# TODO
# - /etc/sysconfig/nginx file
# - missing perl build/install requires
+# - add njs: https://nginx.org/en/docs/njs/
#
# Conditional build for nginx:
+# Features
+%bcond_with debug # enable debug logging: http://nginx.org/en/docs/debugging_log.html
+%bcond_without threads # thread pool support
+# Modules
+%bcond_without addition # http addition module
+%bcond_without auth_request # auth_request module
+%bcond_without dav # WebDAV
+%bcond_without flv # http FLV module
+%bcond_without gd # without http image filter module
+%bcond_without geoip # without http geoip module and stream geoip module
+%bcond_without http2 # HTTP/2 module
%bcond_without mail # don't build imap/mail proxy
%bcond_without perl # don't build with perl module
-%bcond_without addition # adds module
-%bcond_without dav # WebDAV
-%bcond_without flv # FLV stream
-%bcond_without sub # ngx_http_sub_module
-%bcond_without poll # poll
+%bcond_without poll # poll module
%bcond_without realip # real ip (behind proxy)
-%bcond_without select # select
-%bcond_without http2 # HTTP/2 module
-%bcond_without status # status module
-%bcond_without ssl # ssl support
-%bcond_without threads # thread pool support
-%bcond_without gd # without http image filter module
-%bcond_without geoip # without http geoip module
+%bcond_without select # select module
+%bcond_without ssl # ssl support and http ssl module
+%bcond_without stream # TCP/UDP proxy module
+%bcond_without stub_status # http stub status module
+%bcond_without sub # ngx_http_sub_module
%bcond_without xslt # without http xslt module
-%bcond_without stream # without stream module
-%bcond_with http_browser # header "User-agent" parser
-%bcond_with rtmp # rtmp support
-%bcond_with debug # enable debug logging: http://nginx.org/en/docs/debugging_log.html
-%bcond_without auth_request # auth_request module
+%bcond_with http_browser # http browser module (header "User-agent" parser)
%bcond_with modsecurity # modsecurity module
+%bcond_with rtmp # rtmp support
+%bcond_without vts # virtual host traffic status module
+%bcond_without headers_more # headers more module
%ifarch x32
%undefine with_rtsig
%endif
%define ssl_version 1.0.2
-%define rtmp_version 1.1.7
-%define modsecurity_version 2.9.1
+%define rtmp_version 1.2.1
+%define vts_version 0.1.18
+%define headers_more_version 0.33
+%define modsecurity_version 3.0.4
Summary: High perfomance HTTP and reverse proxy server
Summary(pl.UTF-8): Serwer HTTP i odwrotne proxy o wysokiej wydajności
# nginx lines:
# - stable: production quality with stable API
# - mainline: production quality but API can change
+# http://nginx.org/en/download.html
Name: nginx
-Version: 1.11.5
-Release: 0.1
+Version: 1.20.0
+Release: 2
License: BSD-like
Group: Networking/Daemons/HTTP
Source0: http://nginx.org/download/%{name}-%{version}.tar.gz
-# Source0-md5: db43f2b19746f6f47401c3afc3924dc6
+# Source0-md5: d3d7985527d535ebcda9fc3fdbd3a974
Source1: http://nginx.net/favicon.ico
# Source1-md5: 2aaf2115c752cbdbfb8a2f0b3c3189ab
Source2: proxy.conf
Source14: %{name}.conf
Source17: %{name}-mime.types.sh
Source18: %{name}.service
-Source22: http://www.modsecurity.org/tarball/%{modsecurity_version}/modsecurity-%{modsecurity_version}.tar.gz
-# Source22-md5: 0fa92b852abc857a20b9e24f83f814cf
+Source33: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{modsecurity_version}/modsecurity-v%{modsecurity_version}.tar.gz
+# Source33-md5: 42c9860e0c073ca32a4a015ead970774
Source101: https://github.com/arut/nginx-rtmp-module/archive/v%{rtmp_version}/%{name}-rtmp-module-%{rtmp_version}.tar.gz
-# Source101-md5: 8006de2560db3e55bb15d110220076ac
+# Source101-md5: 639ac2b78103adaccbcfe484a92acf44
+Source102: https://github.com/vozlt/nginx-module-vts/archive/v%{vts_version}.tar.gz
+# Source102-md5: 409a10dbd85e0b807cc77eecec29a3b5
+Source103: https://github.com/openresty/headers-more-nginx-module/archive/v%{headers_more_version}.tar.gz
+# Source103-md5: 95e15a2331c2d4db3691a56268df5f47
Patch0: %{name}-no-Werror.patch
Patch1: %{name}-modsecurity-xheaders.patch
-URL: http://nginx.net/
+URL: http://nginx.org/
BuildRequires: mailcap
BuildRequires: pcre-devel
BuildRequires: rpmbuild(macros) >= 1.644
Requires: rc-scripts >= 0.2.0
Requires: systemd-units >= 38
Suggests: vim-syntax-nginx
+Obsoletes: nginx-common < 1.13.3
+Obsoletes: nginx-light < 1.13.3
+Obsoletes: nginx-standard < 1.13.3
+Conflicts: rpm < 4.4.2-0.2
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%define _sysconfdir /etc/%{name}
%define _nginxdir /home/services/%{name}
+# minimizing restarts logics. we restart webserver:
+#
+# 1. at the end of transaction. (posttrans, feature from rpm 4.4.2)
+# 2. first install of module (post: $1 = 1)
+# 2. uninstall of module (postun: $1 == 0)
+#
+# the strict internal deps between modules and
+# main package are very important for all this to work.
