# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 # XXX: Maintainer notes: # - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite # - any http-module activates the main http-functionality and overrides USE=-http # - keep the following 3 requirements in mind before adding external modules: # * alive upstream # * sane packaging # * builds cleanly # TODO: # - test the google-perftools module (included in vanilla tarball) # - patch NginX to support module_path instead of `$prefix/modules` as module search path at runtime (?) # - install nginx sources to /usr/src/ # - split 3party modules supporting being dynamic to www-nginx/ # prevent perl-module from adding automagic perl DEPENDs GENTOO_DEPEND_ON_PERL="no" USE_RUBY="ruby27 ruby30 ruby31 ruby32 ruby33" LUA_COMPAT=( luajit ) RUBY_OPTIONAL="yes" # ngx_brotli (https://github.com/google/ngx_brotli/tags, BSD-2) HTTP_BROTLI_MODULE_A="google" HTTP_BROTLI_MODULE_PN="ngx_brotli" HTTP_BROTLI_MODULE_PV="1.0.0rc" HTTP_BROTLI_MODULE_SHA="a71f9312c2deb28875acc7bacfdd5695a111aa53" HTTP_BROTLI_MODULE_P="${HTTP_BROTLI_MODULE_PN}-${HTTP_BROTLI_MODULE_SHA:-${HTTP_BROTLI_MODULE_PV}}" HTTP_BROTLI_MODULE_URI="https://github.com/${HTTP_BROTLI_MODULE_A}/${HTTP_BROTLI_MODULE_PN}/archive/${HTTP_BROTLI_MODULE_SHA:-v${HTTP_BROTLI_MODULE_PV}}.tar.gz" HTTP_BROTLI_MODULE_WD="${WORKDIR}/${HTTP_BROTLI_MODULE_P}" # http_vhost_traffic_status (https://github.com/vozlt/nginx-module-vts/tags, BSD license) HTTP_VHOST_TRAFFIC_STATUS_MODULE_A="vozlt" HTTP_VHOST_TRAFFIC_STATUS_MODULE_PN="nginx-module-vts" #HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV="v0.1.19" HTTP_VHOST_TRAFFIC_STATUS_MODULE_SHA="a98a4b86a274bddad47021e8b5223264fd1cdca3" HTTP_VHOST_TRAFFIC_STATUS_MODULE_P="${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PN}-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_SHA:-${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}}" HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI="https://github.com/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_A}/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PN}/archive/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_SHA:-v${HTTP_VHOST_TRAFFIC_STATUS_MODULE_PV}}.tar.gz" HTTP_VHOST_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}" # http_vhost_traffic_status (https://github.com/vozlt/nginx-module-sts/tags, BSD license) STREAM_TRAFFIC_STATUS_MODULE_A="vozlt" STREAM_TRAFFIC_STATUS_MODULE_PN="nginx-module-sts" #STREAM_TRAFFIC_STATUS_MODULE_PV="v0.1.2" STREAM_TRAFFIC_STATUS_MODULE_SHA="3c10d42f8c3f78b6310906eab5c8e066ee753330" STREAM_TRAFFIC_STATUS_MODULE_P="${STREAM_TRAFFIC_STATUS_MODULE_PN}-${STREAM_TRAFFIC_STATUS_MODULE_SHA:-${STREAM_TRAFFIC_STATUS_MODULE_PV}}" STREAM_TRAFFIC_STATUS_MODULE_URI="https://github.com/${STREAM_TRAFFIC_STATUS_MODULE_A}/${STREAM_TRAFFIC_STATUS_MODULE_PN}/archive/${STREAM_TRAFFIC_STATUS_MODULE_SHA:-v${STREAM_TRAFFIC_STATUS_MODULE_PV}}.tar.gz" STREAM_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/${STREAM_TRAFFIC_STATUS_MODULE_P}" # http_vhost_traffic_status (https://github.com/vozlt/nginx-module-stream-sts/tags, BSD license) CORE_STREAM_TRAFFIC_STATUS_MODULE_A="vozlt" CORE_STREAM_TRAFFIC_STATUS_MODULE_PN="nginx-module-stream-sts" # CORE_STREAM_TRAFFIC_STATUS_MODULE_PV="0.1.1" CORE_STREAM_TRAFFIC_STATUS_MODULE_SHA="a60cd2fc2bdd689b8b4e12abcf71f7cf5018424a" CORE_STREAM_TRAFFIC_STATUS_MODULE_P="${CORE_STREAM_TRAFFIC_STATUS_MODULE_PN}-${CORE_STREAM_TRAFFIC_STATUS_MODULE_SHA:-${CORE_STREAM_TRAFFIC_STATUS_MODULE_PV}}" CORE_STREAM_TRAFFIC_STATUS_MODULE_URI="https://github.com/${CORE_STREAM_TRAFFIC_STATUS_MODULE_A}/${CORE_STREAM_TRAFFIC_STATUS_MODULE_PN}/archive/${CORE_STREAM_TRAFFIC_STATUS_MODULE_SHA:-v${CORE_STREAM_TRAFFIC_STATUS_MODULE_PV}}.tar.gz" CORE_STREAM_TRAFFIC_STATUS_MODULE_WD="${WORKDIR}/${CORE_STREAM_TRAFFIC_STATUS_MODULE_P}" # geoip2 (https://github.com/leev/ngx_http_geoip2_module/tags, BSD-2) HTTP_GEOIP2_MODULE_A="leev" HTTP_GEOIP2_MODULE_PN="ngx_http_geoip2_module" HTTP_GEOIP2_MODULE_PV="3.4" #HTTP_GEOIP2_MODULE_SHA="3.0" HTTP_GEOIP2_MODULE_P="${HTTP_GEOIP2_MODULE_PN}-${HTTP_GEOIP2_MODULE_SHA:-${HTTP_GEOIP2_MODULE_PV}}" HTTP_GEOIP2_MODULE_URI="https://github.com/${HTTP_GEOIP2_MODULE_A}/${HTTP_GEOIP2_MODULE_PN}/archive/${HTTP_GEOIP2_MODULE_SHA:-${HTTP_GEOIP2_MODULE_PV}}.tar.gz" HTTP_GEOIP2_MODULE_WD="${WORKDIR}/${HTTP_GEOIP2_MODULE_P}" STREAM_GEOIP2_MODULE_WD="${HTTP_GEOIP2_MODULE_WD}" # http_enchanced_memcache_module (https://github.com/dreamcommerce/ngx_http_enhanced_memcached_module/tags, Apache-2.0) HTTP_ENMEMCACHE_MODULE_A="dreamcommerce" HTTP_ENMEMCACHE_MODULE_PN="ngx_http_enhanced_memcached_module" HTTP_ENMEMCACHE_MODULE_PV="nginx_1.15.6" HTTP_ENMEMCACHE_MODULE_P="${HTTP_ENMEMCACHE_MODULE_PN}-${HTTP_ENMEMCACHE_MODULE_SHA:-${HTTP_ENMEMCACHE_MODULE_PV}}" HTTP_ENMEMCACHE_MODULE_URI="https://github.com/${HTTP_ENMEMCACHE_MODULE_A}/${HTTP_ENMEMCACHE_MODULE_PN}/archive/${HTTP_ENMEMCACHE_MODULE_SHA:-${HTTP_ENMEMCACHE_MODULE_PV}}.tar.gz" HTTP_ENMEMCACHE_MODULE_WD="${WORKDIR}/${HTTP_ENMEMCACHE_MODULE_P}" # http_rdns_module (https://github.com/flant/nginx-http-rdns/tags, Apache-2.0) HTTP_RDNS_MODULE_A="flant" HTTP_RDNS_MODULE_PN="nginx-http-rdns" HTTP_RDNS_MODULE_PV="0.0" HTTP_RDNS_MODULE_SHA="f1d00ada305fc4b7505e7bb7009f804567fae881" HTTP_RDNS_MODULE_P="${HTTP_RDNS_MODULE_PN}-${HTTP_RDNS_MODULE_SHA:-${HTTP_RDNS_MODULE_PV}}" HTTP_RDNS_MODULE_URI="https://github.com/${HTTP_RDNS_MODULE_A}/${HTTP_RDNS_MODULE_PN}/archive/${HTTP_RDNS_MODULE_SHA:-${HTTP_RDNS_MODULE_PV}}.tar.gz" HTTP_RDNS_MODULE_WD="${WORKDIR}/${HTTP_RDNS_MODULE_P}" # http_passenger (https://github.com/phusion/passenger/tags, MIT) HTTP_PASSENGER_MODULE_A="phusion" HTTP_PASSENGER_MODULE_PN="passenger" HTTP_PASSENGER_MODULE_PV="6.0.20" #HTTP_PASSENGER_MODULE_SHA="0" HTTP_PASSENGER_MODULE_P="${HTTP_PASSENGER_MODULE_PN}-${HTTP_PASSENGER_MODULE_SHA:-release-${HTTP_PASSENGER_MODULE_PV}}" HTTP_PASSENGER_MODULE_URI="https://github.com/${HTTP_PASSENGER_MODULE_A}/${HTTP_PASSENGER_MODULE_PN}/archive/${HTTP_PASSENGER_MODULE_SHA:-release-${HTTP_PASSENGER_MODULE_PV}}.tar.gz" HTTP_PASSENGER_MODULE_WD="${WORKDIR}/${HTTP_PASSENGER_MODULE_P}/src/nginx_module" # http_passenger_union_station_hooks_core (https://github.com/phusion/union_station_hooks_core/tags, MIT) HTTP_PASSENGER_UNION_STATION_HOOOKS_CORE_A="phusion" HTTP_PASSENGER_UNION_STATION_HOOOKS_CORE_PN="union_station_hooks_core" HTTP_PASSENGER_UNION_STATION_HOOOKS_CORE_PV="2.1.2" #HTTP_PASSENGER_UNION_STATION_HOOOKS_CORE_SHA="0" HTTP_PASSENGER_UNION_STATION_HOOOKS_CORE_P="${HTTP_PASSENGER_UNION_STATION_HOOOKS_CORE_PN}-${HTTP_PASSENGER_UNION_STATION_HOOOKS_CORE_SHA:-release-${HTTP_PASSENGER_UNION_STATION_HOOOKS_CORE_PV}}" HTTP_PASSENGER_UNION_STATION_HOOOKS_CORE_URI="https://github.com/${HTTP_PASSENGER_UNION_STATION_HOOOKS_CORE_A}/${HTTP_PASSENGER_UNION_STATION_HOOOKS_CORE_PN}/archive/${HTTP_PASSENGER_UNION_STATION_HOOOKS_CORE_SHA:-release-${HTTP_PASSENGER_UNION_STATION_HOOOKS_CORE_PV}}.tar.gz" HTTP_PASSENGER_UNION_STATION_HOOOKS_CORE_WD="${WORKDIR}/${HTTP_PASSENGER_UNION_STATION_HOOOKS_CORE_P}" # http_passenger_union_station_hooks_rails (https://github.com/phusion/union_station_hooks_rails/tags, MIT) HTTP_PASSENGER_UNION_STATION_HOOOKS_RAILS_A="phusion" HTTP_PASSENGER_UNION_STATION_HOOOKS_RAILS_PN="union_station_hooks_rails" HTTP_PASSENGER_UNION_STATION_HOOOKS_RAILS_PV="2.0.0" #HTTP_PASSENGER_UNION_STATION_HOOOKS_RAILS_SHA="0" HTTP_PASSENGER_UNION_STATION_HOOOKS_RAILS_P="${HTTP_PASSENGER_UNION_STATION_HOOOKS_RAILS_PN}-${HTTP_PASSENGER_UNION_STATION_HOOOKS_RAILS_SHA:-release-${HTTP_PASSENGER_UNION_STATION_HOOOKS_RAILS_PV}}" HTTP_PASSENGER_UNION_STATION_HOOOKS_RAILS_URI="https://github.com/${HTTP_PASSENGER_UNION_STATION_HOOOKS_RAILS_A}/${HTTP_PASSENGER_UNION_STATION_HOOOKS_RAILS_PN}/archive/${HTTP_PASSENGER_UNION_STATION_HOOOKS_RAILS_SHA:-release-${HTTP_PASSENGER_UNION_STATION_HOOOKS_RAILS_PV}}.tar.gz" HTTP_PASSENGER_UNION_STATION_HOOOKS_RAILS_WD="${WORKDIR}/${HTTP_PASSENGER_UNION_STATION_HOOOKS_RAILS_P}" # TODO: change passenger URI to: https://s3.amazonaws.com/phusion-passenger/releases/passenger-5.0.20.tar.gz # http_pagespeed (https://github.com/apache/incubator-pagespeed-ngx/tags, BSD-2) HTTP_PAGESPEED_MODULE_A="apache" HTTP_PAGESPEED_MODULE_PN="incubator-pagespeed-ngx" HTTP_PAGESPEED_MODULE_PV="1.13.35.2-stable" # HTTP_PAGESPEED_MODULE_PV="1.14.33.1-RC1" HTTP_PAGESPEED_MODULE_SHA="13bee9da76591484ad2b8d755620b610d2bb8551" HTTP_PAGESPEED_MODULE_P="${HTTP_PAGESPEED_MODULE_PN}-${HTTP_PAGESPEED_MODULE_SHA:-${HTTP_PAGESPEED_MODULE_PV}}" HTTP_PAGESPEED_MODULE_URI="https://github.com/${HTTP_PAGESPEED_MODULE_A}/${HTTP_PAGESPEED_MODULE_PN}/archive/${HTTP_PAGESPEED_MODULE_SHA:-v${HTTP_PAGESPEED_MODULE_PV}}.tar.gz" HTTP_PAGESPEED_MODULE_WD="${WORKDIR}/${HTTP_PAGESPEED_MODULE_P}" HTTP_PAGESPEED_PSOL_PN="psol" HTTP_PAGESPEED_PSOL_PV="${HTTP_PAGESPEED_MODULE_PV/-*/}" HTTP_PAGESPEED_PSOL_P="${HTTP_PAGESPEED_PSOL_PN}-${HTTP_PAGESPEED_PSOL_SHA:-${HTTP_PAGESPEED_PSOL_PV}}" HTTP_PAGESPEED_PSOL_URI="https://dl.google.com/dl/page-speed/${HTTP_PAGESPEED_PSOL_PN}/${HTTP_PAGESPEED_PSOL_PV}-__ARCH__.tar.gz" HTTP_PAGESPEED_PSOL_WD="${WORKDIR}/${HTTP_PAGESPEED_PSOL_PN}" # TODO: remove (dead, can be replaced by lua module) # http_hls_audio (https://github.com/flavioribeiro/nginx-audio-track-for-hls-module/tags, BSD-2) HTTP_HLS_AUDIO_MODULE_A="flavioribeiro" HTTP_HLS_AUDIO_MODULE_PN="nginx-audio-track-for-hls-module" HTTP_HLS_AUDIO_MODULE_PV="0.3" #HTTP_HLS_AUDIO_MODULE_SHA="20b6fd3d67cd73ab0ecf82ae3842a2931a203db5" HTTP_HLS_AUDIO_MODULE_P="${HTTP_HLS_AUDIO_MODULE_PN}-${HTTP_HLS_AUDIO_MODULE_SHA:-${HTTP_HLS_AUDIO_MODULE_PV}}" HTTP_HLS_AUDIO_MODULE_URI="https://github.com/${HTTP_HLS_AUDIO_MODULE_A}/${HTTP_HLS_AUDIO_MODULE_PN}/archive/${HTTP_HLS_AUDIO_MODULE_SHA:-${HTTP_HLS_AUDIO_MODULE_PV}}.tar.gz" HTTP_HLS_AUDIO_MODULE_WD="${WORKDIR}/${HTTP_HLS_AUDIO_MODULE_P}" # Actually, can be replaced by lua module too # http_uploadprogress (https://github.com/msva/nginx-upload-progress-module/tags, BSD-2) # originally: masterzen; TODO: check it's destiny sometimes # HTTP_UPLOAD_PROGRESS_MODULE_A="masterzen" HTTP_UPLOAD_PROGRESS_MODULE_A="msva" HTTP_UPLOAD_PROGRESS_MODULE_PN="nginx-upload-progress-module" HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.4" # HTTP_UPLOAD_PROGRESS_MODULE_SHA="68b3ab3b64a0cee7f785d161401c8be357bbed12" HTTP_UPLOAD_PROGRESS_MODULE_P="${HTTP_UPLOAD_PROGRESS_MODULE_PN}-${HTTP_UPLOAD_PROGRESS_MODULE_SHA:-${HTTP_UPLOAD_PROGRESS_MODULE_PV}}" HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/${HTTP_UPLOAD_PROGRESS_MODULE_A}/${HTTP_UPLOAD_PROGRESS_MODULE_PN}/archive/${HTTP_UPLOAD_PROGRESS_MODULE_SHA:-v${HTTP_UPLOAD_PROGRESS_MODULE_PV}}.tar.gz" HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/${HTTP_UPLOAD_PROGRESS_MODULE_P}" # http_nchan (https://github.com/slact/nchan/tags, BSD-2) HTTP_NCHAN_MODULE_A="slact" HTTP_NCHAN_MODULE_PN="nchan" HTTP_NCHAN_MODULE_PV="1.3.6" HTTP_NCHAN_MODULE_SHA="4461dbe99aecb51bf1afe6d00404c610f6ef706e" HTTP_NCHAN_MODULE_P="${HTTP_NCHAN_MODULE_PN}-${HTTP_NCHAN_MODULE_SHA:-${HTTP_NCHAN_MODULE_PV}}" HTTP_NCHAN_MODULE_URI="https://github.com/${HTTP_NCHAN_MODULE_A}/${HTTP_NCHAN_MODULE_PN}/archive/${HTTP_NCHAN_MODULE_SHA:-v${HTTP_NCHAN_MODULE_PV}}.tar.gz" HTTP_NCHAN_MODULE_WD="${WORKDIR}/${HTTP_NCHAN_MODULE_P}" # http_headers_more (https://github.com/openresty/headers-more-nginx-module/tags, BSD) HTTP_HEADERS_MORE_MODULE_A="openresty" HTTP_HEADERS_MORE_MODULE_PN="headers-more-nginx-module" HTTP_HEADERS_MORE_MODULE_PV="0.37" #HTTP_HEADERS_MORE_MODULE_SHA="a744defdfac1d6874152a51e3a8a604a85354a2c" HTTP_HEADERS_MORE_MODULE_P="${HTTP_HEADERS_MORE_MODULE_PN}-${HTTP_HEADERS_MORE_MODULE_SHA:-${HTTP_HEADERS_MORE_MODULE_PV}}" HTTP_HEADERS_MORE_MODULE_URI="https://github.com/${HTTP_HEADERS_MORE_MODULE_A}/${HTTP_HEADERS_MORE_MODULE_PN}/archive/${HTTP_HEADERS_MORE_MODULE_SHA:-v${HTTP_HEADERS_MORE_MODULE_PV}}.tar.gz" HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/${HTTP_HEADERS_MORE_MODULE_P}" # http_encrypted_session (https://github.com/openresty/encrypted-session-nginx-module/tags, BSD) HTTP_ENCRYPTED_SESSION_MODULE_A="openresty" HTTP_ENCRYPTED_SESSION_MODULE_PN="encrypted-session-nginx-module" HTTP_ENCRYPTED_SESSION_MODULE_PV="0.09" HTTP_ENCRYPTED_SESSION_MODULE_P="${HTTP_ENCRYPTED_SESSION_MODULE_PN}-${HTTP_ENCRYPTED_SESSION_MODULE_SHA:-${HTTP_ENCRYPTED_SESSION_MODULE_PV}}" HTTP_ENCRYPTED_SESSION_MODULE_URI="https://github.com/${HTTP_ENCRYPTED_SESSION_MODULE_A}/${HTTP_ENCRYPTED_SESSION_MODULE_PN}/archive/${HTTP_ENCRYPTED_SESSION_MODULE_SHA:-v${HTTP_ENCRYPTED_SESSION_MODULE_PV}}.tar.gz" HTTP_ENCRYPTED_SESSION_MODULE_WD="${WORKDIR}/${HTTP_ENCRYPTED_SESSION_MODULE_P}" # http_push_stream (https://github.com/wandenberg/nginx-push-stream-module/tags, BSD) HTTP_PUSH_STREAM_MODULE_A="wandenberg" HTTP_PUSH_STREAM_MODULE_PN="nginx-push-stream-module" HTTP_PUSH_STREAM_MODULE_PV="0.5.5" HTTP_PUSH_STREAM_MODULE_SHA="f858fc01e809bc87cc667e1cdd38fc35492cd2f5" HTTP_PUSH_STREAM_MODULE_P="${HTTP_PUSH_STREAM_MODULE_PN}-${HTTP_PUSH_STREAM_MODULE_SHA:-${HTTP_PUSH_STREAM_MODULE_PV}}" HTTP_PUSH_STREAM_MODULE_URI="https://github.com/${HTTP_PUSH_STREAM_MODULE_A}/${HTTP_PUSH_STREAM_MODULE_PN}/archive/${HTTP_PUSH_STREAM_MODULE_SHA:-${HTTP_PUSH_STREAM_MODULE_PV}}.tar.gz" HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/${HTTP_PUSH_STREAM_MODULE_P}" # # http_ctpp2 (https://ngx-ctpp.vbart.ru/ (ru) https://ngx-ctpp.vbart.info/ (en), BSD) # HTTP_CTPP_MODULE_PV="0.5" # HTTP_CTPP_MODULE_P="ngx_ctpp2-${HTTP_CTPP_MODULE_PV}" # HTTP_CTPP_MODULE_URI="https://dl.vbart.ru/ngx-ctpp/${HTTP_CTPP_MODULE_P}.tar.gz" # HTTP_CTPP_MODULE_WD="${WORKDIR}/${HTTP_CTPP_MODULE_P}" # http_cache_purge (https://github.com/nginx-modules/ngx_cache_purge/tags, BSD-2) HTTP_CACHE_PURGE_MODULE_A="nginx-modules" HTTP_CACHE_PURGE_MODULE_PN="ngx_cache_purge" HTTP_CACHE_PURGE_MODULE_PV="2.5.3" #HTTP_CACHE_PURGE_MODULE_SHA="75a854c6d4cd30cd6bda36998f3517dd0bffb71a" HTTP_CACHE_PURGE_MODULE_P="${HTTP_CACHE_PURGE_MODULE_PN}-${HTTP_CACHE_PURGE_MODULE_SHA:-${HTTP_CACHE_PURGE_MODULE_PV}}" HTTP_CACHE_PURGE_MODULE_URI="https://github.com/${HTTP_CACHE_PURGE_MODULE_A}/${HTTP_CACHE_PURGE_MODULE_PN}/archive/${HTTP_CACHE_PURGE_MODULE_SHA:-${HTTP_CACHE_PURGE_MODULE_PV}}.tar.gz" HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/${HTTP_CACHE_PURGE_MODULE_P}" # http_ey-balancer/maxconn module (https://github.com/msva/nginx-ey-balancer/tags, MIT) HTTP_EY_BALANCER_MODULE_A="msva" HTTP_EY_BALANCER_MODULE_PN="nginx-ey-balancer" HTTP_EY_BALANCER_MODULE_PV="0.0.10" HTTP_EY_BALANCER_MODULE_P="${HTTP_EY_BALANCER_MODULE_PN}-${HTTP_EY_BALANCER_MODULE_SHA:-${HTTP_EY_BALANCER_MODULE_PV}}" HTTP_EY_BALANCER_MODULE_URI="https://github.com/${HTTP_EY_BALANCER_MODULE_A}/${HTTP_EY_BALANCER_MODULE_PN}/archive/${HTTP_EY_BALANCER_MODULE_SHA:-v${HTTP_EY_BALANCER_MODULE_PV}}.tar.gz" HTTP_EY_BALANCER_MODULE_WD="${WORKDIR}/${HTTP_EY_BALANCER_MODULE_P}" # http_ndk, NginX DevKit module (https://github.com/vision5/ngx_devel_kit/tags, BSD) HTTP_NDK_MODULE_A="vision5" HTTP_NDK_MODULE_PN="ngx_devel_kit" HTTP_NDK_MODULE_PV="0.3.3" HTTP_NDK_MODULE_P="${HTTP_NDK_MODULE_PN}-${HTTP_NDK_MODULE_SHA:-${HTTP_NDK_MODULE_PV}}" HTTP_NDK_MODULE_URI="https://github.com/${HTTP_NDK_MODULE_A}/${HTTP_NDK_MODULE_PN}/archive/${HTTP_NDK_MODULE_SHA:-v${HTTP_NDK_MODULE_PV}}.tar.gz" HTTP_NDK_MODULE_WD="${WORKDIR}/${HTTP_NDK_MODULE_P}" # http_redis, NginX Redis 2.0 module (https://github.com/openresty/redis2-nginx-module/tags, BSD) HTTP_REDIS_MODULE_A="openresty" HTTP_REDIS_MODULE_PN="redis2-nginx-module" HTTP_REDIS_MODULE_PV="0.15" #HTTP_REDIS_MODULE_SHA="c1e0285dcb4a0ecda07cd70be38b93ce758f334e" HTTP_REDIS_MODULE_P="${HTTP_REDIS_MODULE_PN}-${HTTP_REDIS_MODULE_SHA:-${HTTP_REDIS_MODULE_PV}}" HTTP_REDIS_MODULE_URI="https://github.com/${HTTP_REDIS_MODULE_A}/${HTTP_REDIS_MODULE_PN}/archive/${HTTP_REDIS_MODULE_SHA:-v${HTTP_REDIS_MODULE_PV}}.tar.gz" HTTP_REDIS_MODULE_WD="${WORKDIR}/${HTTP_REDIS_MODULE_P}" # http_lua, NginX Lua module (https://github.com/openresty/lua-nginx-module/tags, BSD) HTTP_LUA_MODULE_A="openresty" HTTP_LUA_MODULE_PN="lua-nginx-module" HTTP_LUA_MODULE_PV="0.10.26" # HTTP_LUA_MODULE_SHA="5e05fa3adb0d2492ecaaf2cb76498e23765aa6ab" HTTP_LUA_MODULE_P="${HTTP_LUA_MODULE_PN}-${HTTP_LUA_MODULE_SHA:-${HTTP_LUA_MODULE_PV}}" HTTP_LUA_MODULE_URI="https://github.com/${HTTP_LUA_MODULE_A}/${HTTP_LUA_MODULE_PN}/archive/${HTTP_LUA_MODULE_SHA:-v${HTTP_LUA_MODULE_PV}}.tar.gz" HTTP_LUA_MODULE_WD="${WORKDIR}/${HTTP_LUA_MODULE_P}" # stream_lua, NginX Lua module (https://github.com/openresty/stream-lua-nginx-module/tags, BSD) STREAM_LUA_MODULE_A="openresty" STREAM_LUA_MODULE_PN="stream-lua-nginx-module" STREAM_LUA_MODULE_PV="0.0.14" # STREAM_LUA_MODULE_SHA="2ef14f373b991b911c4eb5d09aa333352be9a756" STREAM_LUA_MODULE_P="${STREAM_LUA_MODULE_PN}-${STREAM_LUA_MODULE_SHA:-${STREAM_LUA_MODULE_PV}}" STREAM_LUA_MODULE_URI="https://github.com/${STREAM_LUA_MODULE_A}/${STREAM_LUA_MODULE_PN}/archive/${STREAM_LUA_MODULE_SHA:-v${STREAM_LUA_MODULE_PV}}.tar.gz" STREAM_LUA_MODULE_WD="${WORKDIR}/${STREAM_LUA_MODULE_P}" # http_drizzle NginX Drizzle module (https://github.com/openresty/drizzle-nginx-module/tags, BSD) HTTP_DRIZZLE_MODULE_A="openresty" HTTP_DRIZZLE_MODULE_PN="drizzle-nginx-module" HTTP_DRIZZLE_MODULE_PV="0.1.12" #HTTP_DRIZZLE_MODULE_SHA="12543067e0d2edd296cdf9266e6c7c919e65130b" HTTP_DRIZZLE_MODULE_P="${HTTP_DRIZZLE_MODULE_PN}-${HTTP_DRIZZLE_MODULE_SHA:-${HTTP_DRIZZLE_MODULE_PV}}" HTTP_DRIZZLE_MODULE_URI="https://github.com/${HTTP_DRIZZLE_MODULE_A}/${HTTP_DRIZZLE_MODULE_PN}/archive/${HTTP_DRIZZLE_MODULE_SHA:-v${HTTP_DRIZZLE_MODULE_PV}}.tar.gz" HTTP_DRIZZLE_MODULE_WD="${WORKDIR}/${HTTP_DRIZZLE_MODULE_P}" # NginX form-input module (https://github.com/calio/form-input-nginx-module/tags, BSD) HTTP_FORM_INPUT_MODULE_A="calio" HTTP_FORM_INPUT_MODULE_PN="form-input-nginx-module" HTTP_FORM_INPUT_MODULE_PV="0.12" HTTP_FORM_INPUT_MODULE_P="${HTTP_FORM_INPUT_MODULE_PN}-${HTTP_FORM_INPUT_MODULE_SHA:-${HTTP_FORM_INPUT_MODULE_PV}}" HTTP_FORM_INPUT_MODULE_URI="https://github.com/${HTTP_FORM_INPUT_MODULE_A}/${HTTP_FORM_INPUT_MODULE_PN}/archive/${HTTP_FORM_INPUT_MODULE_SHA:-v${HTTP_FORM_INPUT_MODULE_PV}}.tar.gz" HTTP_FORM_INPUT_MODULE_WD="${WORKDIR}/${HTTP_FORM_INPUT_MODULE_P}" # NginX echo module (https://github.com/openresty/echo-nginx-module/tags, BSD) HTTP_ECHO_MODULE_A="openresty" HTTP_ECHO_MODULE_PN="echo-nginx-module" HTTP_ECHO_MODULE_PV="0.63" #HTTP_ECHO_MODULE_SHA="7740e11558b530b66b469c657576f5280b7cdb1b" HTTP_ECHO_MODULE_P="${HTTP_ECHO_MODULE_PN}-${HTTP_ECHO_MODULE_SHA:-${HTTP_ECHO_MODULE_PV}}" HTTP_ECHO_MODULE_URI="https://github.com/${HTTP_ECHO_MODULE_A}/${HTTP_ECHO_MODULE_PN}/archive/${HTTP_ECHO_MODULE_SHA:-v${HTTP_ECHO_MODULE_PV}}.tar.gz" HTTP_ECHO_MODULE_WD="${WORKDIR}/${HTTP_ECHO_MODULE_P}" # NginX Featured mecached module (https://github.com/openresty/memc-nginx-module/tags, BSD) HTTP_MEMC_MODULE_A="openresty" HTTP_MEMC_MODULE_PN="memc-nginx-module" HTTP_MEMC_MODULE_PV="0.20" #HTTP_MEMC_MODULE_SHA="18a0390ea016755d82da137b80c40bffb5072b1f" HTTP_MEMC_MODULE_P="${HTTP_MEMC_MODULE_PN}-${HTTP_MEMC_MODULE_SHA:-${HTTP_MEMC_MODULE_PV}}" HTTP_MEMC_MODULE_URI="https://github.com/${HTTP_MEMC_MODULE_A}/${HTTP_MEMC_MODULE_PN}/archive/${HTTP_MEMC_MODULE_SHA:-v${HTTP_MEMC_MODULE_PV}}.tar.gz" HTTP_MEMC_MODULE_WD="${WORKDIR}/${HTTP_MEMC_MODULE_P}" # NginX RDS-JSON module (https://github.com/openresty/rds-json-nginx-module/tags, BSD) HTTP_RDS_JSON_MODULE_A="openresty" HTTP_RDS_JSON_MODULE_PN="rds-json-nginx-module" HTTP_RDS_JSON_MODULE_PV="0.16" HTTP_RDS_JSON_MODULE_P="${HTTP_RDS_JSON_MODULE_PN}-${HTTP_RDS_JSON_MODULE_SHA:-${HTTP_RDS_JSON_MODULE_PV}}" HTTP_RDS_JSON_MODULE_URI="https://github.com/${HTTP_RDS_JSON_MODULE_A}/${HTTP_RDS_JSON_MODULE_PN}/archive/${HTTP_RDS_JSON_MODULE_SHA:-v${HTTP_RDS_JSON_MODULE_PV}}.tar.gz" HTTP_RDS_JSON_MODULE_WD="${WORKDIR}/${HTTP_RDS_JSON_MODULE_P}" # NginX RDS-CSV module (https://github.com/openresty/rds-csv-nginx-module/tags, BSD) HTTP_RDS_CSV_MODULE_A="openresty" HTTP_RDS_CSV_MODULE_PN="rds-csv-nginx-module" HTTP_RDS_CSV_MODULE_PV="0.09" HTTP_RDS_CSV_MODULE_P="${HTTP_RDS_CSV_MODULE_PN}-${HTTP_RDS_CSV_MODULE_SHA:-${HTTP_RDS_CSV_MODULE_PV}}" HTTP_RDS_CSV_MODULE_URI="https://github.com/${HTTP_RDS_CSV_MODULE_A}/${HTTP_RDS_CSV_MODULE_PN}/archive/${HTTP_RDS_CSV_MODULE_SHA:-v${HTTP_RDS_CSV_MODULE_PV}}.tar.gz" HTTP_RDS_CSV_MODULE_WD="${WORKDIR}/${HTTP_RDS_CSV_MODULE_P}" # NginX SRCache module (https://github.com/openresty/srcache-nginx-module/tags, BSD) HTTP_SRCACHE_MODULE_A="openresty" HTTP_SRCACHE_MODULE_PN="srcache-nginx-module" HTTP_SRCACHE_MODULE_PV="0.33" #HTTP_SRCACHE_MODULE_SHA="be22ac0dcd9245aadcaca3220da96a0c1a0285a7" HTTP_SRCACHE_MODULE_P="${HTTP_SRCACHE_MODULE_PN}-${HTTP_SRCACHE_MODULE_SHA:-${HTTP_SRCACHE_MODULE_PV}}" HTTP_SRCACHE_MODULE_URI="https://github.com/${HTTP_SRCACHE_MODULE_A}/${HTTP_SRCACHE_MODULE_PN}/archive/${HTTP_SRCACHE_MODULE_SHA:-v${HTTP_SRCACHE_MODULE_PV}}.tar.gz" HTTP_SRCACHE_MODULE_WD="${WORKDIR}/${HTTP_SRCACHE_MODULE_P}" # NginX Set-Misc module (https://github.com/openresty/set-misc-nginx-module/tags, BSD) HTTP_SET_MISC_MODULE_A="openresty" HTTP_SET_MISC_MODULE_PN="set-misc-nginx-module" HTTP_SET_MISC_MODULE_PV="0.33" HTTP_SET_MISC_MODULE_P="${HTTP_SET_MISC_MODULE_PN}-${HTTP_SET_MISC_MODULE_SHA:-${HTTP_SET_MISC_MODULE_PV}}" HTTP_SET_MISC_MODULE_URI="https://github.com/${HTTP_SET_MISC_MODULE_A}/${HTTP_SET_MISC_MODULE_PN}/archive/${HTTP_SET_MISC_MODULE_SHA:-v${HTTP_SET_MISC_MODULE_PV}}.tar.gz" HTTP_SET_MISC_MODULE_WD="${WORKDIR}/${HTTP_SET_MISC_MODULE_P}" # NginX XSS module (https://github.com/openresty/xss-nginx-module/tags, BSD) HTTP_XSS_MODULE_A="openresty" HTTP_XSS_MODULE_PN="xss-nginx-module" HTTP_XSS_MODULE_PV="0.06" HTTP_XSS_MODULE_P="${HTTP_XSS_MODULE_PN}-${HTTP_XSS_MODULE_SHA:-${HTTP_XSS_MODULE_PV}}" HTTP_XSS_MODULE_URI="https://github.com/${HTTP_XSS_MODULE_A}/${HTTP_XSS_MODULE_PN}/archive/${HTTP_XSS_MODULE_SHA:-v${HTTP_XSS_MODULE_PV}}.tar.gz" HTTP_XSS_MODULE_WD="${WORKDIR}/${HTTP_XSS_MODULE_P}" # NginX Array-Var module (https://github.com/openresty/array-var-nginx-module/tags, BSD) HTTP_ARRAY_VAR_MODULE_A="openresty" HTTP_ARRAY_VAR_MODULE_PN="array-var-nginx-module" HTTP_ARRAY_VAR_MODULE_PV="0.06" HTTP_ARRAY_VAR_MODULE_P="${HTTP_ARRAY_VAR_MODULE_PN}-${HTTP_ARRAY_VAR_MODULE_SHA:-${HTTP_ARRAY_VAR_MODULE_PV}}" HTTP_ARRAY_VAR_MODULE_URI="https://github.com/${HTTP_ARRAY_VAR_MODULE_A}/${HTTP_ARRAY_VAR_MODULE_PN}/archive/${HTTP_ARRAY_VAR_MODULE_SHA:-v${HTTP_ARRAY_VAR_MODULE_PV}}.tar.gz" HTTP_ARRAY_VAR_MODULE_WD="${WORKDIR}/${HTTP_ARRAY_VAR_MODULE_P}" # NginX Lua-Upstream module (https://github.com/openresty/lua-upstream-nginx-module/tags, BSD) HTTP_LUA_UPSTREAM_MODULE_A="openresty" HTTP_LUA_UPSTREAM_MODULE_PN="lua-upstream-nginx-module" HTTP_LUA_UPSTREAM_MODULE_PV="0.07" HTTP_LUA_UPSTREAM_MODULE_P="${HTTP_LUA_UPSTREAM_MODULE_PN}-${HTTP_LUA_UPSTREAM_MODULE_SHA:-${HTTP_LUA_UPSTREAM_MODULE_PV}}" HTTP_LUA_UPSTREAM_MODULE_URI="https://github.com/${HTTP_LUA_UPSTREAM_MODULE_A}/${HTTP_LUA_UPSTREAM_MODULE_PN}/archive/${HTTP_LUA_UPSTREAM_MODULE_SHA:-v${HTTP_LUA_UPSTREAM_MODULE_PV}}.tar.gz" HTTP_LUA_UPSTREAM_MODULE_WD="${WORKDIR}/${HTTP_LUA_UPSTREAM_MODULE_P}" # NginX replace filter module (https://github.com/openresty/replace-filter-nginx-module/tags, BSD) HTTP_REPLACE_FILTER_MODULE_A="openresty" HTTP_REPLACE_FILTER_MODULE_PN="replace-filter-nginx-module" HTTP_REPLACE_FILTER_MODULE_PV="0.01rc5" HTTP_REPLACE_FILTER_MODULE_P="${HTTP_REPLACE_FILTER_MODULE_PN}-${HTTP_REPLACE_FILTER_MODULE_SHA:-${HTTP_REPLACE_FILTER_MODULE_PV}}" HTTP_REPLACE_FILTER_MODULE_URI="https://github.com/${HTTP_REPLACE_FILTER_MODULE_A}/${HTTP_REPLACE_FILTER_MODULE_PN}/archive/${HTTP_REPLACE_FILTER_MODULE_SHA:-v${HTTP_REPLACE_FILTER_MODULE_PV}}.tar.gz" HTTP_REPLACE_FILTER_MODULE_WD="${WORKDIR}/${HTTP_REPLACE_FILTER_MODULE_P}" # NginX Iconv module (https://github.com/calio/iconv-nginx-module/tags, BSD) HTTP_ICONV_MODULE_A="calio" HTTP_ICONV_MODULE_PN="iconv-nginx-module" HTTP_ICONV_MODULE_PV="0.14" HTTP_ICONV_MODULE_P="${HTTP_ICONV_MODULE_PN}-${HTTP_ICONV_MODULE_SHA:-${HTTP_ICONV_MODULE_PV}}" HTTP_ICONV_MODULE_URI="https://github.com/${HTTP_ICONV_MODULE_A}/${HTTP_ICONV_MODULE_PN}/archive/${HTTP_ICONV_MODULE_SHA:-v${HTTP_ICONV_MODULE_PV}}.tar.gz" HTTP_ICONV_MODULE_WD="${WORKDIR}/${HTTP_ICONV_MODULE_P}" # NginX postgres module (https://github.com/openresty/ngx_postgres/tags, BSD-2) HTTP_POSTGRES_MODULE_A="openresty" HTTP_POSTGRES_MODULE_PN="ngx_postgres" #HTTP_POSTGRES_MODULE_PV="1.0rc7" HTTP_POSTGRES_MODULE_SHA="6824d97f9b7a93449f79da16fd2aaaddf097ce54" HTTP_POSTGRES_MODULE_P="${HTTP_POSTGRES_MODULE_PN}-${HTTP_POSTGRES_MODULE_SHA:-${HTTP_POSTGRES_MODULE_PV}}" HTTP_POSTGRES_MODULE_URI="https://github.com/${HTTP_POSTGRES_MODULE_A}/${HTTP_POSTGRES_MODULE_PN}/archive/${HTTP_POSTGRES_MODULE_SHA:-${HTTP_POSTGRES_MODULE_PV}}.tar.gz" HTTP_POSTGRES_MODULE_WD="${WORKDIR}/${HTTP_POSTGRES_MODULE_P}" # NginX coolkit module (https://github.com/FRiCKLE/ngx_coolkit/tags, BSD-2) HTTP_COOLKIT_MODULE_A="FRiCKLE" HTTP_COOLKIT_MODULE_PN="ngx_coolkit" HTTP_COOLKIT_MODULE_PV="0.2" HTTP_COOLKIT_MODULE_P="${HTTP_COOLKIT_MODULE_PN}-${HTTP_COOLKIT_MODULE_SHA:-${HTTP_COOLKIT_MODULE_PV}}" HTTP_COOLKIT_MODULE_URI="https://github.com/${HTTP_COOLKIT_MODULE_A}/${HTTP_COOLKIT_MODULE_PN}/archive/${HTTP_COOLKIT_MODULE_SHA:-${HTTP_COOLKIT_MODULE_PV}}.tar.gz" HTTP_COOLKIT_MODULE_WD="${WORKDIR}/${HTTP_COOLKIT_MODULE_P}" # http_slowfs_cache (https://github.com/FRiCKLE/ngx_slowfs_cache/tags, BSD-2) HTTP_SLOWFS_CACHE_MODULE_A="FRiCKLE" HTTP_SLOWFS_CACHE_MODULE_PN="ngx_slowfs_cache" HTTP_SLOWFS_CACHE_MODULE_PV="1.10" HTTP_SLOWFS_CACHE_MODULE_P="${HTTP_SLOWFS_CACHE_MODULE_PN}-${HTTP_SLOWFS_CACHE_MODULE_PV}" HTTP_SLOWFS_CACHE_MODULE_URI="https://github.com/${HTTP_SLOWFS_CACHE_MODULE_A}/${HTTP_SLOWFS_CACHE_MODULE_PN}/archive/${HTTP_SLOWFS_CACHE_MODULE_SHA:-${HTTP_SLOWFS_CACHE_MODULE_PV}}.tar.gz" HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/${HTTP_SLOWFS_CACHE_MODULE_P}" # http_fancyindex (https://github.com/aperezdc/ngx-fancyindex/tags , BSD) HTTP_FANCYINDEX_MODULE_A="aperezdc" HTTP_FANCYINDEX_MODULE_PN="ngx-fancyindex" HTTP_FANCYINDEX_MODULE_PV="0.5.2" #HTTP_FANCYINDEX_MODULE_SHA="ba8b4ece63da157f5eec4df3d8fdc9108b05b3eb" HTTP_FANCYINDEX_MODULE_P="${HTTP_FANCYINDEX_MODULE_PN}-${HTTP_FANCYINDEX_MODULE_SHA:-${HTTP_FANCYINDEX_MODULE_PV}}" HTTP_FANCYINDEX_MODULE_URI="https://github.com/${HTTP_FANCYINDEX_MODULE_A}/${HTTP_FANCYINDEX_MODULE_PN}/archive/${HTTP_FANCYINDEX_MODULE_SHA:-v${HTTP_FANCYINDEX_MODULE_PV}}.tar.gz" HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/${HTTP_FANCYINDEX_MODULE_P}" # TODO: remove (dead, can be replaced by lua module) # http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module/tags, BSD) HTTP_UPSTREAM_CHECK_MODULE_A="yaoweibin" HTTP_UPSTREAM_CHECK_MODULE_PN="nginx_upstream_check_module" #HTTP_UPSTREAM_CHECK_MODULE_PV="0.3.0" HTTP_UPSTREAM_CHECK_MODULE_SHA="e85752f0b9bd848f7917e02275da4013566f34d8" HTTP_UPSTREAM_CHECK_MODULE_P="${HTTP_UPSTREAM_CHECK_MODULE_PN}-${HTTP_UPSTREAM_CHECK_MODULE_SHA:-${HTTP_UPSTREAM_CHECK_MODULE_PV}}" HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/${HTTP_UPSTREAM_CHECK_MODULE_A}/${HTTP_UPSTREAM_CHECK_MODULE_PN}/archive/${HTTP_UPSTREAM_CHECK_MODULE_SHA:-v${HTTP_UPSTREAM_CHECK_MODULE_PV}}.tar.gz" HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/${HTTP_UPSTREAM_CHECK_MODULE_P}" # TODO: remove (dead, can be replaced by lua module) # http_metrics (https://github.com/nginx-modules/ngx_metrics/tags, BSD) HTTP_METRICS_MODULE_A="nginx-modules" HTTP_METRICS_MODULE_PN="ngx_metrics" HTTP_METRICS_MODULE_PV="0.1.1" HTTP_METRICS_MODULE_P="${HTTP_METRICS_MODULE_PN}-${HTTP_METRICS_MODULE_SHA:-${HTTP_METRICS_MODULE_PV}}" HTTP_METRICS_MODULE_URI="https://github.com/${HTTP_METRICS_MODULE_A}/${HTTP_METRICS_MODULE_PN}/archive/${HTTP_METRICS_MODULE_SHA:-v${HTTP_METRICS_MODULE_PV}}.tar.gz" HTTP_METRICS_MODULE_WD="${WORKDIR}/${HTTP_METRICS_MODULE_P}" # naxsi-core (https://github.com/wargio/naxsi/tags, GPLv2+) HTTP_NAXSI_MODULE_A="wargio" HTTP_NAXSI_MODULE_PN="naxsi" HTTP_NAXSI_MODULE_PV="1.6" #HTTP_NAXSI_MODULE_SHA="3005e29991e13fcb860f74be008fb6c25338862e" HTTP_NAXSI_MODULE_P="${HTTP_NAXSI_MODULE_PN}-${HTTP_NAXSI_MODULE_SHA:-${HTTP_NAXSI_MODULE_PV}}" HTTP_NAXSI_MODULE_URI="https://github.com/${HTTP_NAXSI_MODULE_A}/${HTTP_NAXSI_MODULE_PN}/archive/${HTTP_NAXSI_MODULE_SHA:-${HTTP_NAXSI_MODULE_PV}}.tar.gz" HTTP_NAXSI_MODULE_WD="${WORKDIR}/${HTTP_NAXSI_MODULE_P}/naxsi_src" HTTP_NAXSI_LIBINJECTION_MODULE_PV="3.10.0" HTTP_NAXSI_LIBINJECTION_MODULE_SHA="4aa3894b21d03d9d8fc364505c0617d2aca73fc1" HTTP_NAXSI_LIBINJECTION_MODULE_P="libinjection-${HTTP_NAXSI_LIBINJECTION_MODULE_SHA:-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}}" HTTP_NAXSI_LIBINJECTION_MODULE_URI="https://github.com/libinjection/libinjection/archive/${HTTP_NAXSI_LIBINJECTION_MODULE_SHA:-${HTTP_NAXSI_LIBINJECTION_MODULE_PV}}.tar.gz" # nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module/tags, BSD) HTTP_DAV_EXT_MODULE_A="arut" HTTP_DAV_EXT_MODULE_PN="nginx-dav-ext-module" HTTP_DAV_EXT_MODULE_PV="3.0.0" HTTP_DAV_EXT_MODULE_P="${HTTP_DAV_EXT_MODULE_PN}-${HTTP_DAV_EXT_MODULE_SHA:-${HTTP_DAV_EXT_MODULE_PV}}" HTTP_DAV_EXT_MODULE_URI="https://github.com/${HTTP_DAV_EXT_MODULE_A}/${HTTP_DAV_EXT_MODULE_PN}/archive/${HTTP_DAV_EXT_MODULE_SHA:-v${HTTP_DAV_EXT_MODULE_PV}}.tar.gz" HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/${HTTP_DAV_EXT_MODULE_P}" # nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module/tags, BSD) CORE_RTMP_MODULE_A="arut" CORE_RTMP_MODULE_PN="nginx-rtmp-module" CORE_RTMP_MODULE_PV="1.2.2" #CORE_RTMP_MODULE_SHA="e08959247dc840bb42cdf3389b1f5edb5686825f" CORE_RTMP_MODULE_P="${CORE_RTMP_MODULE_PN}-${CORE_RTMP_MODULE_SHA:-${CORE_RTMP_MODULE_PV}}" CORE_RTMP_MODULE_URI="https://github.com/${CORE_RTMP_MODULE_A}/${CORE_RTMP_MODULE_PN}/archive/${CORE_RTMP_MODULE_SHA:-v${CORE_RTMP_MODULE_PV}}.tar.gz" CORE_RTMP_MODULE_WD="${WORKDIR}/${CORE_RTMP_MODULE_P}" # mod_security