~alpine/aports

[alpine-aports] [PATCH] main/nginx: add all modules from testing/nginx-naxsi

Valery Kartel <valery.kartel@gmail.com>
Details
Message ID
<20170316133217.31383-1-valery.kartel@gmail.com>
Sender timestamp
1489671137
DKIM signature
missing
Download raw message
7 years ago
Patch: +212 -177 
- added modules: naxsi, cache_purge, upstream-fair, sysguard

- remade dynamic modules definition
- upgrade modules
    nchan to 1.1.2
    rtmp to 1.1.11
    naxsi to 0.55.3
- add checkconfig to init script
- cleaned and improved APKBUILD
---
 main/nginx/APKBUILD       | 329 ++++++++++++++++++++++------------------------
 main/nginx/naxsi.conf     |  22 ++++
 main/nginx/nginx.initd    |  28 ++--
 main/nginx/sysguard.patch |  10 ++
 4 files changed, 212 insertions(+), 177 deletions(-)
 create mode 100644 main/nginx/naxsi.conf
 create mode 100644 main/nginx/sysguard.patch

diff --git a/main/nginx/APKBUILD b/main/nginx/APKBUILD
index 8bacade21d..12ba6d77d2 100644
--- a/main/nginx/APKBUILD
+++ b/main/nginx/APKBUILD
@@ -2,103 +2,123 @@
# Contributor: Jeff Bilyk <jbilyk@gmail.com>
# Contributor: Bartłomiej Piotrowski <nospam@bpiotrowski.pl>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Contributor: Valery Kartel <valery.kartel@gmail.com>

pkgname=nginx
pkgver=1.10.3
pkgrel=0
pkgrel=1
pkgdesc="HTTP and reverse proxy server"
url="http://www.nginx.org/en"
arch="all"
options="!check"
license="custom"

# Modules
_devel_kit_name=ngx_devel_kit
_devel_kit_ver=0.3.0
_devel_kit_dir="$srcdir/$_devel_kit_name-$_devel_kit_ver"
_devel_kit_so="ndk_http_module.so"

_http_echo_name=echo-nginx-module
_http_echo_ver=0.60
_http_echo_dir="$srcdir/$_http_echo_name-$_http_echo_ver"

_http_fancyindex_name=ngx-fancyindex
_http_fancyindex_ver=0.4.1
_http_fancyindex_dir="$srcdir/$_http_fancyindex_name-$_http_fancyindex_ver"

_http_headers_more_name=headers-more-nginx-module
_http_headers_more_ver=0.32
_http_headers_more_dir="$srcdir/$_http_headers_more_name-$_http_headers_more_ver"
_http_headers_more_so="ngx_http_headers_more_filter_module.so"

_http_lua_name=lua-nginx-module
_http_lua_ver=0.10.7
_http_lua_dir="$srcdir/$_http_lua_name-$_http_lua_ver"
_http_lua_depends="$pkgname-mod-devel-kit"
_http_lua_provides="$pkgname-lua"  # for backward compatibility

_http_nchan_name=nchan
_http_nchan_ver=1.1.0
_http_nchan_dir="$srcdir/$_http_nchan_name-$_http_nchan_ver"
_http_nchan_so="ngx_nchan_module.so"

_http_upload_progress_name=nginx-upload-progress-module
_http_upload_progress_ver=0.9.2
_http_upload_progress_dir="$srcdir/$_http_upload_progress_name-$_http_upload_progress_ver"
_http_upload_progress_so="ngx_http_uploadprogress_module.so"

_rtmp_name=nginx-rtmp-module
_rtmp_ver=1.1.10
_rtmp_dir="$srcdir/$_rtmp_name-$_rtmp_ver"
_rtmp_provides="$pkgname-rtmp"  # for backward compatibility

depends=""
[ "$CARCH" = "s390x" ] && _lua_dep="lua5.1-dev" || _lua_dep="luajit-dev"
makedepends="linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev $_lua_dep
	libressl-dev paxmark pcre-dev perl-dev pkgconf zlib-dev"
pkgusers="nginx"
_grp_ngx="nginx"
_grp_www="www-data"
pkggroups="$_grp_ngx $_grp_www"
pkgusers="$pkgname"
pkggroups="$pkgname www-data"
install="$pkgname.pre-install $pkgname.post-upgrade"
subpackages="$pkgname-doc $pkgname-vim::noarch"
replaces="$pkgname-common $pkgname-initscripts $pkgname-lua $pkgname-rtmp"

