# Maintainer: Stuart Cardall # Contributor: Cameron Banta # Contributor: Jeff Bilyk # Contributor: Bartłomiej Piotrowski pkgname=nginx-naxsi _pkgname=nginx pkgver=1.11.9 pkgrel=0 pkgdesc="Lightweight HTTP and reverse proxy server with Naxsi WAF support, see also 'nxapi'" url="http://www.nginx.org | https://github.com/nbs-system/naxsi" arch="all" license="custom" # Modules _ngx_naxsi_name=naxsi _ngx_naxsi_ver=0.55.1 _ngx_naxsi_dir="$srcdir/$_ngx_naxsi_name-$_ngx_naxsi_ver/naxsi_src" _ngx_cache_purge_name=ngx_cache_purge _ngx_cache_purge_ver=2.3.0.1 _ngx_cache_purge_dir="$srcdir/$_ngx_cache_purge_name-$_ngx_cache_purge_ver" _ngx_upstream_fair_name=nginx-upstream-fair _ngx_upstream_fair_ver=0.1.1 _ngx_upstream_fair_dir="$srcdir/$_ngx_upstream_fair_name-$_ngx_upstream_fair_ver" _ngx_http_sysguard_name=tengine-http-sysguard _ngx_http_sysguard_ver=2.2.0 _ngx_http_sysguard_dir="$srcdir/$_ngx_http_sysguard_name-$_ngx_http_sysguard_ver" depends="!nginx" makedepends="linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev libressl-dev pcre-dev perl-dev pkgconf zlib-dev" pkgusers="nginx" _grp_ngx="nginx" _grp_www="www-data" pkggroups="$_grp_ngx $_grp_www" install="$pkgname.pre-install $pkgname.pre-upgrade" subpackages="$pkgname-doc" source="http://nginx.org/download/$_pkgname-$pkgver.tar.gz naxsi-$_ngx_naxsi_ver.tar.gz::https://github.com/nbs-system/$_ngx_naxsi_name/archive/$_ngx_naxsi_ver.tar.gz ngx_cache_purge-$_ngx_cache_purge_ver.tar.gz::https://github.com/itoffshore/$_ngx_cache_purge_name/archive/v$_ngx_cache_purge_ver.tar.gz upstream-fair-$_ngx_upstream_fair_ver.tar.gz::https://github.com/itoffshore/$_ngx_upstream_fair_name/archive/v$_ngx_upstream_fair_ver.tar.gz sysguard-$_ngx_http_sysguard_ver.tar.gz::https://github.com/itoffshore/$_ngx_http_sysguard_name/archive/v$_ngx_http_sysguard_ver.tar.gz anonymise.patch ipv6.patch sysguard.patch nginx.initd nginx.logrotate " builddir="$srcdir"/$_pkgname-$pkgver _modules_dir="usr/lib/nginx/modules" _modules=" http-geoip http-image-filter http-perl http-xslt-filter mail stream http-naxsi http-cache-purge http-upstream-fair http-sysguard " for _m in $_modules; do subpackages="$subpackages $pkgname-mod-$_m:_module" done build() { cd "$builddir" ./configure \ --prefix=/var/lib/$_pkgname \ --sbin-path=/usr/sbin/$_pkgname \ --modules-path=/$_modules_dir \ --conf-path=/etc/$_pkgname/$_pkgname.conf \ --pid-path=/run/$_pkgname/$_pkgname.pid \ --lock-path=/run/$_pkgname/$_pkgname.lock \ --error-log-path=/var/log/$_pkgname/error.log \ --http-log-path=/var/log/$_pkgname/access.log \ --http-client-body-temp-path=/var/lib/$_pkgname/tmp/client_body \ --http-proxy-temp-path=/var/lib/$_pkgname/tmp/proxy \ --http-fastcgi-temp-path=/var/lib/$_pkgname/tmp/fastcgi \ --with-perl_modules_path=/usr/lib/perl5/vendor_perl \ \ --user=$pkgusers \ --group=$_grp_ngx \ --with-threads \ --with-file-aio \ --without-http_uwsgi_module \ --without-http_scgi_module \ \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_realip_module \ --with-http_addition_module \ --with-http_sub_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_auth_request_module \ --with-http_random_index_module \ --with-http_secure_link_module \ --with-http_slice_module \ --with-http_stub_status_module \ --with-http_realip_module \ --with-http_xslt_module=dynamic \ --with-http_image_filter_module=dynamic \ --with-http_geoip_module=dynamic \ --with-http_perl_module=dynamic \ --with-mail=dynamic \ --with-mail_ssl_module \ --with-stream=dynamic \ --with-stream_ssl_module \ \ --add-dynamic-module="$_ngx_naxsi_dir" \ --add-dynamic-module="$_ngx_cache_purge_dir" \ --add-dynamic-module="$_ngx_upstream_fair_dir" \ --add-dynamic-module="$_ngx_http_sysguard_dir" \ || return 1 make || return 1 } package() { cd "$builddir" make DESTDIR="$pkgdir" install install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README cd "$pkgdir" install -Dm644 "$srcdir"/nginx.conf ./etc/$_pkgname/nginx.conf