2 # - /etc/sysconfig/nginx file
3 # - missing perl build/install requires
4 # - add njs: https://nginx.org/en/docs/njs/
6 # Conditional build for nginx:
8 %bcond_with debug # enable debug logging: http://nginx.org/en/docs/debugging_log.html
9 %bcond_without threads # thread pool support
11 %bcond_without addition # http addition module
12 %bcond_without auth_request # auth_request module
13 %bcond_without dav # WebDAV
14 %bcond_without flv # http FLV module
15 %bcond_without gd # without http image filter module
16 %bcond_without geoip # without http geoip module and stream geoip module
17 %bcond_without http2 # HTTP/2 module
18 %bcond_without mail # don't build imap/mail proxy
19 %bcond_without perl # don't build with perl module
20 %bcond_without poll # poll module
21 %bcond_without realip # real ip (behind proxy)
22 %bcond_without select # select module
23 %bcond_without ssl # ssl support and http ssl module
24 %bcond_without stream # TCP/UDP proxy module
25 %bcond_without stub_status # http stub status module
26 %bcond_without sub # ngx_http_sub_module
27 %bcond_without xslt # without http xslt module
28 %bcond_with http_browser # http browser module (header "User-agent" parser)
29 %bcond_with modsecurity # modsecurity module
30 %bcond_with rtmp # rtmp support
31 %bcond_without vts # virtual host traffic status module
32 %bcond_without headers_more # headers more module
38 %define ssl_version 1.0.2
39 %define rtmp_version 1.2.2
40 %define vts_version 0.1.18
41 %define headers_more_version 0.33
42 %define modsecurity_version 3.0.5
43 %define http_cache_purge_version 2.5.1
45 Summary: High perfomance HTTP and reverse proxy server
46 Summary(pl.UTF-8): Serwer HTTP i odwrotne proxy o wysokiej wydajności
48 # - stable: production quality with stable API
49 # - mainline: production quality but API can change
50 # http://nginx.org/en/download.html
55 Group: Networking/Daemons/HTTP
56 Source0: https://nginx.org/download/%{name}-%{version}.tar.gz
57 # Source0-md5: 21cf8dbb90efc89012fe8b49e3e025d3
58 Source1: https://nginx.org/favicon.ico
59 # Source1-md5: 72e228c3809db53da8a884b6676ed36a
61 Source3: %{name}.logrotate
63 Source6: %{name}.monitrc
65 Source14: %{name}.conf
66 Source17: %{name}-mime.types.sh
67 Source18: %{name}.service
68 Source33: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{modsecurity_version}/modsecurity-v%{modsecurity_version}.tar.gz
69 # Source33-md5: 8143ac32fbeec6bc9685f11faab6ea79
70 Source101: https://github.com/arut/nginx-rtmp-module/archive/v%{rtmp_version}/%{name}-rtmp-module-%{rtmp_version}.tar.gz
71 # Source101-md5: 9bb7a06aede38d9e36ad13dc1354d8f9
72 Source102: https://github.com/vozlt/nginx-module-vts/archive/v%{vts_version}.tar.gz
73 # Source102-md5: 409a10dbd85e0b807cc77eecec29a3b5
74 Source103: https://github.com/openresty/headers-more-nginx-module/archive/v%{headers_more_version}.tar.gz
75 # Source103-md5: 95e15a2331c2d4db3691a56268df5f47
76 # https://github.com/nginx-modules/ngx_cache_purge
77 Source104: https://github.com/nginx-modules/ngx_cache_purge/archive/refs/tags/%{http_cache_purge_version}.tar.gz
78 # Source104-md5: d42d996efcd6539d2e955c77d24b1e0f
79 Patch0: %{name}-no-Werror.patch
80 Patch1: %{name}-modsecurity-xheaders.patch
81 URL: https://nginx.org/
82 BuildRequires: mailcap
83 BuildRequires: pcre-devel