# Modules with external sources
_dkmod=ngx_devel_kit
_dkver=0.3.0
_modsub="$_modsub devel-kit:ndk_http_module"
_modcfg="$_modcfg --add-dynamic-module=${_dksrc:=$srcdir/$_dkmod-$_dkver}"
_modsrc="$_modsrc $_dkmod-$_dkver.tar.gz::https://github.com/simpl/$_dkmod/archive/v$_dkver.tar.gz"

_ecmod=echo-nginx-module
_ecver=0.60
_modsub="$_modsub http-echo"
_modcfg="$_modcfg --add-dynamic-module=${_ecsrc:=$srcdir/$_ecmod-$_ecver}"
_modsrc="$_modsrc $_ecmod-$_ecver.tar.gz::https://github.com/openresty/$_ecmod/archive/v$_ecver.tar.gz"

_fimod=ngx-fancyindex
_fiver=0.4.1
_modsub="$_modsub http-fancyindex"
_modcfg="$_modcfg --add-dynamic-module=${_fisrc:=$srcdir/$_fimod-$_fiver}"
_modsrc="$_modsrc $_fimod-$_fiver.tar.gz::https://github.com/aperezdc/$_fimod/archive/v$_fiver.tar.gz"

_hmmod=headers-more-nginx-module
_hmver=0.32
_modsub="$_modsub http-headers-more:ngx_http_headers_more_filter_module"
_modcfg="$_modcfg --add-dynamic-module=${_hmsrc:=$srcdir/$_hmmod-$_hmver}"
_modsrc="$_modsrc $_hmmod-$_hmver.tar.gz::https://github.com/openresty/$_hmmod/archive/v$_hmver.tar.gz"

_lumod=lua-nginx-module
_luver=0.10.7
_modsub="$_modsub http-lua"
_modcfg="$_modcfg --add-dynamic-module=${_lusrc:=$srcdir/$_lumod-$_luver}"
_modsrc="$_modsrc $_lumod-$_luver.tar.gz::https://github.com/openresty/$_lumod/archive/v$_luver.tar.gz"
_http_lua_depends="$pkgname-mod-devel-kit"
_http_lua_provides="$pkgname-lua"	# for backward compatibility

_ncmod=nchan
_ncver=1.1.2
_modsub="$_modsub http-nchan:ngx_nchan_module"
_modcfg="$_modcfg --add-dynamic-module=${_ncsrc:=$srcdir/$_ncmod-$_ncver}"
_modsrc="$_modsrc $_ncmod-$_ncver.tar.gz::https://github.com/slact/$_ncmod/archive/v$_ncver.tar.gz"

_upmod=nginx-upload-progress-module
_upver=0.9.2
_modsub="$_modsub http-upload-progress:ngx_http_uploadprogress_module"
_modcfg="$_modcfg --add-dynamic-module=${_upsrc:=$srcdir/$_upmod-$_upver}"
_modsrc="$_modsrc $_upmod-$_upver.tar.gz::https://github.com/masterzen/$_upmod/archive/v$_upver.tar.gz"

_rtmod=nginx-rtmp-module
_rtver=1.1.11
_modsub="$_modsub rtmp"
_modcfg="$_modcfg --add-dynamic-module=${_rtsrc:=$srcdir/$_rtmod-$_rtver}"
_modsrc="$_modsrc $_rtmod-$_rtver.tar.gz::https://github.com/arut/$_rtmod/archive/v$_rtver.tar.gz"
_rtmp_provides="$pkgname-rtmp"		# for backward compatibility