for nginx (https://github.com/owasp-modsecurity/ModSecurity-nginx/tags, Apache-2.0) HTTP_SECURITY_MODULE_A="owasp-modsecurity" HTTP_SECURITY_MODULE_PN="ModSecurity-nginx" HTTP_SECURITY_MODULE_PV="1.0.3" #HTTP_SECURITY_MODULE_SHA="a2a5858d249222938c2f5e48087a922c63d7f9d8" HTTP_SECURITY_MODULE_P="${HTTP_SECURITY_MODULE_PN}-${HTTP_SECURITY_MODULE_SHA:-${HTTP_SECURITY_MODULE_PV}}" HTTP_SECURITY_MODULE_URI="https://github.com/${HTTP_SECURITY_MODULE_A}/${HTTP_SECURITY_MODULE_PN}/archive/${HTTP_SECURITY_MODULE_SHA:-v${HTTP_SECURITY_MODULE_PV}}.tar.gz" HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}" # http_auth_pam (https://github.com/sto/ngx_http_auth_pam_module/tags, BSD-2) HTTP_AUTH_PAM_MODULE_A="sto" HTTP_AUTH_PAM_MODULE_PN="ngx_http_auth_pam_module" HTTP_AUTH_PAM_MODULE_PV="1.5.5" HTTP_AUTH_PAM_MODULE_P="${HTTP_AUTH_PAM_MODULE_PN}-${HTTP_AUTH_PAM_MODULE_SHA:-${HTTP_AUTH_PAM_MODULE_PV}}" HTTP_AUTH_PAM_MODULE_URI="https://github.com/${HTTP_AUTH_PAM_MODULE_A}/${HTTP_AUTH_PAM_MODULE_PN}/archive/v${HTTP_AUTH_PAM_MODULE_SHA:-${HTTP_AUTH_PAM_MODULE_PV}}.tar.gz" HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/${HTTP_AUTH_PAM_MODULE_P}" # http_rrd (https://github.com/evanmiller/mod_rrd_graph/tags, BSD-2) HTTP_RRD_MODULE_A="evanmiller" HTTP_RRD_MODULE_PN="mod_rrd_graph" HTTP_RRD_MODULE_PV="0.2.0" HTTP_RRD_MODULE_SHA="9b749a2d4b8ae47c313054b5a23b982e9a285c54" HTTP_RRD_MODULE_P="${HTTP_RRD_MODULE_PN}-${HTTP_RRD_MODULE_SHA:-${HTTP_RRD_MODULE_PV}}" HTTP_RRD_MODULE_URI="https://github.com/${HTTP_RRD_MODULE_A}/${HTTP_RRD_MODULE_PN}/archive/${HTTP_RRD_MODULE_SHA:-${HTTP_RRD_MODULE_PV}}.tar.gz" HTTP_RRD_MODULE_WD="${WORKDIR}/${HTTP_RRD_MODULE_P}" # TODO: remove (dead, can be replaced by lua module) # sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/downloads#tag-downloads, BSD-2) HTTP_STICKY_MODULE_A="nginx-goodies" HTTP_STICKY_MODULE_PN="nginx-sticky-module-ng" HTTP_STICKY_MODULE_PV="1.2.6" HTTP_STICKY_MODULE_PV_SHA="c78b7dd79d0d" HTTP_STICKY_MODULE_SHA="08a395c66e42" HTTP_STICKY_MODULE_P="${HTTP_STICKY_MODULE_PN}-${HTTP_STICKY_MODULE_SHA:-${HTTP_STICKY_MODULE_PV}}" HTTP_STICKY_MODULE_URI="https://bitbucket.org/${HTTP_STICKY_MODULE_A}/${HTTP_STICKY_MODULE_PN}/get/${HTTP_STICKY_MODULE_SHA:-${HTTP_STICKY_MODULE_PV}}.tar.gz" HTTP_STICKY_MODULE_WD="${WORKDIR}/${HTTP_STICKY_MODULE_A}-${HTTP_STICKY_MODULE_PN}-${HTTP_STICKY_MODULE_SHA:-${HTTP_STICKY_MODULE_PV_SHA}}" # ajp-module (https://github.com/msva/nginx_ajp_module/tags, BSD-2) HTTP_AJP_MODULE_A="msva" HTTP_AJP_MODULE_PN="nginx_ajp_module" HTTP_AJP_MODULE_PV="0.3.0" HTTP_AJP_MODULE_SHA="fcbb2ccca4901d317ecd7a9dabb3fec9378ff40f" HTTP_AJP_MODULE_P="${HTTP_AJP_MODULE_PN}-${HTTP_AJP_MODULE_SHA:-${HTTP_AJP_MODULE_PV}}" HTTP_AJP_MODULE_URI="https://github.com/${HTTP_AJP_MODULE_A}/${HTTP_AJP_MODULE_PN}/archive/${HTTP_AJP_MODULE_SHA:-v${HTTP_AJP_MODULE_PV}}.tar.gz" HTTP_AJP_MODULE_WD="${WORKDIR}/${HTTP_AJP_MODULE_P}" # NJS-module (https://hg.nginx.org/njs/, BSD-2) HTTP_JAVASCRIPT_MODULE_PN="njs" HTTP_JAVASCRIPT_MODULE_PV="0.8.3" # HTTP_JAVASCRIPT_MODULE_SHA="446a1cb64a6a" HTTP_JAVASCRIPT_MODULE_P="${HTTP_JAVASCRIPT_MODULE_PN}-${HTTP_JAVASCRIPT_MODULE_SHA:-${HTTP_JAVASCRIPT_MODULE_PV}}" HTTP_JAVASCRIPT_MODULE_URI="https://hg.nginx.org/${HTTP_JAVASCRIPT_MODULE_PN}/archive/${HTTP_JAVASCRIPT_MODULE_SHA:-${HTTP_JAVASCRIPT_MODULE_PV}}.tar.gz" HTTP_JAVASCRIPT_MODULE_WD="${WORKDIR}/${HTTP_JAVASCRIPT_MODULE_P}/nginx" STREAM_JAVASCRIPT_MODULE_WD="${HTTP_JAVASCRIPT_MODULE_WD}" # nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap/tags, BSD-2) HTTP_AUTH_LDAP_MODULE_A="kvspb" HTTP_AUTH_LDAP_MODULE_PN="nginx-auth-ldap" HTTP_AUTH_LDAP_MODULE_PV="0.1" HTTP_AUTH_LDAP_MODULE_SHA="83c059b73566c2ee9cbda920d91b66657cf120b7" HTTP_AUTH_LDAP_MODULE_P="${HTTP_AUTH_LDAP_MODULE_PN}-${HTTP_AUTH_LDAP_MODULE_SHA-:${HTTP_AUTH_LDAP_MODULE_PV}}" HTTP_AUTH_LDAP_MODULE_URI="https://github.com/${HTTP_AUTH_LDAP_MODULE_A}/${HTTP_AUTH_LDAP_MODULE_PN}/archive/${HTTP_AUTH_LDAP_MODULE_SHA:-${HTTP_AUTH_LDAP_MODULE_PV}}.tar.gz" HTTP_AUTH_LDAP_MODULE_WD="${WORKDIR}/${HTTP_AUTH_LDAP_MODULE_P}" SSL_DEPS_SKIP=1 inherit ssl-cert toolchain-funcs ruby-ng perl-module flag-o-matic systemd pax-utils lua-single patches # ^^^ keep ruby before perl, since ruby sets S=WORKDIR, and perl restores DESCRIPTION="Robust, small and high performance http and reverse proxy server" HOMEPAGE=" https://sysoev.ru/nginx/ " SRC_URI=" https://nginx.org/download/${P}.tar.gz nginx_modules_http_pagespeed? ( ${HTTP_PAGESPEED_MODULE_URI} -> ${HTTP_PAGESPEED_MODULE_P}.tar.gz x86? ( ${HTTP_PAGESPEED_PSOL_URI/__ARCH__/ia32} -> ${HTTP_PAGESPEED_PSOL_P}.x86.tar.gz ) amd64? ( ${HTTP_PAGESPEED_PSOL_URI/__ARCH__/x64} -> ${HTTP_PAGESPEED_PSOL_P}.amd64.tar.gz ) ) nginx_modules_http_enmemcache? ( ${HTTP_ENMEMCACHE_MODULE_URI} -> ${HTTP_ENMEMCACHE_MODULE_P}.tar.gz ) nginx_modules_http_rdns? ( ${HTTP_RDNS_MODULE_URI} -> ${HTTP_RDNS_MODULE_P}.tar.gz ) nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz ) nginx_modules_http_hls_audio? ( ${HTTP_HLS_AUDIO_MODULE_URI} -> ${HTTP_HLS_AUDIO_MODULE_P}.tar.gz ) nginx_modules_http_encrypted_session? ( ${HTTP_ENCRYPTED_SESSION_MODULE_URI} -> ${HTTP_ENCRYPTED_SESSION_MODULE_P}.tar.gz ) nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz ) nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz ) nginx_modules_http_ey_balancer? ( ${HTTP_EY_BALANCER_MODULE_URI} -> ${HTTP_EY_BALANCER_MODULE_P}.tar.gz ) nginx_modules_http_ndk? ( ${HTTP_NDK_MODULE_URI} -> ${HTTP_NDK_MODULE_P}.tar.gz ) nginx_modules_http_redis? ( ${HTTP_REDIS_MODULE_URI} -> ${HTTP_REDIS_MODULE_P}.tar.gz ) nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz ) nginx_modules_http_lua_upstream? ( ${HTTP_LUA_UPSTREAM_MODULE_URI} -> ${HTTP_LUA_UPSTREAM_MODULE_P}.tar.gz ) nginx_modules_http_replace_filter? ( ${HTTP_REPLACE_FILTER_MODULE_URI} -> ${HTTP_REPLACE_FILTER_MODULE_P}.tar.gz ) nginx_modules_http_form_input? ( ${HTTP_FORM_INPUT_MODULE_URI} -> ${HTTP_FORM_INPUT_MODULE_P}.tar.gz ) nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz ) nginx_modules_http_rds_json? ( ${HTTP_RDS_JSON_MODULE_URI} -> ${HTTP_RDS_JSON_MODULE_P}.tar.gz ) nginx_modules_http_rds_csv? ( ${HTTP_RDS_CSV_MODULE_URI} -> ${HTTP_RDS_CSV_MODULE_P}.tar.gz ) nginx_modules_http_srcache? ( ${HTTP_SRCACHE_MODULE_URI} -> ${HTTP_SRCACHE_MODULE_P}.tar.gz ) nginx_modules_http_set_misc? ( ${HTTP_SET_MISC_MODULE_URI} -> ${HTTP_SET_MISC_MODULE_P}.tar.gz ) nginx_modules_http_xss? ( ${HTTP_XSS_MODULE_URI} -> ${HTTP_XSS_MODULE_P}.tar.gz ) nginx_modules_http_array_var? ( ${HTTP_ARRAY_VAR_MODULE_URI} -> ${HTTP_ARRAY_VAR_MODULE_P}.tar.gz ) nginx_modules_http_iconv? ( ${HTTP_ICONV_MODULE_URI} -> ${HTTP_ICONV_MODULE_P}.tar.gz ) nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz ) nginx_modules_http_postgres? ( ${HTTP_POSTGRES_MODULE_URI} -> ${HTTP_POSTGRES_MODULE_P}.tar.gz ) nginx_modules_http_coolkit? ( ${HTTP_COOLKIT_MODULE_URI} -> ${HTTP_COOLKIT_MODULE_P}.tar.gz ) nginx_modules_http_nchan? ( ${HTTP_NCHAN_MODULE_URI} -> ${HTTP_NCHAN_MODULE_P}.tar.gz ) nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz ) nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz ) nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz ) nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz ) nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz ${HTTP_NAXSI_LIBINJECTION_MODULE_URI} -> ${HTTP_NAXSI_LIBINJECTION_MODULE_P}.tar.gz ) nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz ) nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz ) nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz ) nginx_modules_http_passenger? ( ${HTTP_PASSENGER_MODULE_URI} -> ${HTTP_PASSENGER_MODULE_P}.tar.gz ${HTTP_PASSENGER_UNION_STATION_HOOOKS_CORE_URI} -> ${HTTP_PASSENGER_UNION_STATION_HOOOKS_CORE_P}.tar.gz ${HTTP_PASSENGER_UNION_STATION_HOOOKS_RAILS_URI} -> ${HTTP_PASSENGER_UNION_STATION_HOOOKS_RAILS_P}.tar.gz ) nginx_modules_http_rrd? ( ${HTTP_RRD_MODULE_URI} -> ${HTTP_RRD_MODULE_P}.tar.gz ) nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.gz ) nginx_modules_http_ajp? ( ${HTTP_AJP_MODULE_URI} -> ${HTTP_AJP_MODULE_P}.tar.gz ) nginx_modules_http_javascript? ( ${HTTP_JAVASCRIPT_MODULE_URI} -> ${HTTP_JAVASCRIPT_MODULE_P}.tar.gz ) nginx_modules_stream_javascript? ( ${HTTP_JAVASCRIPT_MODULE_URI} -> ${HTTP_JAVASCRIPT_MODULE_P}.tar.gz ) nginx_modules_http_drizzle? ( ${HTTP_DRIZZLE_MODULE_URI} -> ${HTTP_DRIZZLE_MODULE_P}.tar.gz ) nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz ) nginx_modules_http_auth_ldap? ( ${HTTP_AUTH_LDAP_MODULE_URI} -> ${HTTP_AUTH_LDAP_MODULE_P}.tar.gz ) nginx_modules_stream_lua? ( ${STREAM_LUA_MODULE_URI} -> ${STREAM_LUA_MODULE_P}.tar.gz ) nginx_modules_core_rtmp? ( ${CORE_RTMP_MODULE_URI} -> ${CORE_RTMP_MODULE_P}.tar.gz ) nginx_modules_http_vhost_traffic_status? ( ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_URI} -> ${HTTP_VHOST_TRAFFIC_STATUS_MODULE_P}.tar.gz ) nginx_modules_stream_traffic_status? ( ${STREAM_TRAFFIC_STATUS_MODULE_URI} -> ${STREAM_TRAFFIC_STATUS_MODULE_P}.tar.gz ) nginx_modules_core_stream_traffic_status? ( ${CORE_STREAM_TRAFFIC_STATUS_MODULE_URI} -> ${CORE_STREAM_TRAFFIC_STATUS_MODULE_P}.tar.gz ) nginx_modules_http_geoip2? ( ${HTTP_GEOIP2_MODULE_URI} -> ${HTTP_GEOIP2_MODULE_P}.tar.gz ) nginx_modules_stream_geoip2? ( ${HTTP_GEOIP2_MODULE_URI} -> ${HTTP_GEOIP2_MODULE_P}.tar.gz ) nginx_modules_http_brotli? ( ${HTTP_BROTLI_MODULE_URI} -> ${HTTP_BROTLI_MODULE_P}.tar.gz ) " # nginx_modules_http_ctpp? ( ${HTTP_CTPP_MODULE_URI} ) LICENSE=" BSD-2 BSD SSLeay MIT GPL-2 GPL-2+ nginx_modules_http_enmemcache? ( Apache-2.0 ) nginx_modules_http_security? ( Apache-2.0 ) nginx_modules_http_push_stream? ( GPL-3 ) nginx_modules_http_hls_audio? ( GPL-3 ) " SLOT="mainline" KEYWORDS="~amd64 ~arm ~arm64 ~x86 ~amd64-linux ~x86-linux" # ppc ppc64 riscv # ^ ctpp2, drizzle, sregex NGINX_MODULES_STD=" http_access http_auth_basic