+
+# restart webserver at the end of transaction
+
+%define restart_webserver \
+ %systemd_post %{name}.service \
+ %service %{name} force-reload \
+ %{nil}
+
+# macro called at module post scriptlet
+%define module_post \
+if [ "$1" = "1" ]; then \
+ %restart_webserver \
+fi
+
+# macro called at module postun scriptlet
+%define module_postun \
+if [ "$1" = "0" ]; then \
+ %restart_webserver \
+fi
+
+# it's sooo annoying to write them
+%define module_scripts() \
+%post %1 \
+%module_post \
+\
+%postun %1 \
+%module_postun
+
%description
nginx ("engine x") is a high-performance HTTP server and reverse
proxy, as well as an IMAP/POP3 proxy server. nginx was written by Igor
fazie beta, już zasłynął dzięki stabilności, bogactwu dodatków,
prostej konfiguracji oraz małej "zasobożerności".
+%package mod_headers_more
+Summary: Nginx HTTP headers more module
+Group: Daemons
+Requires: %{name} = %{version}-%{release}
+
+%description mod_headers_more
+Set and clear input and output headers...more than "add".
+
%package mod_http_geoip
Summary: Nginx HTTP geoip module
Group: Daemons
%description mod_http_geoip
Nginx HTTP geoip module.
+%package mod_stream_geoip
+Summary: Nginx stream geoip module
+Group: Daemons
+Requires: %{name} = %{version}-%{release}
+Requires: %{name}-mod_stream = %{version}-%{release}
+Requires: GeoIP
+
+%description mod_stream_geoip
+Nginx stream geoip module.
+
%package mod_http_image_filter
Summary: Nginx HTTP image filter module
Group: Daemons
%description mod_mail
Nginx mail module.
+%package mod_vts
+Summary: Nginx virtual host traffic status module
+Group: Networking/Daemons/HTTP
+Requires: %{name} = %{version}-%{release}
+
+%description mod_vts
+Nginx virtual host traffic status module.
+
%package mod_stream
Summary: Nginx stream modules
Group: Daemons
Plik monitrc do monitorowania serwera WWW nginx.