_nxmod=naxsi
_nxver=0.55.3
_modsub="$_modsub http-naxsi"
_modcfg="$_modcfg --add-dynamic-module=${_nxsrc:=$srcdir/$_nxmod-$_nxver/naxsi_src}"
_modsrc="$_modsrc $_nxmod.conf $_nxmod-$_nxver.tar.gz::https://github.com/nbs-system/$_nxmod/archive/$_nxver.tar.gz"
_http_naxsi_conf="
	$srcdir/$_nxmod-$_nxver/naxsi_config/naxsi_core.rules:/etc/$pkgname/naxsi_core.rules
	$srcdir/$_nxmod.conf:/etc/$pkgname/conf.d/$_nxmod.conf
	"

_cpmod=ngx_cache_purge
_cpver=2.3.0.1
_modsub="$_modsub http-cache-purge"
_modcfg="$_modcfg --add-dynamic-module=${_cpsrc:=$srcdir/$_cpmod-$_cpver}"
_modsrc="$_modsrc $_cpmod-$_cpver.tar.gz::https://github.com/itoffshore/$_cpmod/archive/v$_cpver.tar.gz"

_ufmod=nginx-upstream-fair
_ufver=0.1.1
_modsub="$_modsub http-upstream-fair"
_modcfg="$_modcfg --add-dynamic-module=${_ufsrc:=$srcdir/$_ufmod-$_ufver}"
_modsrc="$_modsrc $_ufmod-$_ufver.tar.gz::https://github.com/itoffshore/$_ufmod/archive/v$_ufver.tar.gz"

_sgmod=tengine-http-sysguard
_sgver=2.2.0
_modsub="$_modsub http-sysguard"
_modcfg="$_modcfg --add-dynamic-module=${_sgsrc:=$srcdir/$_sgmod-$_sgver}"
_modsrc="$_modsrc $_sgmod-$_sgver.tar.gz::https://github.com/itoffshore/$_sgmod/archive/v$_sgver.tar.gz"

source="http://nginx.org/download/$pkgname-$pkgver.tar.gz
	$_devel_kit_name-$_devel_kit_ver.tar.gz::https://github.com/simpl/$_devel_kit_name/archive/v$_devel_kit_ver.tar.gz
	$_http_echo_name-$_http_echo_ver.tar.gz::https://github.com/openresty/$_http_echo_name/archive/v$_http_echo_ver.tar.gz
	$_http_fancyindex_name-$_http_fancyindex_ver.tar.gz::https://github.com/aperezdc/$_http_fancyindex_name/archive/v$_http_fancyindex_ver.tar.gz
	$_http_headers_more_name-$_http_headers_more_ver.tar.gz::https://github.com/openresty/$_http_headers_more_name/archive/v$_http_headers_more_ver.tar.gz
	$_http_lua_name-$_http_lua_ver.tar.gz::https://github.com/openresty/$_http_lua_name/archive/v$_http_lua_ver.tar.gz
	$_http_nchan_name-$_http_nchan_ver.tar.gz::https://github.com/slact/$_http_nchan_name/archive/v$_http_nchan_ver.tar.gz
	$_http_upload_progress_name-$_http_upload_progress_ver.tar.gz::https://github.com/masterzen/$_http_upload_progress_name/archive/v$_http_upload_progress_ver.tar.gz
	$_rtmp_name-$_rtmp_ver.tar.gz::https://github.com/arut/$_rtmp_name/archive/v$_rtmp_ver.tar.gz
	nginx.conf
	default.conf
	$pkgname.logrotate
	$pkgname.initd
	sysguard.patch
	ipv6.patch
	$_modsrc
	"
builddir="$srcdir/$pkgname-$pkgver"