84 BuildRequires: rpmbuild(macros) >= 1.644
85 BuildRequires: zlib-devel
87 BuildRequires: GeoIP-devel
90 BuildRequires: gd-devel
92 %if %{with modsecurity}
93 BuildRequires: lua-devel
96 BuildRequires: perl-CGI
97 BuildRequires: perl-devel
99 BuildRequires: rpm-perlprov
102 BuildRequires: openssl-devel >= %{ssl_version}
103 Requires: openssl >= %{ssl_version}
106 BuildRequires: libxslt-devel
108 Provides: group(http)
109 Provides: group(nginx)
110 Provides: user(nginx)
112 Provides: webserver(access)
113 Provides: webserver(alias)
114 Provides: webserver(auth)
115 Provides: webserver(expires)
116 Provides: webserver(headers)
117 Provides: webserver(indexfile)
118 Provides: webserver(log)
119 Provides: webserver(mime)
120 Provides: webserver(reqtimeout)
121 Provides: webserver(rewrite)
122 Provides: webserver(setenv)
123 Conflicts: logrotate < 3.8.0
124 Requires(post,preun): /sbin/chkconfig
125 Requires(post,preun,postun): systemd-units >= 38
126 Requires(postun): /usr/sbin/groupdel
127 Requires(postun): /usr/sbin/userdel
128 Requires(pre): /bin/id
129 Requires(pre): /usr/bin/getgid
130 Requires(pre): /usr/sbin/groupadd
131 Requires(pre): /usr/sbin/useradd
132 Requires: rc-scripts >= 0.2.0
133 Requires: systemd-units >= 38
134 Suggests: vim-syntax-nginx
135 Obsoletes: nginx-common < 1.13.3
136 Obsoletes: nginx-light < 1.13.3
137 Obsoletes: nginx-standard < 1.13.3
138 Conflicts: rpm < 4.4.2-0.2
139 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
141 %define _sysconfdir /etc/%{name}
142 %define _nginxdir /home/services/%{name}
144 # minimizing restarts logics. we restart webserver:
146 # 1. at the end of transaction. (posttrans, feature from rpm 4.4.2)
147 # 2. first install of module (post: $1 = 1)
148 # 2. uninstall of module (postun: $1 == 0)
150 # the strict internal deps between modules and
151 # main package are very important for all this to work.
153 # restart webserver at the end of transaction
155 %define restart_webserver \
156 %systemd_post %{name}.service \
157 %service %{name} force-reload \
160 # macro called at module post scriptlet
161 %define module_post \
162 if [ "$1" = "1" ]; then \
166 # macro called at module postun scriptlet
167 %define module_postun \
168 if [ "$1" = "0" ]; then \
172 # it's sooo annoying to write them
173 %define module_scripts() \
181 nginx ("engine x") is a high-performance HTTP server and reverse
182 proxy, as well as an IMAP/POP3 proxy server. nginx was written by Igor
183 Sysoev for Rambler.ru, Russia's second-most visited website, where it
184 has been running in production for over two and a half years. Igor has
185 released the source code under a BSD-like license. Although still in
186 beta, nginx is known for its stability, rich feature set, simple
187 configuration, and low resource consumption.
189 %description -l pl.UTF-8
190 nginx ("engine x") jest wysokowydajnym serwerem HTTP, odwrotnym proxy
191 a także IMAP/POP3 proxy. nginx został napisany przez Igora Sysoeva na
192 potrzeby serwisu Rambler.ru. Jest to drugi pod względem ilości
193 odwiedzin serwis w Rosji i działa od ponad dwóch i pół roku. Igor
194 opublikował źródła na licencji BSD. Mimo, że projekt jest ciągle w
195 fazie beta, już zasłynął dzięki stabilności, bogactwu dodatków,
196 prostej konfiguracji oraz małej "zasobożerności".
