2 # - /etc/sysconfig/nginx file
3 # - missing perl build/install requires
4 # - add njs: https://nginx.org/en/docs/njs/
6 # Conditional build for nginx:
8 %bcond_with debug # enable debug logging: http://nginx.org/en/docs/debugging_log.html
9 %bcond_without threads # thread pool support
11 %bcond_without addition # http addition module
12 %bcond_without auth_request # auth_request module
13 %bcond_without dav # WebDAV
14 %bcond_without flv # http FLV module
15 %bcond_without gd # without http image filter module
16 %bcond_without geoip # without http geoip module and stream geoip module
17 %bcond_without http2 # HTTP/2 module
18 %bcond_without mail # don't build imap/mail proxy
19 %bcond_without perl # don't build with perl module
20 %bcond_without poll # poll module
21 %bcond_without realip # real ip (behind proxy)
22 %bcond_without select # select module
23 %bcond_without ssl # ssl support and http ssl module
24 %bcond_without stream # TCP/UDP proxy module
25 %bcond_without stub_status # http stub status module
26 %bcond_without sub # ngx_http_sub_module
27 %bcond_without xslt # without http xslt module
28 %bcond_with http_browser # http browser module (header "User-agent" parser)
29 %bcond_with modsecurity # modsecurity module
30 %bcond_with rtmp # rtmp support
31 %bcond_without vts # virtual host traffic status module
32 %bcond_without headers_more # headers more module
38 %define ssl_version 1.0.2
39 %define rtmp_version 1.2.1
40 %define vts_version 0.1.18
41 %define headers_more_version 0.33
42 %define modsecurity_version 3.0.4
43 Summary: High perfomance HTTP and reverse proxy server
44 Summary(pl.UTF-8): Serwer HTTP i odwrotne proxy o wysokiej wydajności
46 # - stable: production quality with stable API
47 # - mainline: production quality but API can change
48 # http://nginx.org/en/download.html
53 Group: Networking/Daemons/HTTP
54 Source0: https://nginx.org/download/%{name}-%{version}.tar.gz
55 # Source0-md5: d3d7985527d535ebcda9fc3fdbd3a974
56 Source1: https://nginx.org/favicon.ico
57 # Source1-md5: 72e228c3809db53da8a884b6676ed36a
59 Source3: %{name}.logrotate
61 Source6: %{name}.monitrc
63 Source14: %{name}.conf
64 Source17: %{name}-mime.types.sh
65 Source18: %{name}.service
66 Source33: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{modsecurity_version}/modsecurity-v%{modsecurity_version}.tar.gz
67 # Source33-md5: a8791b94fa09f2d3693fa1d22523e6c4
68 Source101: https://github.com/arut/nginx-rtmp-module/archive/v%{rtmp_version}/%{name}-rtmp-module-%{rtmp_version}.tar.gz
69 # Source101-md5: 639ac2b78103adaccbcfe484a92acf44
70 Source102: https://github.com/vozlt/nginx-module-vts/archive/v%{vts_version}.tar.gz
71 # Source102-md5: 409a10dbd85e0b807cc77eecec29a3b5
72 Source103: https://github.com/openresty/headers-more-nginx-module/archive/v%{headers_more_version}.tar.gz
73 # Source103-md5: 95e15a2331c2d4db3691a56268df5f47
74 Patch0: %{name}-no-Werror.patch
75 Patch1: %{name}-modsecurity-xheaders.patch
76 URL: https://nginx.org/
77 BuildRequires: mailcap
78 BuildRequires: pcre-devel
79 BuildRequires: rpmbuild(macros) >= 1.644
80 BuildRequires: zlib-devel
82 BuildRequires: GeoIP-devel
85 BuildRequires: gd-devel
87 %if %{with modsecurity}
88 BuildRequires: lua-devel
91 BuildRequires: perl-CGI
92 BuildRequires: perl-devel
94 BuildRequires: rpm-perlprov
97 BuildRequires: openssl-devel >= %{ssl_version}
98 Requires: openssl >= %{ssl_version}
101 BuildRequires: libxslt-devel
103 Provides: group(http)
104 Provides: group(nginx)
105 Provides: user(nginx)
107 Provides: webserver(access)
108 Provides: webserver(alias)
109 Provides: webserver(auth)
110 Provides: webserver(expires)
111 Provides: webserver(headers)
112 Provides: webserver(indexfile)
113 Provides: webserver(log)
114 Provides: webserver(mime)