_modules_dir="usr/lib/$pkgname/modules"
_modules="
	http-geoip
	http-image-filter
	http-perl
	http-xslt-filter
	mail
	stream
	devel-kit
	http-echo
	http-fancyindex
	http-headers-more
	http-lua
	http-nchan
	http-upload-progress
	rtmp"
for _m in $_modules; do
	subpackages="$subpackages $pkgname-mod-$_m:_module"
_module_dir=/usr/lib/$pkgname
_module_conf=/etc/$pkgname/modules
for _module in http-geoip http-image-filter http-perl http-xslt-filter mail stream $_modsub; do
	_modvar=${_module//-/_}
	[ -z "${_module##*:*}" ] && eval _so_${_modvar%:*}=${_module#*:}
	subpackages="$subpackages $pkgname-mod-${_module%:*}:_module"
done

builddir="$srcdir/$pkgname-$pkgver"

build() {
	cd "$builddir"
@@ -108,7 +128,7 @@ build() {
	./configure \
		--prefix=/var/lib/$pkgname \
		--sbin-path=/usr/sbin/$pkgname \
		--modules-path=/$_modules_dir \
		--modules-path=/$_module_dir \
		--conf-path=/etc/$pkgname/$pkgname.conf \
		--pid-path=/run/$pkgname/$pkgname.pid \
		--lock-path=/run/$pkgname/$pkgname.lock \
@@ -119,8 +139,8 @@ build() {
		--http-scgi-temp-path=/var/lib/$pkgname/tmp/scgi \
		--with-perl_modules_path=/usr/lib/perl5/vendor_perl \
		\
		--user=$pkgusers \
		--group=$_grp_ngx \
		--user=$pkgname \
		--group=$pkgname \
		--with-threads \
		--with-file-aio \
		--with-ipv6 \
@@ -149,131 +169,102 @@ build() {
		--with-mail_ssl_module \
		--with-stream=dynamic \
		--with-stream_ssl_module \
		\
		--add-dynamic-module="$_devel_kit_dir" \
		--add-dynamic-module="$_http_echo_dir" \
		--add-dynamic-module="$_http_fancyindex_dir" \
		--add-dynamic-module="$_http_headers_more_dir" \
		--add-dynamic-module="$_http_lua_dir" \
		--add-dynamic-module="$_http_nchan_dir" \
		--add-dynamic-module="$_http_upload_progress_dir" \
		--add-dynamic-module="$_rtmp_dir" \
		|| return 1

	make || return 1
		$_modcfg || return 1
	make
}

package() {
	cd "$builddir"

	make DESTDIR="$pkgdir" install || return 1
	make -C "$builddir" DESTDIR="$pkgdir" install || return 1

	# Disable some PaX protections; this is needed for Lua module.
	local paxflags="-m"
	[ "$CARCH" = "x86" ] && paxflags="-msp"
	paxmark $paxflags "$pkgdir"/usr/sbin/nginx || return 1

	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
	install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README

	install -Dm644 objs/$pkgname.8 \
	install -Dm644 "$builddir"/LICENSE \
		"$pkgdir"/usr/share/licenses/$pkgname/LICENSE || return 1
	install -Dm644 "$builddir"/README \
		"$pkgdir"/usr/share/doc/$pkgname/README || return 1
	install -Dm644 "$builddir"/objs/$pkgname.8 \
		"$pkgdir"/usr/share/man/man8/$pkgname.8 || return 1

	cp -r "$_devel_kit_dir"/docs \
		"$pkgdir"/usr/share/doc/$pkgname/$_devel_kit_name || return 1
	cp -r "$_http_lua_dir"/doc \
		"$pkgdir"/usr/share/doc/$pkgname/$_http_lua_name || return 1
	cp -r "$_rtmp_dir"/doc \
		"$pkgdir"/usr/share/doc/$pkgname/$_rtmp_name || return 1
	cp -r "$_dksrc"/docs \
		"$pkgdir"/usr/share/doc/$pkgname/$_dkmod || return 1
	cp -r "$_lusrc"/doc \
		"$pkgdir"/usr/share/doc/$pkgname/$_lumod || return 1
	cp -r "$_rtsrc"/doc \
		"$pkgdir"/usr/share/doc/$pkgname/$_rtmod || return 1