http_autoindex http_browser http_charset http_empty_gif http_fastcgi http_geo http_grpc http_gzip http_limit_conn http_limit_req http_map http_memcached http_mirror http_proxy http_referer http_rewrite http_scgi http_split_clients http_ssi http_upstream_hash http_upstream_ip_hash http_upstream_keepalive http_upstream_least_conn http_upstream_zone http_userid http_uwsgi stream_access stream_geo stream_limit_conn stream_map stream_return stream_split_clients stream_upstream_hash stream_upstream_least_conn stream_upstream_zone mail_imap mail_pop3 mail_smtp " NGINX_MODULES_OPT=" http_addition http_auth_request http_dav http_degradation http_flv http_geoip http_gunzip http_gzip_static http_image_filter http_mp4 http_perl http_random_index http_realip http_secure_link http_slice http_stub_status http_sub http_xslt http_v2 http_v3 stream_geoip stream_realip stream_ssl_preread " # XXX: Some 3party modules are very sensitive to load order! # http_naxsi: wants to be the first one; # http_security: wants to be loaded as early as possible (although, take some care itself). # http_ndk: before modules that using it NGINX_MODULES_3P=" http_brotli http_naxsi http_security http_ndk http_set_misc http_echo http_memc http_lua http_lua_upstream http_nchan http_coolkit http_enmemcache http_rdns http_cache_purge http_headers_more http_encrypted_session http_pagespeed http_push_stream http_ey_balancer http_slowfs_cache http_redis http_replace_filter http_form_input http_rds_json http_rds_csv http_postgres http_srcache http_array_var http_xss http_iconv http_upload_progress http_fancyindex http_metrics http_dav_ext http_passenger http_auth_pam http_hls_audio http_sticky http_ajp http_javascript http_drizzle http_upstream_check http_auth_ldap http_rrd http_vhost_traffic_status http_geoip2 stream_geoip2 stream_traffic_status stream_javascript stream_lua core_rtmp core_stream_traffic_status " # http_ctpp NGINX_MODULES_DYN=" http_geoip http_image_filter http_xslt http_perl stream_geoip http_javascript http_naxsi http_security http_ndk http_set_misc http_echo http_memc http_lua http_lua_upstream http_nchan http_enmemcache http_rdns http_cache_purge http_headers_more http_encrypted_session http_pagespeed http_push_stream http_redis http_form_input http_srcache http_array_var http_iconv http_upload_progress http_fancyindex http_dav_ext http_passenger http_auth_pam http_ajp stream_javascript http_auth_ldap stream_lua core_rtmp " REQUIRED_USE=" nginx_modules_http_grpc? ( nginx_modules_http_v2 ) nginx_modules_http_v2? ( ssl ) nginx_modules_stream_lua? ( ssl ssl-cert-cb ) nginx_modules_http_lua? ( ${LUA_REQUIRED_USE} || ( pcre pcre2 ) pcre2? ( pcre-jit ) nginx_modules_http_ndk nginx_modules_http_rewrite ssl? ( ssl-cert-cb ) ) nginx_modules_http_lua_upstream? ( nginx_modules_http_lua ) nginx_modules_http_rds_json? ( nginx_modules_http_postgres ) nginx_modules_http_rds_csv? ( nginx_modules_http_postgres ) nginx_modules_http_rdns? ( busy-upstream ) nginx_modules_http_ey_balancer? ( busy-upstream ) nginx_modules_http_form_input? ( nginx_modules_http_ndk ) nginx_modules_http_set_misc? ( nginx_modules_http_ndk ) nginx_modules_http_iconv? ( nginx_modules_http_ndk ) nginx_modules_http_encrypted_session? ( nginx_modules_http_ndk ssl ) nginx_modules_http_array_var? ( nginx_modules_http_ndk ) nginx_modules_http_fastcgi? ( nginx_modules_http_realip ) nginx_modules_http_naxsi? ( nginx_modules_http_rewrite || ( pcre pcre2 ) ) nginx_modules_http_pagespeed? ( pcre ) nginx_modules_http_postgres? ( nginx_modules_http_rewrite ) nginx_modules_http_dav_ext? ( nginx_modules_http_dav nginx_modules_http_xslt ) nginx_modules_http_hls_audio? ( nginx_modules_http_lua ) nginx_modules_http_metrics? ( nginx_modules_http_stub_status ) nginx_modules_http_push_stream? ( ssl ) nginx_modules_http_fancyindex? ( nginx_modules_http_addition ) nginx_modules_http_security? ( pcre ) pcre-jit? ( || ( pcre pcre2 ) ) ktls? ( ssl ) http2? ( nginx_modules_http_v2 ) http3? ( nginx_modules_http_v3 ) rrd? ( nginx_modules_http_rrd ) rtmp? ( nginx_modules_core_rtmp ) nginx_modules_stream_traffic_status? ( nginx_modules_core_stream_traffic_status ) nginx_modules_core_stream_traffic_status? ( nginx_modules_stream_traffic_status ) " IUSE="aio busy-upstream debug +http http2 http3 +http-cache ktls libatomic mail pam +pcre pcre-jit pcre2 perftools rrd ssl ssl-cert-cb stream threads vim-syntax selinux systemtap +static rtmp" for mod in $NGINX_MODULES_STD $NGINX_MODULES_OPT $NGINX_MODULES_3P; do f= [[ "$NGINX_MODULES_STD" =~ "http_${mod//http_}" ]] && f="+" [[ "${mod}" =~ "realip" ]] && f="+" # needed by fastcgi STD mod [[ "${mod}" =~ "http_v2" ]] && f="+" # needed by grpc STD mod IUSE="${IUSE} ${f}nginx_modules_${mod}" unset f done CDEPEND=" acct-group/nginx acct-user/nginx pam? ( sys-libs/pam ) pcre? ( dev-libs/libpcre ) pcre2? ( dev-libs/libpcre2 ) pcre-jit? ( pcre? ( dev-libs/libpcre[jit] ) pcre2? ( dev-libs/libpcre2[jit] ) ) ssl? ( dev-libs/openssl:0= ) http2? ( dev-libs/openssl:0= ) http-cache? ( dev-libs/openssl:0= ) ktls? ( >=dev-libs/openssl-3:0=[ktls] ) nginx_modules_http_brotli? ( app-arch/brotli:= ) nginx_modules_http_geoip? ( dev-libs/geoip ) nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= ) nginx_modules_stream_geoip2? ( dev-libs/libmaxminddb:= ) nginx_modules_http_gunzip? ( sys-libs/zlib ) nginx_modules_http_gzip? ( sys-libs/zlib ) nginx_modules_http_gzip_static? ( sys-libs/zlib ) nginx_modules_http_image_filter? ( media-libs/gd[jpeg,png] ) nginx_modules_http_perl? ( >=dev-lang/perl-5.8 ) nginx_modules_http_postgres? ( dev-db/postgresql:= ) nginx_modules_http_rewrite? ( >=dev-libs/libpcre-4.2 ) nginx_modules_http_secure_link? ( dev-libs/openssl:= ) nginx_modules_http_xslt? ( dev-libs/libxml2 dev-libs/libxslt ) nginx_modules_stream_lua? ( >=dev-lang/luajit-2 ) nginx_modules_http_lua? ( >=dev-lang/luajit-2 ) nginx_modules_http_replace_filter? ( dev-libs/sregex ) nginx_modules_http_metrics? ( dev-libs/yajl ) nginx_modules_http_nchan? ( dev-libs/hiredis ) nginx_modules_http_dav_ext? ( dev-libs/expat ) nginx_modules_http_hls_audio? ( >=media-video/ffmpeg-2 ) perftools? ( dev-util/google-perftools ) nginx_modules_http_rrd? ( >=net-analyzer/rrdtool-1.3.8[graph] ) nginx_modules_http_passenger? ( $(ruby_implementations_depend) >=dev-ruby/rake-0.8.1 !!www-apache/passenger dev-libs/libev dev-libs/libuv ) nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] ) nginx_modules_http_drizzle? ( dev-libs/libdrizzle ) virtual/libcrypt:= " # nginx_modules_http_ctpp? ( www-apps/ctpp2 >=sys-devel/gcc-4.6:* ) RDEPEND=" ${CDEPEND} acct-group/nginx selinux? ( sec-policy/selinux-nginx ) " DEPEND=" ${CDEPEND} nginx_modules_http_security? ( dev-libs/modsecurity ) arm? ( dev-libs/libatomic_ops ) libatomic? ( dev-libs/libatomic_ops ) " BDEPEND=" virtual/pkgconfig " ## mod_pagespeed (precompiled psol static library, actually) issues QA warning #QA_EXECSTACK="usr/sbin/nginx" ##QA_WX_LOAD="usr/sbin/nginx" PDEPEND=" vim-syntax? ( ~app-vim/nginx-syntax-${PV} ) nginx_modules_stream_lua? ( dev-lua/resty-core dev-lua/resty-lrucache ) nginx_modules_http_lua? ( dev-lua/resty-core dev-lua/resty-lrucache ) " custom_econf() { local EXTRA_ECONF=(${EXTRA_ECONF[@]}) local ECONF_SOURCE=${ECONF_SOURCE:-.}; set -- "$@" "${EXTRA_ECONF[@]}" echo "${ECONF_SOURCE}/configure" "${@}" "${ECONF_SOURCE}/configure" "${@}" } pkg_setup() { export NGINX_HOME="/var/lib/nginx" export NGINX_HOME_TMP="${NGINX_HOME}/tmp" if ! use static; then ewarn "" ewarn "You've activated 'dynamic' (shared) modules support." ewarn "This means you'll *MUST* manually load modules you're about to use." ewarn "Also, note that some modules are very sensitive to loading order" ewarn "Example of such modules are http_security, http_naxsi and http_nchan" ewarn "There maybe some more" ewarn "" fi if use nginx_modules_http_lua || use nginx_modules_stream_lua; then einfo "" einfo "You will probably want to emerge @openresty set" has_version dev-lang/luajit[openresty] || ewarn "Also, Lua Module upstream (OpenResty) insists you should use their luajit fork (emerge luajit[openresty]), since they made many optimisations to it" einfo "" fi if use libatomic && ! use arm; then ewarn "" ewarn "GCC 4.1+ features built-in atomic operations." ewarn "Using libatomic_ops is only needed if you use" ewarn "a different compiler or GCC <4.1" ewarn "" fi if [[ -n $NGINX_ADD_MODULES ]]; then ewarn "" ewarn "You are building custom modules via \$NGINX_ADD_MODULES!" ewarn "This nginx installation is *not supported*!" ewarn "Make sure you can reproduce the bug without those modules" ewarn "_before_ reporting bugs." ewarn "" fi if use nginx_modules_http_passenger; then ewarn "" ewarn "I've no more mental powers to support the Passenger builds." ewarn "I'll still bump passenger module on new releases, but since now" ewarn "I will not even check if it at least builds." ewarn "It is still a chance I'll fix issues reported about it, but it's not a promise" ewarn "I recommend you to try to switch to www-servers/nginx-unit instead" ewarn "" use debug && append-flags -DPASSENGER_DEBUG ### QA append-cflags "-fno-strict-aliasing -Wno-unused-result -Wno-unused-variable" append-cxxflags "-fno-strict-aliasing -Wno-unused-result -Wno-unused-variable" ### /QA ruby-ng_pkg_setup fi if use nginx_modules_http_hls_audio; then die "Unfortunately, HLS Audio module is not compatible with ${P} (because of API/ABI changes)" ### QA append-cflags "-Wno-deprecated-declarations" ### /QA fi if use nginx_modules_http_sticky; then die "Unfortunately, Sticky module is not compatible with ${P} (because of API/ABI changes)" fi if use !http; then ewarn "" ewarn "To actually disable all http-functionality you also have to disable" ewarn "all nginx http modules." ewarn "" fi if use nginx_modules_http_pagespeed; then ewarn "Be noticed that PageSpeed module using precompiled (by google) PSOL library." ewarn "And due to way google built it, this build will definitelly follow to QA warning." ewarn "So, take a look on it, please." ewarn "" fi } src_unpack() { # prevent ruby-ng.eclass from messing with src_unpack PORTAGE_QUIET=1 default } src_prepare() { find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' # We have config protection, don't rename etc files sed -i 's:.default::' auto/install || die # remove useless files sed -i -e '/koi-/d' -e '/win-/d' auto/install || die # Increasing error string (to have possibility to get all modules in nginx -V output) sed -i \ -e "/^#define NGX_MAX_ERROR_STR/s|\(NGX_MAX_ERROR_STR\).