%prep
-%setup -q %{?with_rtmp:-a101} %{?with_modsecurity:-a22}
+%setup -q %{?with_rtmp:-a101} %{?with_modsecurity:-a22} %{?with_vts:-a102} %{?with_headers_more:-a103}
%patch0 -p0
%{?with_modsecurity:%patch1 -p0}
mv nginx-rtmp-module-%{rtmp_version} nginx-rtmp-module
%endif
+%if %{with vts}
+mv nginx-module-vts-%{vts_version} nginx-vts-module
+%endif
+
+%if %{with headers_more}
+mv headers-more-nginx-module-%{headers_more_version} nginx-headers-more-module
+%endif
+
# build mime.types.conf
#sh %{SOURCE17} /etc/mime.types
--http-client-body-temp-path=%{_localstatedir}/cache/%{name}/client_body_temp \
--http-fastcgi-temp-path=%{_localstatedir}/cache/%{name}/fastcgi_temp \
--http-proxy-temp-path=%{_localstatedir}/cache/%{name}/proxy_temp \
+ --http-uwsgi-temp-path=%{_localstatedir}/cache/%{name}/uwsgi_temp \
+ --http-scgi-temp-path=%{_localstatedir}/cache/%{name}/scgi_temp \
--user=nginx \
--group=nginx \
%{?with_select:--with-select_module} \
%{?with_poll:--with-poll_module} \
%{?with_rtsig:--with-rtsig_module} \
%{?with_perl:--with-http_perl_module=dynamic} \
- %{?with_geoip:--with-http_geoip_module=dynamic} \
%{?with_gd:--with-http_image_filter_module=dynamic} \
%{?with_xslt:--with-http_xslt_module=dynamic} \
+ %{?with_geoip:--with-http_geoip_module=dynamic} \
+ %{?with_geoip:--with-stream_geoip_module=dynamic} \
%if %{with mail}
--with-mail=dynamic \
--with-mail_ssl_module \
%{?with_flv:--with-http_flv_module} \
%{?with_sub:--with-http_sub_module} \
%{?with_realip:--with-http_realip_module} \
- %{?with_status:--with-http_stub_status_module} \
+ %{?with_stub_status:--with-http_stub_status_module} \
%{?with_ssl:--with-http_ssl_module} \
%{!?with_http_browser:--without-http_browser_module} \
+ %{?with_headers_more:--add-dynamic-module=./nginx-headers-more-module} \
%{?with_rtmp:--add-module=./nginx-rtmp-module} \
+ %{?with_vts:--add-dynamic-module=./nginx-vts-module} \
%{?with_auth_request:--with-http_auth_request_module} \
%{?with_threads:--with-threads} \
%{?with_http2:--with-http_v2_module} \
$RPM_BUILD_ROOT%{_localstatedir}/log/{%{name},archive/%{name}} \
$RPM_BUILD_ROOT%{_localstatedir}/cache/%{name} \
$RPM_BUILD_ROOT%{_localstatedir}/lock/subsys/%{name} \
- $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/{vhosts,webapps}.d} \
+ $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/{conf,modules,vhosts,webapps}.d} \
+ $RPM_BUILD_ROOT%{_sysconfdir}/snippets \
$RPM_BUILD_ROOT/etc/{logrotate.d,monit} \
$RPM_BUILD_ROOT{%{systemdunitdir},/etc/systemd/system}
cp -p html/50x.html $RPM_BUILD_ROOT%{_nginxdir}/errors
cp -p %{SOURCE1} $RPM_BUILD_ROOT%{_nginxdir}/html/favicon.ico
+load_module() {
+ local module=ngx_${1}_module.so conffile=mod_$1.conf
+ printf 'load_module "%{_libdir}/%{name}/modules/%s";' "$module" \
+ > $RPM_BUILD_ROOT%{_sysconfdir}/modules.d/$conffile
+}
+
%if %{with perl}
%{__rm} $RPM_BUILD_ROOT%{perl_archlib}/perllocal.pod
%{__rm} $RPM_BUILD_ROOT%{perl_vendorarch}/auto/nginx/.packlist
+load_module http_perl
%endif
-# only touch these for ghost packaging
-touch $RPM_BUILD_ROOT%{_sysconfdir}/{fastcgi,scgi,uwsgi}.params
+%if %{with geoip}
+load_module http_geoip
+load_module stream_geoip
+%endif
+%if %{with gd}
+load_module http_image_filter
+%endif
+%if %{with xslt}
+load_module http_xslt_filter
+%endif
+%if %{with mail}
+load_module mail
+%endif
+%{?with_vts:load_module http_vhost_traffic_status}
+%{?with_headers_more:load_module http_headers_more_filter}
+%if %{with stream}
+load_module stream
+%endif
%clean
rm -rf $RPM_BUILD_ROOT
fi
done
/sbin/chkconfig --add %{name}
-%systemd_post %{name}.service
-%service %{name} force-reload
+
+%posttrans
+%restart_webserver
%preun
if [ "$1" = "0" ];then
fi
%systemd_reload
-%triggerpostun -- %{name} < 1.8.0-2
-# skip *this* trigger on downgrade
-[ $1 -le 1 ] && exit 0
-ln -sf fastcgi_params %{_sysconfdir}/fastcgi.params
-ln -sf scgi_params %{_sysconfdir}/scgi.params
-ln -sf uwsgi_params %{_sysconfdir}/uwsgi.params
-exit 0
+%module_scripts mod_http_geoip
+%module_scripts mod_http_image_filter
+%module_scripts mod_http_perl
+%module_scripts mod_http_xslt_filter
+%module_scripts mod_mail
+%module_scripts mod_vts
+%module_scripts mod_headers_more
+%module_scripts mod_stream
+%module_scripts mod_stream_geoip
%files
%defattr(644,root,root,755)