	cd "$pkgdir"
	mkdir -p "$pkgdir"/var/log \
		"$pkgdir"/$_module_conf || return 1

	install -Dm644 "$srcdir"/nginx.conf ./etc/$pkgname/nginx.conf
	install -Dm644 "$srcdir"/default.conf ./etc/$pkgname/conf.d/default.conf
	install -Dm755 "$srcdir"/$pkgname.initd ./etc/init.d/$pkgname
	install -Dm644 "$srcdir"/$pkgname.logrotate ./etc/logrotate.d/$pkgname
	install -Dm644 "$srcdir"/nginx.conf "$pkgdir"/etc/$pkgname/nginx.conf
	install -Dm644 "$srcdir"/default.conf \
		"$pkgdir"/etc/$pkgname/conf.d/default.conf || return 1
	install -Dm755 "$srcdir"/$pkgname.initd \
		"$pkgdir"/etc/init.d/$pkgname || return 1
	install -Dm644 "$srcdir"/$pkgname.logrotate \
		"$pkgdir"/etc/logrotate.d/$pkgname || return 1

	install -dm755 ./etc/$pkgname/modules
	install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname
	install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname/tmp
	install -dm755 -g $_grp_www ./var/www/localhost/htdocs
	install -dm750 -o $pkgname -g $pkgname "$pkgdir"/var/lib/$pkgname || return 1
	install -dm700 -o $pkgname -g $pkgname "$pkgdir"/var/lib/$pkgname/tmp || return 1
	install -dm755 -g www-data "$pkgdir"/var/www/localhost/htdocs || return 1

	install -dm755 ./var/log
	mv ./var/lib/$pkgname/logs ./var/log/$pkgname || return 1
	mv "$pkgdir"/var/lib/$pkgname/logs \
		"$pkgdir"/var/log/$pkgname || return 1

	ln -sf /$_modules_dir ./var/lib/$pkgname/modules
	ln -sf /var/log/$pkgname ./var/lib/$pkgname/logs
	ln -sf /run/$pkgname ./var/lib/$pkgname/run
	ln -sf $_module_dir "$pkgdir"/var/lib/$pkgname/modules
	ln -sf /var/log/$pkgname "$pkgdir"/var/lib/$pkgname/logs
	ln -sf /run/$pkgname "$pkgdir"/var/lib/$pkgname/run

	rm -rf ./run ./etc/$pkgname/*.default
	rm -rf "$pkgdir"/run "$pkgdir"/etc/$pkgname/*.default
}

vim() {
	pkgdesc="$pkgdesc (vim syntax)"
	depends=

	mkdir -p "$subpkgdir"/usr/share/vim
	cp -r "$builddir"/contrib/vim "$subpkgdir"/usr/share/vim/vimfiles
	mkdir -p "$subpkgdir"/usr/share || return 1
	cp -r "$builddir"/contrib/vim "$subpkgdir"/usr/share/vim
}

_module() {
	local name="${subpkgname#$pkgname-mod-}"
	name="${name//-/_}"
	local soname="$(eval "echo \$_${name}_so")";
	soname="${soname:-"ngx_${name}_module.so"}"

	local name=${subpkgname#$pkgname-mod-}
	name=${name//-/_}
	local soname=$(eval echo \$_so_$name)
	soname="${soname:-ngx_${name}_module}.so"
	pkgdesc="$pkgdesc (module $name)"
	depends="$pkgname $(eval "echo \$_${name}_depends")"
	provides="$(eval "echo \$_${name}_provides")"
	depends="$pkgname $(eval echo \$_${name}_depends)"
	provides="$(eval echo \$_${name}_provides)"

	mkdir -p "$subpkgdir"/$_modules_dir
	cd "$subpkgdir"
	mkdir -p "$subpkgdir"/$_module_dir \
		"$subpkgdir"/$_module_conf || return 1

	mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname || return 1
	mv "$pkgdir"/$_module_dir/$soname \
		"$subpkgdir"/$_module_dir/$soname || return 1
	echo "load_module \"modules/$soname\";" > "$subpkgdir"/$_module_conf/$name.conf