198 %package mod_headers_more
199 Summary: Nginx HTTP headers more module
201 Requires: %{name} = %{version}-%{release}
203 %description mod_headers_more
204 Set and clear input and output headers...more than "add".
206 %package mod_http_geoip
207 Summary: Nginx HTTP geoip module
209 Requires: %{name} = %{version}-%{release}
212 %description mod_http_geoip
213 Nginx HTTP geoip module.
215 %package mod_stream_geoip
216 Summary: Nginx stream geoip module
218 Requires: %{name} = %{version}-%{release}
219 Requires: %{name}-mod_stream = %{version}-%{release}
222 %description mod_stream_geoip
223 Nginx stream geoip module.
225 %package mod_http_image_filter
226 Summary: Nginx HTTP image filter module
228 Requires: %{name} = %{version}-%{release}
230 %description mod_http_image_filter
231 Nginx HTTP image filter module.
233 %package mod_http_perl
234 Summary: Nginx HTTP Perl module
235 Group: Networking/Daemons/HTTP
236 Requires: %{name} = %{version}-%{release}
238 %description mod_http_perl
239 Nginx HTTP Perl module.
241 %package mod_http_xslt_filter
242 Summary: Nginx XSLT module
244 Requires: %{name} = %{version}-%{release}
246 %description mod_http_xslt_filter
250 Summary: Nginx mail module
251 Group: Networking/Daemons/HTTP
252 Requires: %{name} = %{version}-%{release}
254 %description mod_mail
258 Summary: Nginx virtual host traffic status module
259 Group: Networking/Daemons/HTTP
260 Requires: %{name} = %{version}-%{release}
263 Nginx virtual host traffic status module.
266 Summary: Nginx stream modules
268 Requires: %{name} = %{version}-%{release}
270 %description mod_stream
271 Nginx stream modules.
273 %package mod_http_cache_purge
274 Summary: Nginx cache purge module
276 Requires: %{name} = %{version}-%{release}
278 %description mod_http_cache_purge
279 `ngx_cache_purge` is `nginx` module which adds ability to purge
280 content from `FastCGI`, `proxy`, `SCGI` and `uWSGI` caches.
283 %package -n monit-rc-nginx
284 Summary: nginx support for monit
285 Summary(pl.UTF-8): Wsparcie nginx dla monit
286 Group: Applications/System
287 Requires: %{name} = %{version}-%{release}
290 %description -n monit-rc-nginx
291 monitrc file for monitoring nginx webserver.
293 %description -n monit-rc-nginx -l pl.UTF-8
294 Plik monitrc do monitorowania serwera WWW nginx.
297 %setup -q %{?with_rtmp:-a101} %{?with_modsecurity:-a22} %{?with_vts:-a102} %{?with_headers_more:-a103} -a104
299 %{?with_modsecurity:%patch1 -p0}
302 mv nginx-rtmp-module-%{rtmp_version} nginx-rtmp-module
306 mv nginx-module-vts-%{vts_version} nginx-vts-module
309 %if %{with headers_more}
310 mv headers-more-nginx-module-%{headers_more_version} nginx-headers-more-module
313 mv ngx_cache_purge-* ngx_cache_purge
315 # build mime.types.conf
316 #sh %{SOURCE17} /etc/mime.types
319 # NB: not autoconf generated configure
320 cp -f configure auto/
323 --prefix=%{_prefix} \
324 --modules-path=%{_libdir}/%{name}/modules \
325 --sbin-path=%{_sbindir}/%{name} \
326 --conf-path=%{_sysconfdir}/%{name}.conf \
327 --error-log-path=%{_localstatedir}/log/%{name}/error.log \
328 --http-log-path=%{_localstatedir}/log/%{name}/access.log \
329 --pid-path=%{_localstatedir}/run/%{name}.pid \
330 --lock-path=%{_localstatedir}/lock/subsys/%{name} \
331 --http-client-body-temp-path=%{_localstatedir}/cache/%{name}/client_body_temp \
332 --http-fastcgi-temp-path=%{_localstatedir}/cache/%{name}/fastcgi_temp \
333 --http-proxy-temp-path=%{_localstatedir}/cache/%{name}/proxy_temp \
334 --http-uwsgi-temp-path=%{_localstatedir}/cache/%{name}/uwsgi_temp \
335 --http-scgi-temp-path=%{_localstatedir}/cache/%{name}/scgi_temp \
338 %{?with_select:--with-select_module} \
339 %{?with_poll:--with-poll_module} \
340 %{?with_rtsig:--with-rtsig_module} \
341 %{?with_perl:--with-http_perl_module=dynamic} \
342 %{?with_gd:--with-http_image_filter_module=dynamic} \
343 %{?with_xslt:--with-http_xslt_module=dynamic} \
344 %{?with_geoip:--with-http_geoip_module=dynamic} \
345 %{?with_geoip:--with-stream_geoip_module=dynamic} \
347 --with-mail=dynamic \
348 --with-mail_ssl_module \
