aboutsummaryrefslogtreecommitdiffstats
path: root/testing/nginx-naxsi/APKBUILD
blob: 91c8938d032b293e0a5579130e76ae58c2cedf41 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
# Contributor: Cameron Banta <cbanta@gmail.com>
# Contributor: Jeff Bilyk <jbilyk@gmail.com>
# Contributor: Bartłomiej Piotrowski <nospam@bpiotrowski.pl>

pkgname=nginx-naxsi
_pkgname=nginx
pkgver=1.13.8
pkgrel=2
pkgdesc="Lightweight HTTP and reverse proxy server with Naxsi WAF support, see also 'nxapi'"
url="https://www.nginx.org/ | https://github.com/nbs-system/naxsi"
arch="all"
license="custom"

# Modules
_ngx_naxsi_name=naxsi
_ngx_naxsi_ver=0.55.3
_ngx_naxsi_dir="$srcdir/$_ngx_naxsi_name-$_ngx_naxsi_ver/naxsi_src"

_ngx_cache_purge_name=ngx_cache_purge
_ngx_cache_purge_ver=2.3.0.1
_ngx_cache_purge_dir="$srcdir/$_ngx_cache_purge_name-$_ngx_cache_purge_ver"

_ngx_upstream_fair_name=nginx-upstream-fair
_ngx_upstream_fair_ver=0.1.2
_ngx_upstream_fair_dir="$srcdir/$_ngx_upstream_fair_name-$_ngx_upstream_fair_ver"

_ngx_http_sysguard_name=tengine-http-sysguard
_ngx_http_sysguard_ver=2.2.0
_ngx_http_sysguard_dir="$srcdir/$_ngx_http_sysguard_name-$_ngx_http_sysguard_ver"

depends="!nginx"
makedepends="linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev libressl-dev
	pcre-dev perl-dev pkgconf zlib-dev"
pkgusers="nginx"
_grp_ngx="nginx"
_grp_www="www-data"
pkggroups="$_grp_ngx $_grp_www"
install="$pkgname.pre-install $pkgname.pre-upgrade"
options="!check"
subpackages="$pkgname-doc"
source="https://nginx.org/download/$_pkgname-$pkgver.tar.gz
	naxsi-$_ngx_naxsi_ver.tar.gz::https://github.com/nbs-system/$_ngx_naxsi_name/archive/$_ngx_naxsi_ver.tar.gz
	ngx_cache_purge-$_ngx_cache_purge_ver.tar.gz::https://github.com/itoffshore/$_ngx_cache_purge_name/archive/v$_ngx_cache_purge_ver.tar.gz
	upstream-fair-$_ngx_upstream_fair_ver.tar.gz::https://github.com/itoffshore/$_ngx_upstream_fair_name/archive/v$_ngx_upstream_fair_ver.tar.gz
	sysguard-$_ngx_http_sysguard_ver.tar.gz::https://github.com/itoffshore/$_ngx_http_sysguard_name/archive/v$_ngx_http_sysguard_ver.tar.gz

	anonymise.patch
	ipv6.patch
	sysguard.patch

	nginx.initd
	nginx.logrotate
	nginx.conf
	default.conf
	sysguard.conf
	"
builddir="$srcdir"/$_pkgname-$pkgver

_modules_dir="usr/lib/nginx/modules"
_modules="
	http-geoip
	http-image-filter
	http-perl
	http-xslt-filter
	mail
	stream
	http-naxsi
	http-cache-purge
	http-upstream-fair
	http-sysguard
	"

for _m in $_modules; do
	subpackages="$subpackages $pkgname-mod-$_m:_module"
done


build() {
	cd "$builddir"
	./configure \
		--prefix=/var/lib/$_pkgname \
		--sbin-path=/usr/sbin/$_pkgname \
		--modules-path=/$_modules_dir \
		--conf-path=/etc/$_pkgname/$_pkgname.conf \
		--pid-path=/run/$_pkgname/$_pkgname.pid \
		--lock-path=/run/$_pkgname/$_pkgname.lock \
		--error-log-path=/var/log/$_pkgname/error.log \
		--http-log-path=/var/log/$_pkgname/access.log \
		--http-client-body-temp-path=/var/lib/$_pkgname/tmp/client_body \
		--http-proxy-temp-path=/var/lib/$_pkgname/tmp/proxy \
		--http-fastcgi-temp-path=/var/lib/$_pkgname/tmp/fastcgi \
		--with-perl_modules_path=/usr/lib/perl5/vendor_perl \
		\
		--user=$pkgusers \
		--group=$_grp_ngx \
		--with-threads \
		--with-file-aio \
		--without-http_uwsgi_module \
		--without-http_scgi_module \
		\
		--with-http_ssl_module \
		--with-http_v2_module \
		--with-http_realip_module \
		--with-http_addition_module \
		--with-http_sub_module \
		--with-http_dav_module \
		--with-http_flv_module \
		--with-http_mp4_module \
		--with-http_gunzip_module \
		--with-http_gzip_static_module \
		--with-http_auth_request_module \
		--with-http_random_index_module \
		--with-http_secure_link_module \
		--with-http_slice_module \
		--with-http_stub_status_module \
		--with-http_xslt_module=dynamic \
		--with-http_image_filter_module=dynamic \
		--with-http_geoip_module=dynamic \
		--with-http_perl_module=dynamic \
		--with-mail=dynamic \
		--with-mail_ssl_module \
		--with-stream=dynamic \
		--with-stream_ssl_module \
		\
		--add-dynamic-module="$_ngx_naxsi_dir" \
		--add-dynamic-module="$_ngx_cache_purge_dir" \
		--add-dynamic-module="$_ngx_upstream_fair_dir" \
		--add-dynamic-module="$_ngx_http_sysguard_dir" \
		|| return 1
	make || return 1
}