	mkdir -p "$subpkgdir"/etc/nginx/modules
	echo "load_module \"modules/$soname\";" > ./etc/nginx/modules/$name.conf
	local conf;
	for conf in $(eval echo \$_${name}_conf); do
		install -Dm644 ${conf%:*} "$subpkgdir"/${conf#*:}
	done
}

md5sums="204a20cb4f0b0c9db746c630d89ff4ea  nginx-1.10.3.tar.gz
76c503918c003fcc55005b7688f47add  ngx_devel_kit-0.3.0.tar.gz
897338c2c4bc44f2d56ae06ab9820372  echo-nginx-module-0.60.tar.gz
e1dd79f0ec82415bbf8a1cb938988955  ngx-fancyindex-0.4.1.tar.gz
5ce112f12afe155749e2c504997861f7  headers-more-nginx-module-0.32.tar.gz
6eb0161f495bb996af6bbb58f3cef764  lua-nginx-module-0.10.7.tar.gz
fbe5a95878ff4365435fd3223256f830  nchan-1.1.0.tar.gz
7c1a399d36a75bcfa874d98b5462fc09  nginx-upload-progress-module-0.9.2.tar.gz
2e82501ed423a901ab64bfe2228a0666  nginx-rtmp-module-1.1.10.tar.gz
256145c0f70d1d1d3b99f854553d48f0  nginx.conf
c4759cd2812220ab542317f54fbbe755  default.conf
db194cf3c6c4be12c70c757e0c9ad995  nginx.logrotate
16dcac0d7a2b406807d3377841d9b480  nginx.initd
801a87f7f9d27f8ad85b41a78b4c4461  ipv6.patch"
sha256sums="75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90  nginx-1.10.3.tar.gz
88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619  ngx_devel_kit-0.3.0.tar.gz
1077da2229ac7d0a0215e9e6817e297c10697e095010d88f1adbd1add1ce9f4e  echo-nginx-module-0.60.tar.gz
2b00d8e0ad2a67152a9cee7b7ee67990c742d501412df912baaf1eee9bb6dc71  ngx-fancyindex-0.4.1.tar.gz
c6d9dab8ea1fc997031007e2e8f47cced01417e203cd88d53a9fe9f6ae138720  headers-more-nginx-module-0.32.tar.gz
c21c8937dcdd6fc2b6a955f929e3f4d1388610f47180e60126e6dcab06786f77  lua-nginx-module-0.10.7.tar.gz
5781349bb460cf96d43e835a7ad3109724fba9ccefdbd967552538edee79c722  nchan-1.1.0.tar.gz
b286689355442657650421d8e8398bd4abf9dbbaade65947bb0cb74a349cc497  nginx-upload-progress-module-0.9.2.tar.gz
f9491dd24390b0d5d70dfe3553edf3d14efeb7c7a81b4d4a20c5cfeaefc1141c  nginx-rtmp-module-1.1.10.tar.gz
df873f301f947192c854994bb0e1bac46f73a5d3cf91df997f1b6a8ed26b5724  nginx.conf
f53fd49af9b4bc308653abb85d9989879ce1fb48e43c508f5f45c84f74513865  default.conf
b063611c6cb2d33bd43c4b17bf4135dda25f209bb77e4e66d1b156cffc37fbe6  nginx.logrotate
3d8a90d2f75b7f24c4d74722b5b3ac11d85f416c2d7641b4280d7c126bfe8395  nginx.initd
a24ef5843ae0afa538b00c37eb7da7870f9d7f146f52a9668678f7296cf71d9b  ipv6.patch"
sha512sums="25cddbe5c419700aeca41bff3be5b7c3accfb38ad846ec8d91d81ab7c15f10db719f02d9263edf1fa12f59805ff7001b62864dc2885370b24afeea1d7d2afbbf  nginx-1.10.3.tar.gz
ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41  nginx.conf
0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3  default.conf
09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb  nginx.logrotate
e325d30d431a45801c4072f87f7bce27765e96de27c8f7821b5b0ce0716e1a8657435c93a2e9174c4b8d353fb468e65a8bc20119525e04d3d46ae5ff08cb6f5d  nginx.initd
2dca2ac74fb92e330fde7b6b6120b2fd2565c377a629c9536cf77beebe41aa4b092d4229d5b487b0fb02be4f2cc5b897c429c87bbbbc7b0d31e1cbb94231ddce  sysguard.patch
