 4660751849bce303af6010b7257532404710106a94817e78d4bc4b566f8019620f24f30207f1d4366b88132a5124e34b164dc67ed80b6710f4bad66115564cbd naxsi-0.56.tar.gz c49c81dbdb8bd507fccf31295e603cea8f0a964867c27eff0436dcea3b4a547c8ae2f11ecf49c4d82c693cf8138c17ebbed395738539d0d61254951e5f0db7e3 ngx_cache_purge-2.3.0.1.tar.gz 8adb7453c27748f4e685e3352e9b318b408da818754dc5b6244e908423941a8ba337561104f6e481f2553cbc0e334dcea73b57f8e810a9d6e974bb69ff8859e5 upstream-fair-0.1.3.tar.gz 2743d9aea60bd4984b650213e571cf27e6ff5b3db708242ccb53b8fc669d1cc82ee224ba79aee2f6969b6e13821cfdd3df7b412541e1fdbb867ecc95326e07e1 sysguard-2.2.0.tar.gz 1117ca5887822e002d9995c041435fda53890614fd7309ea011a59bfb0df3261fc7ba8670e93aaee9116cda16b9806921a85f52c9959b093f2e5ac5df4d9b0fb anonymise.patch 2dca2ac74fb92e330fde7b6b6120b2fd2565c377a629c9536cf77beebe41aa4b092d4229d5b487b0fb02be4f2cc5b897c429c87bbbbc7b0d31e1cbb94231ddce sysguard.patch 72888c43cec3203cafe1c5e018be464129a220913c21e0abe5ca57ad0649b7120d419ede9b37181def3daad7f08b1c1afdacb33a20aa148ce1d1b9ce3b5b2a33 nginx.initd 01b77cff16f6e8bfd7fa1d4d20f625bbcddd08f0509173452d060c342c93dc315a7b0560f4734323a5d29ea294de0491f2e3f32e5337574e1a28ebc005eceea8 nginx.logrotate a1a1d9dbd65955b458d17918138fc65bf8990c46909ef43940b1633458c8f119eb485939179b6a9a3dac0c3b58c1eb0c5aec44e7b25ea7a34969c4a0807d4788 nginx.conf ed1257ca2c0f687e24ebfd5446c472a592a9f7abea022bd04b3dd519631cc235f448027aabf699a89cb7aa4d5761031d44dffcd33d02fd17db0c93da0d5e8689 default.conf 8067c78b00e9fd89141b7a70fdc39ab1095a89c97abc8c9a37df26bef40785715dabdae19bce596ec3c3baff00f9022e2f24c7f5d884590857773e87aae75734 sysguard.conf"