351 --with-stream=dynamic \
352 --with-stream_ssl_module \
354 --with-cc="%{__cc}" \
355 --with-cc-opt="%{rpmcflags}" \
356 --with-ld-opt="%{rpmldflags}" \
357 %{?with_debug:--with-debug} \
358 %{?with_addition:--with-http_addition_module} \
359 %{?with_dav:--with-http_dav_module} \
360 %{?with_flv:--with-http_flv_module} \
361 %{?with_sub:--with-http_sub_module} \
362 %{?with_realip:--with-http_realip_module} \
363 %{?with_stub_status:--with-http_stub_status_module} \
364 %{?with_ssl:--with-http_ssl_module} \
365 %{!?with_http_browser:--without-http_browser_module} \
366 --add-dynamic-module=./ngx_cache_purge \
367 %{?with_headers_more:--add-dynamic-module=./nginx-headers-more-module} \
368 %{?with_rtmp:--add-module=./nginx-rtmp-module} \
369 %{?with_vts:--add-dynamic-module=./nginx-vts-module} \
370 %{?with_auth_request:--with-http_auth_request_module} \
371 %{?with_threads:--with-threads} \
372 %{?with_http2:--with-http_v2_module} \
373 %{?with_modsecurity:--add-module=modsecurity-%{modsecurity_version}/nginx/modsecurity} \
374 --with-http_secure_link_module \
379 %if %{with modsecurity}
380 cd modsecurity-%{modsecurity_version}
383 --enable-standalone-module \
392 rm -rf $RPM_BUILD_ROOT
393 install -d $RPM_BUILD_ROOT/etc/rc.d/init.d \
394 $RPM_BUILD_ROOT%{_nginxdir}/{cgi-bin,html,errors} \
395 $RPM_BUILD_ROOT%{_localstatedir}/log/{%{name},archive/%{name}} \
396 $RPM_BUILD_ROOT%{_localstatedir}/cache/%{name} \
397 $RPM_BUILD_ROOT%{_localstatedir}/lock/subsys/%{name} \
398 $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/{conf,modules,vhosts,webapps}.d} \
399 $RPM_BUILD_ROOT%{_sysconfdir}/snippets \
400 $RPM_BUILD_ROOT/etc/{logrotate.d,monit} \
401 $RPM_BUILD_ROOT{%{systemdunitdir},/etc/systemd/system}
405 DESTDIR=$RPM_BUILD_ROOT
407 %{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/*.default
409 cp -p %{_sourcedir}/%{name}.conf $RPM_BUILD_ROOT%{_sysconfdir}
410 cp -p %{_sourcedir}/%{name}.service $RPM_BUILD_ROOT%{systemdunitdir}
411 cp -p %{_sourcedir}/%{name}.monitrc $RPM_BUILD_ROOT/etc/monit
412 install -p %{SOURCE7} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
414 cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/logrotate.d/%{name}
415 cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/proxy.conf
416 cp -p %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/mime.types
417 rm -r $RPM_BUILD_ROOT%{_prefix}/html
418 cp -p html/index.html $RPM_BUILD_ROOT%{_nginxdir}/html
419 cp -p html/50x.html $RPM_BUILD_ROOT%{_nginxdir}/errors
420 cp -p %{SOURCE1} $RPM_BUILD_ROOT%{_nginxdir}/html/favicon.ico
423 local module=ngx_${1}_module.so conffile=mod_$1.conf
424 printf 'load_module "%{_libdir}/%{name}/modules/%s";' "$module" \
425 > $RPM_BUILD_ROOT%{_sysconfdir}/modules.d/$conffile
429 %{__rm} $RPM_BUILD_ROOT%{perl_archlib}/perllocal.pod
430 %{__rm} $RPM_BUILD_ROOT%{perl_vendorarch}/auto/nginx/.packlist
431 load_module http_perl
435 load_module http_geoip
436 load_module stream_geoip
439 load_module http_image_filter
442 load_module http_xslt_filter
447 %{?with_vts:load_module http_vhost_traffic_status}
448 %{?with_headers_more:load_module http_headers_more_filter}
452 load_module http_cache_purge
455 rm -rf $RPM_BUILD_ROOT
458 %groupadd -r -g 213 %{name}
460 %useradd -r -u 213 -d /usr/share/empty -s /bin/false -c "Nginx HTTP User" -g %{name} %{name}
461 %addusertogroup %{name} http
464 for a in access.log error.log; do
465 if [ ! -f /var/log/%{name}/$a ]; then
467 touch /var/log/%{name}/$a
468 chown nginx:nginx /var/log/%{name}/$a
469 chmod 644 /var/log/%{name}/$a
472 /sbin/chkconfig --add %{name}
478 if [ "$1" = "0" ];then
479 %service %{name} stop
480 /sbin/chkconfig --del %{name}
482 %systemd_preun %{name}.service
485 if [ "$1" = "0" ]; then
491 %module_scripts mod_http_geoip
492 %module_scripts mod_http_image_filter
493 %module_scripts mod_http_perl
494 %module_scripts mod_http_xslt_filter
495 %module_scripts mod_mail
496 %module_scripts mod_vts
497 %module_scripts mod_headers_more
498 %module_scripts mod_stream
499 %module_scripts mod_stream_geoip
500 %module_scripts mod_http_cache_purge
