aboutsummaryrefslogtreecommitdiffstats
path: root/testing/nginx-naxsi/APKBUILD
blob: 61098cac7443410816be943e7e4e498da2261e02 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
# Contributor: Cameron Banta <cbanta@gmail.com>
# Contributor: Jeff Bilyk <jbilyk@gmail.com>
# Contributor: Bartłomiej Piotrowski <nospam@bpiotrowski.pl>

pkgname=nginx-naxsi
_pkgname=nginx
pkgver=1.11.10
pkgrel=1
pkgdesc="Lightweight HTTP and reverse proxy server with Naxsi WAF support, see also 'nxapi'"
url="http://www.nginx.org | https://github.com/nbs-system/naxsi"
arch="all"
license="custom"

# Modules
_ngx_naxsi_name=naxsi
_ngx_naxsi_ver=0.55.3
_ngx_naxsi_dir="$srcdir/$_ngx_naxsi_name-$_ngx_naxsi_ver/naxsi_src"

_ngx_cache_purge_name=ngx_cache_purge
_ngx_cache_purge_ver=2.3.0.1
_ngx_cache_purge_dir="$srcdir/$_ngx_cache_purge_name-$_ngx_cache_purge_ver"

_ngx_upstream_fair_name=nginx-upstream-fair
_ngx_upstream_fair_ver=0.1.1
_ngx_upstream_fair_dir="$srcdir/$_ngx_upstream_fair_name-$_ngx_upstream_fair_ver"

_ngx_http_sysguard_name=tengine-http-sysguard
_ngx_http_sysguard_ver=2.2.0
_ngx_http_sysguard_dir="$srcdir/$_ngx_http_sysguard_name-$_ngx_http_sysguard_ver"

depends="!nginx"
makedepends="linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev libressl-dev
	pcre-dev perl-dev pkgconf zlib-dev"
pkgusers="nginx"
_grp_ngx="nginx"
_grp_www="www-data"
pkggroups="$_grp_ngx $_grp_www"
install="$pkgname.pre-install $pkgname.pre-upgrade"
options="!check"
subpackages="$pkgname-doc"
source="http://nginx.org/download/$_pkgname-$pkgver.tar.gz
	naxsi-$_ngx_naxsi_ver.tar.gz::https://github.com/nbs-system/$_ngx_naxsi_name/archive/$_ngx_naxsi_ver.tar.gz
	ngx_cache_purge-$_ngx_cache_purge_ver.tar.gz::https://github.com/itoffshore/$_ngx_cache_purge_name/archive/v$_ngx_cache_purge_ver.tar.gz
	upstream-fair-$_ngx_upstream_fair_ver.tar.gz::https://github.com/itoffshore/$_ngx_upstream_fair_name/archive/v$_ngx_upstream_fair_ver.tar.gz
	sysguard-$_ngx_http_sysguard_ver.tar.gz::https://github.com/itoffshore/$_ngx_http_sysguard_name/archive/v$_ngx_http_sysguard_ver.tar.gz

	anonymise.patch
	ipv6.patch
	sysguard.patch

	nginx.initd
	nginx.logrotate
	nginx.conf
	default.conf
	"
builddir="$srcdir"/$_pkgname-$pkgver

_modules_dir="usr/lib/nginx/modules"
_modules="
	http-geoip
	http-image-filter
	http-perl
	http-xslt-filter
	mail
	stream
	http-naxsi
	http-cache-purge
	http-upstream-fair
	http-sysguard
	"

for _m in $_modules; do
	subpackages="$subpackages $pkgname-mod-$_m:_module"
done


build() {
	cd "$builddir"
	./configure \
		--prefix=/var/lib/$_pkgname \
		--sbin-path=/usr/sbin/$_pkgname \
		--modules-path=/$_modules_dir \
		--conf-path=/etc/$_pkgname/$_pkgname.conf \
		--pid-path=/run/$_pkgname/$_pkgname.pid \
		--lock-path=/run/$_pkgname/$_pkgname.lock \
		--error-log-path=/var/log/$_pkgname/error.log \
		--http-log-path=/var/log/$_pkgname/access.log \
		--http-client-body-temp-path=/var/lib/$_pkgname/tmp/client_body \
		--http-proxy-temp-path=/var/lib/$_pkgname/tmp/proxy \
		--http-fastcgi-temp-path=/var/lib/$_pkgname/tmp/fastcgi \
		--with-perl_modules_path=/usr/lib/perl5/vendor_perl \
		\
		--user=$pkgusers \
		--group=$_grp_ngx \
		--with-threads \
		--with-file-aio \
		--without-http_uwsgi_module \
		--without-http_scgi_module \
		\
		--with-http_ssl_module \
		--with-http_v2_module \
		--with-http_realip_module \
		--with-http_addition_module \
		--with-http_sub_module \
		--with-http_dav_module \
		--with-http_flv_module \
		--with-http_mp4_module \
		--with-http_gunzip_module \
		--with-http_gzip_static_module \
		--with-http_auth_request_module \
		--with-http_random_index_module \
		--with-http_secure_link_module \
		--with-http_slice_module \
		--with-http_stub_status_module \
		--with-http_xslt_module=dynamic \
		--with-http_image_filter_module=dynamic \
		--with-http_geoip_module=dynamic \
		--with-http_perl_module=dynamic \
		--with-mail=dynamic \
		--with-mail_ssl_module \
		--with-stream=dynamic \
		--with-stream_ssl_module \
		\
		--add-dynamic-module="$_ngx_naxsi_dir" \
		--add-dynamic-module="$_ngx_cache_purge_dir" \
		--add-dynamic-module="$_ngx_upstream_fair_dir" \
		--add-dynamic-module="$_ngx_http_sysguard_dir" \
		|| return 1
	make || return 1
}