68d64a84568ec2df0366925ab282a05ebe21a85044b6c7844a47573cfd8cc8ed119cc772358bc3fff36e2d4fdf583a730592825f5f98632993ca86d1f8438d5f  ipv6.patch
558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614  ngx_devel_kit-0.3.0.tar.gz
c455bee73cebd0752449472452d15614b9587ddd199263d366484ede890c4d108eacbbeaef31adc9dc7732b56ef2bfc73c0fef3366366db03a8ec3fdc27a985c  echo-nginx-module-0.60.tar.gz
ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1  ngx-fancyindex-0.4.1.tar.gz
e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1  headers-more-nginx-module-0.32.tar.gz
d060a13de4d01d77e6d6cd1635ecbb405330e4326b71b89341c1c128ee4182978a51d53355bc07c350e3c3a7df15325e3df380d9c3a98b2ff7d7efa18fa09b32  lua-nginx-module-0.10.7.tar.gz
bb3a9aec5e4c9f1c376126b4b07c2e5c6cddae3659a9218bd7b0dcaa5b0e1772036eea2c7e45bbb46f61a3a9090f0092fc93e91dbb57fc5b4e65eef6ba14fc23  nchan-1.1.0.tar.gz
14af65d57325afa961bc6606f2c938acff0206914248b8ca810293113fdab859c1db9c9abce9263b9da5c2371b299770682d9ec49fbf7a356da9fbfb3e15c3c7  nchan-1.1.2.tar.gz
c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c  nginx-upload-progress-module-0.9.2.tar.gz
bcc0aee3308af7c61bf01a5530fcf1dae938e6778306f6e3eb5995e6d0529f43d33b7ee2acb813d5a39acc92e4853d207a01e8e41b766a6e0dd07aade60cd98f  nginx-rtmp-module-1.1.10.tar.gz
ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41  nginx.conf
0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3  default.conf
09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb  nginx.logrotate
1ea032cf88021ec8aa1401d284ea738364511cdb9f8c01670deb8e59aae570f5bbe17f0cbab73c0e08d6b342a621b6a9c014832168ed41f6028ecfa4211b60cf  nginx.initd
68d64a84568ec2df0366925ab282a05ebe21a85044b6c7844a47573cfd8cc8ed119cc772358bc3fff36e2d4fdf583a730592825f5f98632993ca86d1f8438d5f  ipv6.patch"
e7c897265d1e93b06f7e46a653b113e24d2451e2112a7a6da415f130928437444a0346832fd9c10042397fea6120e4e44acc2bccf649ec30ca5bffbf985672e2  nginx-rtmp-module-1.1.11.tar.gz
782acd93750684ec0ef839f152693d7258ec34f5f6929f08155343f94efc4199104f2fc3e86553f61941f287d65b9f9b802f1f2527ee5814380a0fc886c99f6f  naxsi.conf
9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0  naxsi-0.55.3.tar.gz
c49c81dbdb8bd507fccf31295e603cea8f0a964867c27eff0436dcea3b4a547c8ae2f11ecf49c4d82c693cf8138c17ebbed395738539d0d61254951e5f0db7e3  ngx_cache_purge-2.3.0.1.tar.gz
fd305b859c868ef55171b05f64071a2836c12073bcd89d6197af4946a3d1177f77c6708d4d589d460c84967273dee87ca9de97ab0f0d47e6d65f86b465d70316  nginx-upstream-fair-0.1.1.tar.gz
2743d9aea60bd4984b650213e571cf27e6ff5b3db708242ccb53b8fc669d1cc82ee224ba79aee2f6969b6e13821cfdd3df7b412541e1fdbb867ecc95326e07e1  tengine-http-sysguard-2.2.0.tar.gz"
diff --git a/main/nginx/naxsi.conf b/main/nginx/naxsi.conf
new file mode 100644
index 0000000000..d719480841
--- /dev/null
+++ b/main/nginx/naxsi.conf
@@ -0,0 +1,22 @@
include /etc/nginx/naxsi_core.rules;