package() {
	cd "$builddir"

	make DESTDIR="$pkgdir" install

	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
	install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README

	cd "$pkgdir"

	install -Dm644 "$srcdir"/nginx.conf ./etc/$_pkgname/nginx.conf
	install -Dm644 "$srcdir"/default.conf ./etc/$_pkgname/conf.d/default.conf
	install -m755 -D "$srcdir"/$_pkgname.initd ./etc/init.d/$_pkgname
	install -m644 -D "$srcdir"/$_pkgname.logrotate ./etc/logrotate.d/$_pkgname
	install -m644 -D "$srcdir"/naxsi-$_ngx_naxsi_ver/naxsi_config/naxsi_core.rules ./etc/nginx/naxsi_core.rules

	install -dm755 ./etc/$_pkgname/modules
	install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname
	install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname/tmp

	ln -sf /$_modules_dir ./var/lib/$_pkgname/modules
	ln -sf /var/log/$_pkgname ./var/lib/$_pkgname/logs
	ln -sf /run/$_pkgname ./var/lib/$_pkgname/run

	rm -rf ./run ./etc/$_pkgname/*.default
	# scgi & uwsgi servers are disabled
	rm ./etc/$_pkgname/scgi_params ./etc/$_pkgname/uwsgi_params

	# add module configuration
	_mod_conf sysguard.conf nginx-naxsi-mod-http-sysguard
}

_module() {
	local name="${subpkgname#$pkgname-mod-}"
	name="${name//-/_}"
	soname="ngx_${name}_module.so"

	pkgdesc="$pkgdesc (module $name)"
	depends="!nginx-mod-$name"
	provides="$name"

	mkdir -p "$subpkgdir"/$_modules_dir
	cd "$subpkgdir"

	mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname || return 1
	mkdir -p "$subpkgdir"/etc/nginx/modules
	echo "load_module \"modules/$soname\";" > ./etc/nginx/modules/$name.conf
}

_mod_conf() {
	local conf=$1 module=$2
	install -Dm644 "$srcdir"/$conf ${pkgdir%/*}/$module/etc/nginx/conf.d/$conf
}
sha512sums="f2a4d41941ec223afcb57a6deb6523e0d4f54f96c7362835d366fa04a4b4578f6c4f27aa7774c1ecd40a42087df83e5c03d024e72caba83c558ec7e580c756a1  nginx-1.13.8.tar.gz
9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0  naxsi-0.55.3.tar.gz
c49c81dbdb8bd507fccf31295e603cea8f0a964867c27eff0436dcea3b4a547c8ae2f11ecf49c4d82c693cf8138c17ebbed395738539d0d61254951e5f0db7e3  ngx_cache_purge-2.3.0.1.tar.gz
4da7734301d21cd696fcc3aed1a496a93be15af373307487622c0a5920e79d9b580fd5836de7f9c0b60c01485021ba85afae1abb471e703c2d6e23c60ffe7d0a  upstream-fair-0.1.2.tar.gz
2743d9aea60bd4984b650213e571cf27e6ff5b3db708242ccb53b8fc669d1cc82ee224ba79aee2f6969b6e13821cfdd3df7b412541e1fdbb867ecc95326e07e1  sysguard-2.2.0.tar.gz
1117ca5887822e002d9995c041435fda53890614fd7309ea011a59bfb0df3261fc7ba8670e93aaee9116cda16b9806921a85f52c9959b093f2e5ac5df4d9b0fb  anonymise.patch
cae9f842c3d1188730d4355440476ad2338b19c027c4b329efe88d4487e90d96bf60dea6feb4be6a6f96d4b356fc154345e32c2bb643d70f68e428df26330a49  ipv6.patch
2dca2ac74fb92e330fde7b6b6120b2fd2565c377a629c9536cf77beebe41aa4b092d4229d5b487b0fb02be4f2cc5b897c429c87bbbbc7b0d31e1cbb94231ddce  sysguard.patch
72888c43cec3203cafe1c5e018be464129a220913c21e0abe5ca57ad0649b7120d419ede9b37181def3daad7f08b1c1afdacb33a20aa148ce1d1b9ce3b5b2a33  nginx.initd
01b77cff16f6e8bfd7fa1d4d20f625bbcddd08f0509173452d060c342c93dc315a7b0560f4734323a5d29ea294de0491f2e3f32e5337574e1a28ebc005eceea8  nginx.logrotate
a1a1d9dbd65955b458d17918138fc65bf8990c46909ef43940b1633458c8f119eb485939179b6a9a3dac0c3b58c1eb0c5aec44e7b25ea7a34969c4a0807d4788  nginx.conf
ed1257ca2c0f687e24ebfd5446c472a592a9f7abea022bd04b3dd519631cc235f448027aabf699a89cb7aa4d5761031d44dffcd33d02fd17db0c93da0d5e8689  default.conf
8067c78b00e9fd89141b7a70fdc39ab1095a89c97abc8c9a37df26bef40785715dabdae19bce596ec3c3baff00f9022e2f24c7f5d884590857773e87aae75734  sysguard.conf"