%doc CHANGES LICENSE README html/index.html conf/nginx.conf
%doc %lang(ru) CHANGES.ru
-%dir %attr(750,root,nginx) %{_sysconfdir}
-%dir %{_nginxdir}
-%dir %{_nginxdir}/cgi-bin
-%dir %{_nginxdir}/html
-%dir %{_nginxdir}/errors
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/%{name}
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/proxy.conf
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fastcgi_params
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/scgi_params
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/uwsgi_params
-%ghost %{_sysconfdir}/fastcgi.params
-%ghost %{_sysconfdir}/scgi.params
-%ghost %{_sysconfdir}/uwsgi.params
+%attr(754,root,root) /etc/rc.d/init.d/%{name}
+%dir %attr(750,root,nginx) %{_sysconfdir}
+%dir %{_sysconfdir}/conf.d
+%dir %{_sysconfdir}/modules.d
+%dir %{_sysconfdir}/snippets
+%dir %{_sysconfdir}/vhosts.d
+%dir %{_sysconfdir}/webapps.d
%attr(640,root,root) %{_sysconfdir}/mime.types
%attr(640,root,root) %{_sysconfdir}/koi-utf
%attr(640,root,root) %{_sysconfdir}/koi-win
%attr(640,root,root) %{_sysconfdir}/win-utf
-%dir %{_sysconfdir}/webapps.d
-%dir %{_sysconfdir}/vhosts.d
-%attr(750,nginx,logs) %dir /var/log/archive/%{name}
-%attr(750,nginx,logs) /var/log/%{name}
-%config(noreplace,missingok) %verify(not md5 mtime size) %{_nginxdir}/html/*
-%config(noreplace,missingok) %verify(not md5 mtime size) %{_nginxdir}/errors/*
-
-%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fastcgi.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nginx.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/proxy.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fastcgi_params
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/scgi_params
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/uwsgi_params
%attr(755,root,root) %{_sbindir}/%{name}
-%attr(770,root,%{name}) /var/cache/%{name}
-%attr(754,root,root) /etc/rc.d/init.d/%{name}
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}.conf
%dir %{_libdir}/%{name}
%dir %{_libdir}/%{name}/modules
%{systemdunitdir}/%{name}.service
+%attr(750,nginx,logs) %dir /var/log/archive/%{name}
+%attr(750,nginx,logs) /var/log/%{name}
+%attr(770,root,nginx) /var/cache/%{name}
+
+%dir %{_nginxdir}
+%dir %{_nginxdir}/cgi-bin
+%dir %{_nginxdir}/html
+%dir %{_nginxdir}/errors
+%config(noreplace,missingok) %verify(not md5 mtime size) %{_nginxdir}/html/*
+%config(noreplace,missingok) %verify(not md5 mtime size) %{_nginxdir}/errors/*
+
%if %{with geoip}
%files mod_http_geoip
%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_geoip.conf
%attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_geoip_module.so
+
+%files mod_stream_geoip
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_stream_geoip.conf
+%attr(755,root,root) %{_libdir}/%{name}/modules/ngx_stream_geoip_module.so
%endif
%if %{with gd}
%files mod_http_image_filter
%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_image_filter.conf
%attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_image_filter_module.so
%endif
%if %{with perl}
%files mod_http_perl
%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_perl.conf
%attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_perl_module.so
%dir %{perl_vendorarch}/auto/%{name}
%attr(755,root,root) %{perl_vendorarch}/auto/%{name}/%{name}.so
%if %{with xslt}
%files mod_http_xslt_filter
%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_xslt_filter.conf
%attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_xslt_filter_module.so
%endif
%if %{with mail}
%files mod_mail
%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_mail.conf
%attr(755,root,root) %{_libdir}/%{name}/modules/ngx_mail_module.so
%endif
+%if %{with headers_more}
+%files mod_headers_more
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_headers_more_filter.conf
+%attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_headers_more_filter_module.so
+%endif
+
+%if %{with vts}
+%files mod_vts
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_vhost_traffic_status.conf
+%attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_vhost_traffic_status_module.so
+%endif
+
%if %{with stream}
%files mod_stream
%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_stream.conf
%attr(755,root,root) %{_libdir}/%{name}/modules/ngx_stream_module.so
%endif