*|\1 ${NGINX_MAX_ERROR_LENGTH:-4096}|" \ "${S}"/src/core/ngx_log.h # Increasing maximum dyn modules amount sed -i \ -e "/^#define NGX_MAX_DYNAMIC_MODULES/s|\(NGX_MAX_DYNAMIC_MODULES\).*|\1 ${NGINX_MAX_DYNAMIC_MODULES:-256}|" \ "${S}"/src/core/ngx_module.c # don't install to /etc/nginx/ if not in use local module for module in fastcgi scgi uwsgi ; do if ! use nginx_modules_http_${module}; then sed -i -e "/${module}/d" auto/install || die fi done if use nginx_modules_http_hls_audio; then # compatibility with new ffmpeg sed -r \ -e '/out_codec_ctx-/s@ (CODEC_FLAG_GLOBAL_HEADER)@ AV_\1@' \ -i "${HTTP_HLS_AUDIO_MODULE_WD}/ngx_http_aac_module.c" fi if use nginx_modules_http_brotli; then sed -r \ -e "s@^(brotli)=\".*@\1='$($(tc-getPKG_CONFIG) --variable=prefix libbrotlienc)'@" \ -i "${HTTP_BROTLI_MODULE_WD}"/filter/config fi if use nginx_modules_stream_lua; then sed -r \ -e "s|-lluajit-5.1|$($(tc-getPKG_CONFIG) --libs luajit)|g" \ -i "${STREAM_LUA_MODULE_WD}/config" fi if use nginx_modules_http_lua; then sed -r \ -e '/#ifndef OPENRESTY_LUAJIT/,/#endif/d' \ -i "${HTTP_LUA_MODULE_WD}"/src/ngx_http_lua_module.c sed -r \ -e "s|-lluajit-5.1|$($(tc-getPKG_CONFIG) --libs luajit)|g" \ -i "${HTTP_LUA_MODULE_WD}/config" fi if use nginx_modules_http_passenger; then # Gentoo'izing and de-apache'ing: local HTTP_PASSENGER_SRC_WD="$(realpath ${HTTP_PASSENGER_MODULE_WD}/../..)" sed -r \ -e "s:/buildout(/support-binaries):\1:" \ -i "${HTTP_PASSENGER_SRC_WD}"/src/cxx_supportlib/ResourceLocator.h || die "ResourceLocator.h" sed \ -e '/passenger-install-apache2-module/d' \ -e "/passenger-install-nginx-module/d" \ -i "${HTTP_PASSENGER_SRC_WD}"/src/ruby_supportlib/phusion_passenger/packaging.rb || die "packaging.rb" sed \ -e 's#local/include#include#' \ -i "${HTTP_PASSENGER_SRC_WD}"/src/ruby_supportlib/phusion_passenger/platform_info/cxx_portability.rb || die "cxx_portability.rb" sed -r \ -e '/is_nan_helper/s@(return) (::isnan)@\1 std\2@' \ -i "${HTTP_PASSENGER_SRC_WD}"/src/cxx_supportlib/vendor-modified/boost/math/special_functions/fpclassify.hpp ############################################################ ## WARNING! That piece is trying to unpatch passenger from it's bundled libev ## May provide crashes at runtime! If it is a case why you're looking here ## then report that issue, please. ## ## Also you can participate here: https://git.io/vL2In ############################################################ sed \ -e '/ev_loop_get_pipe/d' \ -e '/ev_backend_fd/d' \ -i "${HTTP_PASSENGER_SRC_WD}"/src/cxx_supportlib/SafeLibev.h \ "${HTTP_PASSENGER_SRC_WD}"/src/cxx_supportlib/BackgroundEventLoop.cpp || die "" ############################################################ sed -r \ -e 's#(LIBEV_CFLAGS =).*#\1 "-I/usr/include"#' \ -e 's#(LIBUV_CFLAGS =).*#\1 "-I/usr/include"#' \ -i "${HTTP_PASSENGER_SRC_WD}"/build/common_library.rb || die sed -r \ -e "/Extra linker flags that/iEXTRA_PRE_CXXFLAGS << \" #{ENV['CXXFLAGS']}\"\n" \ -e "/AGENT_OUTPUT_DIR/iEXTRA_LDFLAGS = \"#{ENV['LDFLAGS']}\"\n" \ -e '/^USE_VENDORED_LIB[EU]V/s@true@false@' \ -i "${HTTP_PASSENGER_SRC_WD}"/build/basics.rb || die '' sed -r \ -e "s@(task :fakeroot =>) \[:apache2.*@\1 \[:nginx, 'nginx:as_dynamic_module'\] do@" \ -e '/psg_support_binaries_dir/s@fs_libdir@fs_datadir@' \ -e 's@(psg_resources_dir)[ ]*= .*@\1 = "#\{fs_datadir\}/#\{GLOBAL_NAMESPACE_DIRNAME\}/resources"@' \ -e 's@(psg_include_dir)[ ]*= .*@\1 = "#\{fs_prefix\}/include/#\{GLOBAL_NAMESPACE_DIRNAME\}"@' \ -e '/psg_ruby_extension_source_dir/s@#\{fs_datadir\}@#\{fs_prefix\}/src@' \ -e '/psg_nginx_module_source_dir/s@#\{fs_datadir\}@#\{fs_prefix\}/src@' \ -e 's@(fakeroot =) "#\{PKG_DIR\}/fakeroot"$@\1 ENV["D"]@' \ -e 's@fake_rubylibdir\}/phusion_passenger/l@fakeroot\}/#\{fs_datadir\}/#\{GLOBAL_NAMESPACE_DIRNAME\}/l@' \ -e 's@"(apache2_module_path)=.*@"\1=/dev/null"@' \ -e '/fake_apache2_module_path/d' \ -e '/psg_apache2_module_path/d' \ -e '/sh .*fakeroot}"/d' \ -e '/sh .*fake_apache2_module_path/d' \ -i "${HTTP_PASSENGER_SRC_WD}"/build/packaging.rb || die rm -r \ "${HTTP_PASSENGER_SRC_WD}"/bin/passenger-install-apache2-module \ "${HTTP_PASSENGER_SRC_WD}"/bin/passenger-install-nginx-module \ "${HTTP_PASSENGER_SRC_WD}"/src/apache2_module \ "${HTTP_PASSENGER_SRC_WD}"/src/cxx_supportlib/vendor-copy/libuv \ "${HTTP_PASSENGER_SRC_WD}"/src/cxx_supportlib/vendor-modified/libev fi if use nginx_modules_http_naxsi; then rm -r "${HTTP_NAXSI_MODULE_WD}"/libinjection || die "Failed to unbundle libinjection from NAXSI" cp -rl "${S}/../${HTTP_NAXSI_LIBINJECTION_MODULE_P}" "${HTTP_NAXSI_MODULE_WD}"/libinjection || die "Unable to insert unbundled libinjection to NAXSI" fi if use nginx_modules_http_pagespeed; then # TODO: replace precompiled psol with that one, built from apache module? cp -rl "${HTTP_PAGESPEED_PSOL_WD}" "${HTTP_PAGESPEED_MODULE_WD}"/ || die "Failed to insert psol" fi # if use nginx_modules_http_ctpp; then # sed \ # -e '/throw(ngx_int_t)/s@@noexcept(false)@' \ # -i "${HTTP_CTPP_MODULE_WD}/sources/ctpp2_process.cpp" # fi patches_src_prepare } # Kludge to have the possibility to properly check modules # (ex: dav_ext in DYN makes false positive on dav in OPT) _NGX__NG_M_DYN=${NGINX_MODULES_DYN[@]} _NGX__NG_M_DYN=${_NGX__NG_M_DYN// /:}: opt_mod() { local mod="${1}" dm= if ! use static && [[ "${_NGX__NG_M_DYN}" =~ "${mod}:" ]]; then dm="=dynamic" fi use "nginx_modules_${mod}" && echo "--with-${mod}_module${dm}" } ext_mod() { local mod=${1} p="${2}" dm= use "nginx_modules_${mod}" || return if [[ -z "${p}" ]]; then # It's Voodoo time! p="${mod^^}_MODULE_WD"; p="${!p}"; # p=$(find $(dirname ${p}) -maxdepth 1 -name "$(basename ${p})*" fi if ! use static && [[ "${_NGX__NG_M_DYN}" =~ "${mod}:" ]]; then dm="-dynamic" fi echo "--add${dm}-module=${p}" } std_mod() { use "nginx_modules_${1}" || echo "--without-${1}_module" } core_feat() { use "${1}" && echo "--with-${2:-${1}}" } src_configure() { local myconf=() local http_enabled= mail_enabled= stream_enabled= local http_dyn_lock= stream_dyn_lock= mail_dyn_lock= for f in debug libatomic pcre{,-jit} threads; do myconf+=($(core_feat "${f}")) done use aio && myconf+=("$(core_feat aio file-aio)") use pcre && myconf+=("--without-pcre2") for m in $NGINX_MODULES_STD; do local e="$(std_mod ${m})" if [[ -z "${e}" ]]; then export "${m//_*}_enabled=1" else myconf+=("${e}") fi done for m in $NGINX_MODULES_OPT; do local e="$(opt_mod ${m})" if [[ -n "${e}" ]]; then export "${m//_*}_enabled=1" myconf+=("${e}") fi done for m in $NGINX_MODULES_3P; do # TODO: replace this check with a function, if there will be another http+stream-in-one modules if [[ "${m}" == "stream_javascript" ]] && use nginx_modules_http_javascript; then continue fi if [[ "${m}" == "stream_geoip2" ]] && use nginx_modules_http_geoip2; then continue fi local e="$(ext_mod ${m})" if [[ -n "${e}" ]]; then local proto="${m//_*}" if ! [[ "${e}" =~ "-dynamic-" ]]; then export "${proto}_dyn_lock=1" fi export "${proto}_enabled=1" myconf+=("${e}") fi done if use nginx_modules_http_lua; then export LUAJIT_LIB=$($(tc-getPKG_CONFIG) --variable libdir luajit) export LUAJIT_INC=$($(tc-getPKG_CONFIG) --variable includedir luajit) # XXX: temp kludge. TODO: think on proper fix # myconf+=("--without-pcre2") fi # if use nginx_modules_http_pagespeed; then # XXX: temp kludge. TODO: think on proper fix # myconf+=("--without-pcre2") # fi if use http || use http-cache || use http2 || use http3 || use nginx_modules_http_javascript; then export http_enabled=1 fi if use mail; then export mail_enabled=1 fi if use stream || use nginx_modules_stream_geoip2 || use nginx_modules_stream_javascript; then export stream_enabled=1 fi if [[ -n "${http_enabled}" ]]; then use http-cache || myconf+=("--without-http-cache") use ssl && myconf+=("--with-http_ssl_module") else myconf+=("--without-http --without-http-cache") fi use perftools && myconf+=("--with-google_perftools_module") if [[ -n "${mail_enabled}" ]]; then local dm= if ! use static && [[ -z "${mail_dyn_lock}" ]]; then dm="=dynamic" fi myconf+=("--with-mail${dm}") use ssl && myconf+=("--with-mail_ssl_module") fi # stream_lua if use nginx_modules_stream_lua; then export LUAJIT_LIB=$($(tc-getPKG_CONFIG) --variable libdir luajit) export LUAJIT_INC=$($(tc-getPKG_CONFIG) --variable includedir luajit) # XXX: temp kludge. TODO: think on proper fix # myconf+=("--without-pcre2") fi if [[ -n "${stream_enabled}" ]]; then local dm= if ! use static && [[ -z "${stream_dyn_lock}" ]]; then dm="=dynamic" fi myconf+=("--with-stream${dm}") use ssl && myconf+=("--with-stream_ssl_module") fi # custom static (!) modules for mod in $NGINX_ADD_MODULES; do myconf+=("--add-module=${mod}") done # https://bugs.gentoo.org/286772 export LANG=C LC_ALL=C tc-export CC if ! use prefix; then myconf+=("--user=${PN}" "--group=${PN}") fi if use nginx_modules_http_passenger; then local passenger_target="nginx" if ! use static; then passenger_target="nginx:as_dynamic_module" fi # workaround on QA issues on passenger pushd "${HTTP_PASSENGER_MODULE_WD}"/../.. &>/dev/null einfo "Compiling Passenger support binaries (needed for ./configure)" export USE_VENDORED_LIBEV=no USE_VENDORED_LIBUV=no rake "${passenger_target}" || die "Passenger premake for ${RUBY} failed!" popd &>/dev/null fi custom_econf \ --prefix="${EPREFIX}${NGINX_HOME}" \ --sbin-path="${EPREFIX}/usr/sbin/nginx" \ --conf-path="${EPREFIX}/etc/nginx/nginx.conf" \ --pid-path="${EPREFIX}/run/nginx.pid" \ --lock-path="${EPREFIX}/run/lock/nginx.lock" \ --with-cc-opt="-I${EPREFIX}/usr/include" \ --with-ld-opt="-L${EPREFIX}/usr/$(get_libdir)" \ --http-log-path="${EPREFIX}/var/log/nginx/access.log" \ --error-log-path="${EPREFIX}/var/log/nginx/error.log" \ --http-client-body-temp-path="tmp/client" \ --http-proxy-temp-path="tmp/proxy" \ --http-fastcgi-temp-path="tmp/fastcgi" \ --http-scgi-temp-path="tmp/scgi" \ --http-uwsgi-temp-path="tmp/uwsgi" \ --modules-path="modules" \ --with-compat \ "${myconf[@]}" || die "configure failed" local sedargs=(); sedargs+=(-e "s|${WORKDIR}|ext|g") sedargs+=(-e 's@(=ext/[^ ]*-)([0-9a-fA-F]{8})[0-9a-fA-F]{32}@\1\2@g') ( use nginx_modules_http_javascript || use nginx_modules_stream_javascript ) && sedargs+=(-e "s|/${P}/|/|g;s|(/njs-[^/]*)/nginx |\1 |g") use nginx_modules_http_naxsi && sedargs+=(-e "s|/${P}/|/|g;s|/naxsi_src||g") use nginx_modules_http_passenger && sedargs+=(-e "s|/${P}/|/|g;s|/src/nginx_module||g;s|/src_module||g;s|(passenger)-release|\1|") sed -i -r "${sedargs[@]}" "${S}/objs/ngx_auto_config.h" unset http_enabled mail_enabled stream_enabled http_dyn_lock stream_dyn_lock mail_dyn_lock } src_compile() { # https://bugs.gentoo.org/286772 export LANG=C LC_ALL=C emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}" || die "emake failed" } passenger_install() { # dirty kludge to make passenger installation each-ruby compatible pushd "${HTTP_PASSENGER_MODULE_WD}" &>/dev/null rake fakeroot \ NATIVE_PACKAGING_METHOD=ebuild \ FS_PREFIX="${PREFIX}/usr" \ FS_DATADIR="${PREFIX}/usr/libexec" \ FS_DOCDIR="${PREFIX}/usr/share/doc/${P}" \ FS_LIBDIR="${PREFIX}/usr/$(get_libdir)" \ RUBYLIBDIR="$(ruby_rbconfig_value 'archdir')" \ RUBYARCHDIR="$(ruby_rbconfig_value 'archdir')" \ || die "Passenger installation for ${RUBY} failed!" popd &>/dev/null } src_install() { emake DESTDIR="${D}" install host-is-pax && pax-mark m "${ED}/usr/sbin/nginx" cp "${FILESDIR}/nginx.conf" "${ED}/etc/nginx/nginx.conf" || die newconfd "${FILESDIR}/nginx.confd" "nginx" newinitd "${FILESDIR}/nginx.initd" "nginx" systemd_newunit "${FILESDIR}/nginx.service-r1" "nginx.service" doman "man/nginx.8" dodoc CHANGES* README dodoc contrib/{geo2nginx,unicode2nginx/unicode-to-nginx}.pl keepdir /var/www/localhost rm -rf "${ED}"/usr/html || die # set up a list of directories to keep local keepdir_list="${NGINX_HOME_TMP}/client" local module for module in proxy fastcgi scgi uwsgi; do use "nginx_modules_http_${module}" && keepdir_list+=" ${NGINX_HOME_TMP}/${module}" done keepdir "/var/log/nginx" ${keepdir_list} # a little kludge to ease modules enabling (`load_module modules/moo.so`) test -d "${NGINX_HOME}"/modules || keepdir "${NGINX_HOME}"/modules dosym "../../${NGINX_HOME##/}/modules" "/etc/nginx/modules" # this solves a problem with SELinux where nginx doesn't see the directories # as root and tries to create them as nginx fperms 0750 "${NGINX_HOME_TMP}" fowners "${PN}:0" "${NGINX_HOME_TMP}" fperms 0700 ${keepdir_list} fowners "${PN}:${PN}" ${keepdir_list} fperms 0710 "/var/log/nginx" ${keepdir_list} fowners "0:${PN}" "/var/log/nginx" ${keepdir_list} insinto /etc/logrotate.d newins "${FILESDIR}/nginx.logrotate" "nginx" # Don't touch /run rm -rf "${ED}"/run || die # Needed for building external dynamic modules mkdir -p "${D}/usr/src/nginx" cp -a "${S}" "${D}/usr/src/nginx" # http_perl if use nginx_modules_http_perl; then pushd "${S}/objs/src/http/modules/perl" &>/dev/null emake DESTDIR="${D}" INSTALLDIRS=vendor install || die "failed to install perl stuff" perl_delete_localpod popd &>/dev/null fi # http_push_stream if use nginx_modules_http_push_stream; then docinto "${HTTP_PUSH_STREAM_MODULE_P}" dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{CHANGELOG.textile,README.textile} fi # # http_ctpp # if use nginx_modules_http_ctpp; then # docinto "${HTTP_CTPP_MODULE_P}" # dodoc "${HTTP_CTPP_MODULE_WD}"/{CHANGELOG-ru,README} # fi # http_cache_purge if use nginx_modules_http_cache_purge; then docinto "${HTTP_CACHE_PURGE_MODULE_P}" dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md} fi # http_nchan if use nginx_modules_http_nchan; then docinto "${HTTP_NCHAN_MODULE_P}" dodoc "${HTTP_NCHAN_MODULE_WD}"/README.md fi # http_upload_progress if use nginx_modules_http_upload_progress; then docinto "${HTTP_UPLOAD_PROGRESS_MODULE_P}" dodoc "${HTTP_UPLOAD_PROGRESS_MODULE_WD}"/README fi # http_fancyindex if use nginx_modules_http_fancyindex; then docinto "${HTTP_FANCYINDEX_MODULE_P}" dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/{README.rst,HACKING.md} fi # http_ey_balancer if use nginx_modules_http_ey_balancer; then docinto "${HTTP_EY_BALANCER_MODULE_P}" dodoc "${HTTP_EY_BALANCER_MODULE_WD}"/README fi # http_ndk if use nginx_modules_http_ndk; then docinto "${HTTP_NDK_MODULE_P}" dodoc "${HTTP_NDK_MODULE_WD}"/README.md fi # http_headers_more if use nginx_modules_http_headers_more; then docinto "${HTTP_HEADERS_MORE_MODULE_P}" dodoc "${HTTP_HEADERS_MORE_MODULE_WD}"/README.markdown fi # http_encrypted_session if use nginx_modules_http_encrypted_session; then docinto "${HTTP_ENCRYPTED_SESSION_MODULE_P}" dodoc "${HTTP_ENCRYPTED_SESSION_MODULE_WD}"/README.md fi # http_lua if use nginx_modules_http_lua; then docinto "${HTTP_LUA_MODULE_P}" dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown use systemtap && ( insinto /usr/share/systemtap doins -r "${HTTP_LUA_MODULE_WD}"/tapset ) fi # stream_lua if use nginx_modules_stream_lua; then docinto "${STREAM_LUA_MODULE_P}" dodoc "${STREAM_LUA_MODULE_WD}"/{valgrind.suppress,README.md} fi # http_lua_upstream if use nginx_modules_http_lua_upstream; then docinto "${HTTP_LUA_UPSTREAM_MODULE_P}" dodoc "${HTTP_LUA_UPSTREAM_MODULE_WD}"/README.md fi # http_replace_filter if use nginx_modules_http_replace_filter; then docinto "${HTTP_REPLACE_FILTER_MODULE_P}" dodoc "${HTTP_REPLACE_FILTER_MODULE_WD}"/README.markdown fi # http_form_input if use nginx_modules_http_form_input; then docinto "${HTTP_FORM_INPUT_MODULE_P}" dodoc "${HTTP_FORM_INPUT_MODULE_WD}"/README.md fi # http_echo if use nginx_modules_http_echo; then docinto "${HTTP_ECHO_MODULE_P}" dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown fi # http_srcache if use nginx_modules_http_srcache; then docinto "${HTTP_SRCACHE_MODULE_P}" dodoc "${HTTP_SRCACHE_MODULE_WD}"/README.markdown fi # http_memc if use nginx_modules_http_memc; then docinto "${HTTP_MEMC_MODULE_P}" dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown fi # http_redis if use nginx_modules_http_redis; then docinto "${HTTP_REDIS_MODULE_P}" dodoc "${HTTP_REDIS_MODULE_WD}"/README.markdown fi # http_drizzle if use nginx_modules_http_drizzle; then docinto "${HTTP_DRIZZLE_MODULE_P}" dodoc "${HTTP_DRIZZLE_MODULE_WD}"/README.markdown fi # http_rds_json if use nginx_modules_http_rds_json; then docinto "${HTTP_RDS_JSON_MODULE_P}" dodoc "${HTTP_RDS_JSON_MODULE_WD}"/README.md fi # http_rds_csv if use nginx_modules_http_rds_csv; then docinto "${HTTP_RDS_CSV_MODULE_P}" dodoc "${HTTP_RDS_CSV_MODULE_WD}"/README.md fi # http_postgres if use nginx_modules_http_postgres; then docinto "${HTTP_POSTGRES_MODULE_P}" dodoc "${HTTP_POSTGRES_MODULE_WD}"/README.md fi # http_coolkit if use nginx_modules_http_coolkit; then docinto "${HTTP_COOLKIT_MODULE_P}" dodoc "${HTTP_COOLKIT_MODULE_WD}"/README fi # http_set_misc if use nginx_modules_http_set_misc; then docinto "${HTTP_SET_MISC_MODULE_P}" dodoc "${HTTP_SET_MISC_MODULE_WD}"/README.markdown fi # http_xss if use nginx_modules_http_xss; then docinto "${HTTP_XSS_MODULE_P}" dodoc "${HTTP_XSS_MODULE_WD}"/README.md fi # http_array_var if use nginx_modules_http_array_var; then docinto "${HTTP_ARRAY_VAR_MODULE_P}" dodoc "${HTTP_ARRAY_VAR_MODULE_WD}"/README.md fi # http_iconv if use nginx_modules_http_iconv; then docinto "${HTTP_ICONV_MODULE_P}" dodoc "${HTTP_ICONV_MODULE_WD}"/README.markdown fi # http_slowfs_cache if use nginx_modules_http_slowfs_cache; then docinto "${HTTP_SLOWFS_CACHE_MODULE_P}" dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md} fi # http_passenger if use nginx_modules_http_passenger; then each_ruby_install() { passenger_install; } ruby-ng_src_install fi if use nginx_modules_http_upstream_check; then docinto "${HTTP_UPSTREAM_CHECK_MODULE_P}" dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES} fi if use nginx_modules_http_metrics; then docinto "${HTTP_METRICS_MODULE_P}" dodoc "${HTTP_METRICS_MODULE_WD}"/README.md fi echo TEST1 if use nginx_modules_http_naxsi; then insinto /etc/nginx/naxsi doins "${HTTP_NAXSI_MODULE_WD}"/../distros/nginx/* doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/naxsi_core.rules doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/blocking doins -r "${HTTP_NAXSI_MODULE_WD}"/../naxsi_rules/whitelists fi if use nginx_modules_core_rtmp; then docinto "${CORE_RTMP_MODULE_P}" dodoc "${CORE_RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl} fi if use nginx_modules_http_dav_ext; then docinto "${HTTP_DAV_EXT_MODULE_P}" dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst fi if use nginx_modules_http_hls_audio; then docinto "${HTTP_HLS_AUDIO_MODULE_P}" dodoc "${HTTP_HLS_AUDIO_MODULE_WD}"/{README.md,nginx.conf} fi if use nginx_modules_http_pagespeed; then local bin="ngx_pagespeed.so" use static && bin="NginX binary" docinto "${HTTP_PAGESPEED_MODULE_P}" dodoc "${HTTP_PAGESPEED_MODULE_WD}"/README.md ewarn "" ewarn "You'll see a QA warning about RWX segments in the ${bin} a bit below." ewarn "" ewarn "This is because PageSpeed module using precompiled 'PSOL' library." ewarn "(Actually, because Google compiled it in very bad way)" ewarn "" ewarn "And it is almost no way to fix that, except for build it (PSOL) as apache module first," ewarn "and take it from there." ewarn "" ewarn "So, be noticed, that this module adding potential security hole and may lead to random breakages" ewarn "" fi if use nginx_modules_http_auth_pam; then docinto "${HTTP_AUTH_PAM_MODULE_P}" dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog} fi if use nginx_modules_http_security; then docinto "${HTTP_SECURITY_MODULE_P}" dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.md,AUTHORS} use systemtap && ( insinto /usr/share/systemtap/tapset doins "${HTTP_SECURITY_MODULE_WD}"/ngx-modsec.stp ) fi if use nginx_modules_http_sticky; then docinto ${HTTP_STICKY_MODULE_P} dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf} fi if use nginx_modules_http_ajp; then docinto ${HTTP_AJP_MODULE_P} dodoc "${HTTP_AJP_MODULE_WD}"/README* fi if ( use nginx_modules_http_javascript || use nginx_modules_stream_javascript ); then docinto ${HTTP_JAVASCRIPT_MODULE_P} dodoc "${HTTP_JAVASCRIPT_MODULE_WD}"/../README fi if use nginx_modules_http_auth_ldap; then docinto ${HTTP_AUTH_LDAP_MODULE_P} dodoc "${HTTP_AUTH_LDAP_MODULE_WD}"/example.conf fi } pkg_postinst() { if use ssl; then if [ ! -f "${EROOT}"/etc/ssl/nginx/nginx.key ]; then install_cert /etc/ssl/nginx/nginx use prefix || chown "${PN}":"${PN}" "${EROOT}"/etc/ssl/nginx/nginx.