install -Dm644 "$srcdir"/default.conf ./etc/$_pkgname/conf.d/default.conf install -m755 -D "$srcdir"/$_pkgname.initd ./etc/init.d/$_pkgname install -m644 -D "$srcdir"/$_pkgname.logrotate ./etc/logrotate.d/$_pkgname install -m644 -D "$srcdir"/naxsi-$_ngx_naxsi_ver/naxsi_config/naxsi_core.rules ./etc/nginx/naxsi_core.rules install -dm755 ./etc/$_pkgname/modules install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname/tmp ln -sf /$_modules_dir ./var/lib/$_pkgname/modules ln -sf /var/log/$_pkgname ./var/lib/$_pkgname/logs ln -sf /run/$_pkgname ./var/lib/$_pkgname/run rm -rf ./run ./etc/$_pkgname/*.default } _module() { local name="${subpkgname#$pkgname-mod-}" name="${name//-/_}" soname="ngx_${name}_module.so" pkgdesc="$pkgdesc (module $name)" depends="!nginx-mod-$name" provides="$name" mkdir -p "$subpkgdir"/$_modules_dir cd "$subpkgdir" mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname || return 1 mkdir -p "$subpkgdir"/etc/nginx/modules echo "load_module \"modules/$soname\";" > ./etc/nginx/modules/$name.conf } md5sums="7aeca793819c2b8df134c0b1cfe98361 nginx-1.11.9.tar.gz b894ea5327a3d102a56aeddb79d2e047 naxsi-0.55.1.tar.gz dedef1e47a26500993a88c96112d5d0f ngx_cache_purge-2.3.0.1.tar.gz 233861df4dc0872f727fc4c7e5c72dca upstream-fair-0.1.1.tar.gz 3a72f075bb114f1a97976c088a81c7f7 sysguard-2.2.0.tar.gz 31d29937da95b31714faa399aeb07407 anonymise.patch f478d8391dafa32a8b0b3a9f21d7a080 ipv6.patch 50357b75049d878c0bcce10d0c60f9ed sysguard.patch 2e56b3f21f19aecc5500c9efc9222782 nginx.initd 8823274a834332d3db4f62bf7dd1fb7d nginx.logrotate" sha256sums="dc22b71f16b551705930544dc042f1ad1af2f9715f565187ec22c7a4b2625748 nginx-1.11.9.tar.gz 45dd0df7a6b0b6aa9c64eb8c39a8e294d659d87fb18e192cf58f1402f3cdb0a8 naxsi-0.55.1.tar.gz 5da9360cd805a432ea7a08832ec3dd3a5d9f1574f71b3acdd53210610aee94e5 ngx_cache_purge-2.3.0.1.tar.gz e8aec578f03259c6f457575360f70d57aea385a1864562b0ba6e57d6a75d52c7 upstream-fair-0.1.1.tar.gz 6051eb52361d602011b4c7e88b63384bcc8ebc4b004bd4b12eec3e5dce953f1d sysguard-2.2.0.tar.gz 28adf3605875197d5822fa382f5fd3c9c80f7d3a561e904fee223fa051f98810 anonymise.patch 4a1a24a92657432012f08c52e8099c7abae390c9c4cb76483cacd012e26a57ac ipv6.patch 18090329435c32d91621a5943acc5b8bbe89aaa3c2fa334c3a4cdeb00efb6226 sysguard.patch decb084e29b584fb54b57a199f5a480dd77a4c1b3ef3da515c2eb76bd32172c5 nginx.initd cea0c6f8de55a4c3a3eccc57910de1c3116634082c8e5b660630fb927a29f38d nginx.logrotate" sha512sums="95247d5db3e23a0ea22686cc3fe4295f8854948a6f168a783082fdbb2acbecdad61cd9c8cadd84c1f74c1e87becdca8d6664622ff9cebc72687f20b29cc09fd0 nginx-1.11.9.tar.gz aebda20e5b78e9111b7bac1e15829258e6b85b80e4ce333e4dba8caead36287b3f0fcb453c51d7c59f07d637fa62f5c6b23aecd3bf6a3c3da4abebf1a6689f14 naxsi-0.55.1.tar.gz c49c81dbdb8bd507fccf31295e603cea8f0a964867c27eff0436dcea3b4a547c8ae2f11ecf49c4d82c693cf8138c17ebbed395738539d0d61254951e5f0db7e3 ngx_cache_purge-2.3.0.1.tar.gz fd305b859c868ef55171b05f64071a2836c12073bcd89d6197af4946a3d1177f77c6708d4d589d460c84967273dee87ca9de97ab0f0d47e6d65f86b465d70316 upstream-fair-0.1.1.tar.gz 2743d9aea60bd4984b650213e571cf27e6ff5b3db708242ccb53b8fc669d1cc82ee224ba79aee2f6969b6e13821cfdd3df7b412541e1fdbb867ecc95326e07e1 sysguard-2.2.0.tar.gz f8e46dafcf553edd35699dc2a47a54756e0a4c690fc13f81436ad9db1026739ba331ad99d3d05d8a7c089a5c067bf45f4aca3a98fdd9483b7b0123a837e695be anonymise.patch cae9f842c3d1188730d4355440476ad2338b19c027c4b329efe88d4487e90d96bf60dea6feb4be6a6f96d4b356fc154345e32c2bb643d70f68e428df26330a49 ipv6.patch 2dca2ac74fb92e330fde7b6b6120b2fd2565c377a629c9536cf77beebe41aa4b092d4229d5b487b0fb02be4f2cc5b897c429c87bbbbc7b0d31e1cbb94231ddce sysguard.patch 6c27d605536a31159b65776098926ede0b5045210b190e803681a10c06a10556283d873e772fd635642b18846549ec3a18989ca9fe6466f120ce9e1327dcacd5 nginx.initd 01b77cff16f6e8bfd7fa1d4d20f625bbcddd08f0509173452d060c342c93dc315a7b0560f4734323a5d29ea294de0491f2e3f32e5337574e1a28ebc005eceea8 nginx.logrotate"