server {
	listen 4242;
	server_name localhost;
	location / {
		LearningMode;
		SecRulesEnabled;
		DeniedUrl "/50x.html";
		CheckRule "$SQL >= 8" BLOCK;
		CheckRule "$RFI >= 8" BLOCK;
		CheckRule "$TRAVERSAL >= 4" BLOCK;
		CheckRule "$EVADE >= 4" BLOCK;
		CheckRule "$XSS >= 8" BLOCK;
		error_log /var/log/nginx/naxsi_error.log debug;
		access_log /var/log/nginx/naxsi_access.log;
	}
	error_page 500 502 503 504 /50x.html;
	#location = /50x.html {
	#	root html;
	#}
}
diff --git a/main/nginx/nginx.initd b/main/nginx/nginx.initd
index 992d5fd5b9..d01874e4f4 100644
--- a/main/nginx/nginx.initd
+++ b/main/nginx/nginx.initd
@@ -1,9 +1,15 @@
#!/sbin/openrc-run

description="Nginx http and reverse proxy server"
description_checkconfig="Verify configuration"
description_upgrade="Upgrade running binary"
description_reload="Reload configuration"
description_reopen="Reopen log files"

extra_commands="checkconfig"
extra_started_commands="reload reopen upgrade"

cfgfile=${cfgfile:-/etc/nginx/nginx.conf}
cfgfile=${NGINX_CONFIG:-/etc/nginx/nginx.conf}
pidfile=/run/nginx/nginx.pid
command=/usr/sbin/nginx
command_args="-c $cfgfile"
@@ -14,29 +20,35 @@ depend() {
	use dns logger netmount
}

checkconfig() {
	ebegin "Checking $RC_SVCNAME config"
	$command $command_args -t
	eend $?
}

start_pre() {
	ebegin
	checkpath --directory --owner nginx:nginx ${pidfile%/*}
	$command $command_args -t -q
	checkpath -d -o ${NGINX_OWNER:-nginx:nginx} ${pidfile%/*}
	checkconfig >/dev/null 2>&1
	eend $?
}

reload() {
	ebegin "Reloading ${SVCNAME} configuration"
	start_pre && start-stop-daemon --signal HUP --pidfile $pidfile
	ebegin "Reloading $RC_SVCNAME configuration"
	checkconfig >/dev/null 2>&1 && start-stop-daemon --signal HUP --pidfile $pidfile
	eend $?
}

reopen() {
	ebegin "Reopening ${SVCNAME} log files"
	ebegin "Reopening $RC_SVCNAME log files"
	start-stop-daemon --signal USR1 --pidfile $pidfile
	eend $?
}

upgrade() {
	start_pre || return 1
	checkconfig || return $?

	ebegin "Upgrading ${SVCNAME} binary"
	ebegin "Upgrading $RC_SVCNAME binary"

	einfo "Sending USR2 to old binary"
	start-stop-daemon --signal USR2 --pidfile $pidfile
diff --git a/main/nginx/sysguard.patch b/main/nginx/sysguard.patch
new file mode 100644
index 0000000000..be8b0d2ee4
--- /dev/null
+++ b/main/nginx/sysguard.patch
@@ -0,0 +1,10 @@
--- a/src/http/ngx_http_request.h
+++ b/src/http/ngx_http_request.h
@@ -498,6 +498,7 @@
      */
     unsigned                          limit_conn_set:1;
     unsigned                          limit_req_set:1;
+    unsigned                          sysguard_set:1;
 
 #if 0
     unsigned                          cacheable:1;
-- 
2.11.1



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)