{crt,csr,key,pem} fi fi if use nginx_modules_http_lua && ( use nginx_modules_http_v2 || use nginx_modules_http_v3 ); then ewarn "" ewarn "Lua 3rd party module author warns against using ${P} with" ewarn "NGINX_MODULES_HTTP=\"lua v2\". For more info, see https://git.io/OldLsg" ewarn "and https://github.com/openresty/lua-nginx-module/issues?q=is%3Aissue+is%3Aopen+http2" ewarn "Same for HTTP3 module" fi if use nginx_modules_http_passenger; then ewarn "" ewarn "Please, keep notice, that 'passenger_root' directive" ewarn "should point to exactly location of 'locations.ini'" ewarn "file from this package (it should be full path, including 'locations.ini' itself)" fi local _n_permission_layout_checks=0 local _has_to_adjust_permissions=0 local _has_to_show_permission_warning=0 # Defaults to 1 to inform people doing a fresh installation # that we ship modified {scgi,uwsgi,fastcgi}_params files local _has_to_show_httpoxy_mitigation_notice=1 local _replacing_version= for _replacing_version in ${REPLACING_VERSIONS}; do _n_permission_layout_checks=$((${_n_permission_layout_checks}+1)) if [[ ${_n_permission_layout_checks} -gt 1 ]]; then # Should never happen: # Package is abusing slots but doesn't allow multiple parallel installations. # If we run into this situation it is unsafe to automatically adjust any # permission... _has_to_show_permission_warning=1 ewarn "Replacing multiple nginx versions is unsupported! " \ "You will have to adjust permissions on your own." break fi local _replacing_version_branch=$(ver_cut 1-2 "${_replacing_version}") debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..." # Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)? # This was before we introduced multiple nginx versions so we # do not need to distinguish between stable and mainline local _need_to_fix_CVE2013_0337=1 if ver_test "${_replacing_version}" "-ge" "1.4.1-r2"; then # We are updating an installation which should already be fixed _need_to_fix_CVE2013_0337=0 debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!" else _has_to_adjust_permissions=1 debug-print "Need to adjust permissions to fix CVE-2013-0337!" fi # Do we need to inform about HTTPoxy mitigation? # In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f if ! ver_test "${_replacing_version}" "-ge" "1.10"; then # Updating from <1.10 _has_to_show_httpoxy_mitigation_notice=1 debug-print "Need to inform about HTTPoxy mitigation!" else # Updating from >=1.10 local _fixed_in_pvr= case "${_replacing_version_branch}" in "1.10") _fixed_in_pvr="1.10.1-r2" ;; "1.11") _fixed_in_pvr="1.11.3-r1" ;; *) # This should be any future branch. # If we run this code it is safe to assume that the user has # already seen the HTTPoxy mitigation notice because he/she is doing # an update from previous version where we have already shown # the warning. Otherwise, we wouldn't hit this code path ... _fixed_in_pvr= esac if [[ -z "${_fixed_in_pvr}" ]] || ver_test "${_replacing_version}" "${_fixed_in_pvr}" "-ge"; then # We are updating an installation where we already informed # that we are mitigating HTTPoxy per default _has_to_show_httpoxy_mitigation_notice=0 debug-print "No need to inform about HTTPoxy mitigation." debug-print "Information was already shown for existing installation!" else _has_to_show_httpoxy_mitigation_notice=1 debug-print "Need to inform about HTTPoxy mitigation!" fi fi # Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)? # All branches up to 1.11 are affected local _need_to_fix_CVE2016_1247=1 if ! ver_test "${_replacing_version_branch}" "-ge" "1.10"; then # Updating from <1.10 _has_to_adjust_permissions=1 debug-print "Need to adjust permissions to fix CVE-2016-1247!" else # Updating from >=1.10 local _fixed_in_pvr= case "${_replacing_version_branch}" in "1.10") _fixed_in_pvr="1.10.2-r3" ;; "1.11") _fixed_in_pvr="1.11.6-r1" ;; *) # This should be any future branch. # If we run this code it is safe to assume that we have already # adjusted permissions or were never affected because user is # doing an update from previous version which was safe or did # the adjustments. Otherwise, we wouldn't hit this code path ... _fixed_in_pvr= esac if [[ -z "${_fixed_in_pvr}" ]] || ver_test "${_replacing_version}" "-ge" "${_fixed_in_pvr}"; then # We are updating an installation which should already be adjusted # or which was never affected _need_to_fix_CVE2016_1247=0 debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!" else _has_to_adjust_permissions=1 debug-print "Need to adjust permissions to fix CVE-2016-1247!" fi fi done if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then # We do not DIE when chmod/chown commands are failing because # package is already merged on user's system at this stage # and we cannot retry without losing the information that # the existing installation needs to adjust permissions. # Instead we are going to a show a big warning ... if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then ewarn "" ewarn "The world-readable bit (if set) has been removed from the" ewarn "following directories to mitigate a security bug" ewarn "(CVE-2013-0337, bug #458726):" ewarn "" ewarn " ${EPREFIX}/var/log/nginx" ewarn " ${EPREFIX}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}" ewarn "" ewarn "Check if this is correct for your setup before restarting nginx!" ewarn "This is a one-time change and will not happen on subsequent updates." ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX}${NGINX_HOME_TMP}'" chmod o-rwx \ "${EPREFIX}"/var/log/nginx \ "${EPREFIX}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \ _has_to_show_permission_warning=1 fi if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then ewarn "" ewarn "The permissions on the following directory have been reset in" ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):" ewarn "" ewarn " ${EPREFIX}/var/log/nginx" ewarn "" ewarn "Check if this is correct for your setup before restarting nginx!" ewarn "Also ensure that no other log directory used by any of your" ewarn "vhost(s) is not writeable for nginx user. Any of your log files" ewarn "used by nginx can be abused to escalate privileges!" ewarn "This is a one-time change and will not happen on subsequent updates." chown 0:"${PN}" "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1 chmod 710 "${EPREFIX}"/var/log/nginx || _has_to_show_permission_warning=1 fi if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then # Should never happen ... ewarn "" ewarn "*************************************************************" ewarn "*************** W A R N I N G ***************" ewarn "*************************************************************" ewarn "The one-time only attempt to adjust permissions of the" ewarn "existing nginx installation failed. Be aware that we will not" ewarn "try to adjust the same permissions again because now you are" ewarn "using a nginx version where we expect that the permissions" ewarn "are already adjusted or that you know what you are doing and" ewarn "want to keep custom permissions." ewarn "" fi fi # Sanity check for CVE-2016-1247 # Required to warn users who received the warning above and thought # they could fix it by unmerging and re-merging the package or have # unmerged a affected installation on purpose in the past leaving # /var/log/nginx on their system due to keepdir/non-empty folder # and are now installing the package again. local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX) su -s /bin/sh -c "touch ${_sanity_check_testfile}" "${PN}" >&/dev/null if [ $? -eq 0 ] ; then # Cleanup -- no reason to die here! rm -f "${_sanity_check_testfile}" ewarn "" ewarn "*************************************************************" ewarn "*************** W A R N I N G ***************" ewarn "*************************************************************" ewarn "Looks like your installation is vulnerable to CVE-2016-1247" ewarn "(bug #605008) because nginx user is able to create files in" ewarn "" ewarn " ${EPREFIX}/var/log/nginx" ewarn "" ewarn "Also ensure that no other log directory used by any of your" ewarn "vhost(s) is not writeable for nginx user. Any of your log files" ewarn "used by nginx can be abused to escalate privileges!" fi if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then # HTTPoxy mitigation ewarn "" ewarn "This nginx installation comes with a mitigation for the HTTPoxy" ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting" ewarn "the HTTP_PROXY parameter to an empty string per default when you" ewarn "are sourcing one of the default" ewarn "" ewarn " - 'fastcgi_params' or 'fastcgi.conf'" ewarn " - 'scgi_params'" ewarn " - 'uwsgi_params'" ewarn "" ewarn "files in your server block(s)." ewarn "" ewarn "If this is causing any problems for you make sure that you are sourcing the" ewarn "default parameters _before_ you set your own values." ewarn "If you are relying on user-supplied proxy values you have to remove the" ewarn "correlating lines from the file(s) mentioned above." ewarn "" fi }