package() {
	cd "$builddir"

	make DESTDIR="$pkgdir" install

	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
	install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README

	cd "$pkgdir"

	install -Dm644 "$srcdir"/nginx.conf ./etc/$_pkgname/nginx.conf
	install -Dm644 "$srcdir"/default.conf ./etc/$_pkgname/conf.d/default.conf
	install -m755 -D "$srcdir"/$_pkgname.initd ./etc/init.d/$_pkgname
	install -m644 -D "$srcdir"/$_pkgname.logrotate ./etc/logrotate.d/$_pkgname
	install -m644 -D "$srcdir"/naxsi-$_ngx_naxsi_ver/naxsi_config/naxsi_core.rules ./etc/nginx/naxsi_core.rules

	install -dm755 ./etc/$_pkgname/modules
	install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname
	install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname/tmp

	ln -sf /$_modules_dir ./var/lib/$_pkgname/modules
	ln -sf /var/log/$_pkgname ./var/lib/$_pkgname/logs
	ln -sf /run/$_pkgname ./var/lib/$_pkgname/run

	rm -rf ./run ./etc/$_pkgname/*.default
	# scgi & uwsgi servers are disabled
	rm ./etc/$_pkgname/scgi_params ./etc/$_pkgname/uwsgi_params
}

_module() {
	local name="${subpkgname#$pkgname-mod-}"
	name="${name//-/_}"
	soname="ngx_${name}_module.so"

	pkgdesc="$pkgdesc (module $name)"
	depends="!nginx-mod-$name"
	provides="$name"

	mkdir -p "$subpkgdir"/$_modules_dir
	cd "$subpkgdir"

	mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname || return 1
	mkdir -p "$subpkgdir"/etc/nginx/modules
	echo "load_module \"modules/$soname\";" > ./etc/nginx/modules/$name.conf
}

sha512sums="b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9  nginx-1.11.10.tar.gz
9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0  naxsi-0.55.3.tar.gz
c49c81dbdb8bd507fccf31295e603cea8f0a964867c27eff0436dcea3b4a547c8ae2f11ecf49c4d82c693cf8138c17ebbed395738539d0d61254951e5f0db7e3  ngx_cache_purge-2.3.0.1.tar.gz
fd305b859c868ef55171b05f64071a2836c12073bcd89d6197af4946a3d1177f77c6708d4d589d460c84967273dee87ca9de97ab0f0d47e6d65f86b465d70316  upstream-fair-0.1.1.tar.gz
2743d9aea60bd4984b650213e571cf27e6ff5b3db708242ccb53b8fc669d1cc82ee224ba79aee2f6969b6e13821cfdd3df7b412541e1fdbb867ecc95326e07e1  sysguard-2.2.0.tar.gz
1117ca5887822e002d9995c041435fda53890614fd7309ea011a59bfb0df3261fc7ba8670e93aaee9116cda16b9806921a85f52c9959b093f2e5ac5df4d9b0fb  anonymise.patch
cae9f842c3d1188730d4355440476ad2338b19c027c4b329efe88d4487e90d96bf60dea6feb4be6a6f96d4b356fc154345e32c2bb643d70f68e428df26330a49  ipv6.patch
2dca2ac74fb92e330fde7b6b6120b2fd2565c377a629c9536cf77beebe41aa4b092d4229d5b487b0fb02be4f2cc5b897c429c87bbbbc7b0d31e1cbb94231ddce  sysguard.patch
e0784764d509589a9626e20bd800787583573314293caf0ebc135bbfc50346f86847d4a93b91cb01d7b8f6e1b00285569ae8088e35ed9bc3ae8278cad3ba320e  nginx.initd
01b77cff16f6e8bfd7fa1d4d20f625bbcddd08f0509173452d060c342c93dc315a7b0560f4734323a5d29ea294de0491f2e3f32e5337574e1a28ebc005eceea8  nginx.logrotate
a1a1d9dbd65955b458d17918138fc65bf8990c46909ef43940b1633458c8f119eb485939179b6a9a3dac0c3b58c1eb0c5aec44e7b25ea7a34969c4a0807d4788  nginx.conf
9bd5145762a5040a6b5494d31f216d1db7c52921142275f26eed67aff746270526caad8e34eae65ec6390975ce603b35f6add05eb857f1670bf28ab5049b97d8  default.conf"