503 %defattr(644,root,root,755)
504 %doc CHANGES LICENSE README html/index.html conf/nginx.conf
505 %doc %lang(ru) CHANGES.ru
506 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/%{name}
507 %attr(754,root,root) /etc/rc.d/init.d/%{name}
508 %dir %attr(750,root,nginx) %{_sysconfdir}
509 %dir %{_sysconfdir}/conf.d
510 %dir %{_sysconfdir}/modules.d
511 %dir %{_sysconfdir}/snippets
512 %dir %{_sysconfdir}/vhosts.d
513 %dir %{_sysconfdir}/webapps.d
514 %attr(640,root,root) %{_sysconfdir}/mime.types
515 %attr(640,root,root) %{_sysconfdir}/koi-utf
516 %attr(640,root,root) %{_sysconfdir}/koi-win
517 %attr(640,root,root) %{_sysconfdir}/win-utf
518 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fastcgi.conf
519 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nginx.conf
520 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/proxy.conf
521 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fastcgi_params
522 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/scgi_params
523 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/uwsgi_params
524 %attr(755,root,root) %{_sbindir}/%{name}
525 %dir %{_libdir}/%{name}
526 %dir %{_libdir}/%{name}/modules
527 %{systemdunitdir}/%{name}.service
529 %attr(750,nginx,logs) %dir /var/log/archive/%{name}
530 %attr(750,nginx,logs) /var/log/%{name}
531 %attr(770,root,nginx) /var/cache/%{name}
534 %dir %{_nginxdir}/cgi-bin
535 %dir %{_nginxdir}/html
536 %dir %{_nginxdir}/errors
537 %config(noreplace,missingok) %verify(not md5 mtime size) %{_nginxdir}/html/*
538 %config(noreplace,missingok) %verify(not md5 mtime size) %{_nginxdir}/errors/*
541 %files mod_http_geoip
542 %defattr(644,root,root,755)
543 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_geoip.conf
544 %attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_geoip_module.so
546 %files mod_stream_geoip
547 %defattr(644,root,root,755)
548 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_stream_geoip.conf
549 %attr(755,root,root) %{_libdir}/%{name}/modules/ngx_stream_geoip_module.so
553 %files mod_http_image_filter
554 %defattr(644,root,root,755)
555 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_image_filter.conf
556 %attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_image_filter_module.so
561 %defattr(644,root,root,755)
562 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_perl.conf
563 %attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_perl_module.so
564 %dir %{perl_vendorarch}/auto/%{name}
565 %attr(755,root,root) %{perl_vendorarch}/auto/%{name}/%{name}.so
566 %{perl_vendorarch}/%{name}.pm
567 %{_mandir}/man3/nginx.3pm*
571 %files mod_http_xslt_filter
572 %defattr(644,root,root,755)
573 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_xslt_filter.conf
574 %attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_xslt_filter_module.so
579 %defattr(644,root,root,755)
580 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_mail.conf
581 %attr(755,root,root) %{_libdir}/%{name}/modules/ngx_mail_module.so
584 %if %{with headers_more}
585 %files mod_headers_more
586 %defattr(644,root,root,755)
587 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_headers_more_filter.conf
588 %attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_headers_more_filter_module.so
593 %defattr(644,root,root,755)
594 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_vhost_traffic_status.conf
595 %attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_vhost_traffic_status_module.so
600 %defattr(644,root,root,755)
601 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_stream.conf
602 %attr(755,root,root) %{_libdir}/%{name}/modules/ngx_stream_module.so
605 %files mod_http_cache_purge
606 %defattr(644,root,root,755)
607 %doc ngx_cache_purge/{CHANGES,README.md}
608 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_cache_purge.conf
609 %attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_cache_purge_module.so
611 %files -n monit-rc-nginx
612 %defattr(644,root,root,755)
613 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/monit/%{name}.monitrc