115 Provides: webserver(reqtimeout)
116 Provides: webserver(rewrite)
117 Provides: webserver(setenv)
118 Conflicts: logrotate < 3.8.0
119 Requires(post,preun): /sbin/chkconfig
120 Requires(post,preun,postun): systemd-units >= 38
121 Requires(postun): /usr/sbin/groupdel
122 Requires(postun): /usr/sbin/userdel
123 Requires(pre): /bin/id
124 Requires(pre): /usr/bin/getgid
125 Requires(pre): /usr/sbin/groupadd
126 Requires(pre): /usr/sbin/useradd
127 Requires: rc-scripts >= 0.2.0
128 Requires: systemd-units >= 38
129 Suggests: vim-syntax-nginx
130 Obsoletes: nginx-common < 1.13.3
131 Obsoletes: nginx-light < 1.13.3
132 Obsoletes: nginx-standard < 1.13.3
133 Conflicts: rpm < 4.4.2-0.2
134 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
136 %define _sysconfdir /etc/%{name}
137 %define _nginxdir /home/services/%{name}
139 # minimizing restarts logics. we restart webserver:
141 # 1. at the end of transaction. (posttrans, feature from rpm 4.4.2)
142 # 2. first install of module (post: $1 = 1)
143 # 2. uninstall of module (postun: $1 == 0)
145 # the strict internal deps between modules and
146 # main package are very important for all this to work.
148 # restart webserver at the end of transaction
150 %define restart_webserver \
151 %systemd_post %{name}.service \
152 %service %{name} force-reload \
155 # macro called at module post scriptlet
156 %define module_post \
157 if [ "$1" = "1" ]; then \
161 # macro called at module postun scriptlet
162 %define module_postun \
163 if [ "$1" = "0" ]; then \
167 # it's sooo annoying to write them
168 %define module_scripts() \
176 nginx ("engine x") is a high-performance HTTP server and reverse
177 proxy, as well as an IMAP/POP3 proxy server. nginx was written by Igor
178 Sysoev for Rambler.ru, Russia's second-most visited website, where it
179 has been running in production for over two and a half years. Igor has
180 released the source code under a BSD-like license. Although still in
181 beta, nginx is known for its stability, rich feature set, simple
182 configuration, and low resource consumption.
184 %description -l pl.UTF-8
185 nginx ("engine x") jest wysokowydajnym serwerem HTTP, odwrotnym proxy
186 a także IMAP/POP3 proxy. nginx został napisany przez Igora Sysoeva na
187 potrzeby serwisu Rambler.ru. Jest to drugi pod względem ilości
188 odwiedzin serwis w Rosji i działa od ponad dwóch i pół roku. Igor
189 opublikował źródła na licencji BSD. Mimo, że projekt jest ciągle w
190 fazie beta, już zasłynął dzięki stabilności, bogactwu dodatków,
191 prostej konfiguracji oraz małej "zasobożerności".
193 %package mod_headers_more
194 Summary: Nginx HTTP headers more module
196 Requires: %{name} = %{version}-%{release}
198 %description mod_headers_more
199 Set and clear input and output headers...more than "add".
201 %package mod_http_geoip
202 Summary: Nginx HTTP geoip module
204 Requires: %{name} = %{version}-%{release}
207 %description mod_http_geoip
208 Nginx HTTP geoip module.
210 %package mod_stream_geoip
211 Summary: Nginx stream geoip module
213 Requires: %{name} = %{version}-%{release}
214 Requires: %{name}-mod_stream = %{version}-%{release}
217 %description mod_stream_geoip
218 Nginx stream geoip module.
220 %package mod_http_image_filter
221 Summary: Nginx HTTP image filter module
223 Requires: %{name} = %{version}-%{release}
225 %description mod_http_image_filter
226 Nginx HTTP image filter module.
228 %package mod_http_perl
229 Summary: Nginx HTTP Perl module
230 Group: Networking/Daemons/HTTP
231 Requires: %{name} = %{version}-%{release}
233 %description mod_http_perl
234 Nginx HTTP Perl module.
236 %package mod_http_xslt_filter
237 Summary: Nginx XSLT module
239 Requires: %{name} = %{version}-%{release}
241 %description mod_http_xslt_filter
245 Summary: Nginx mail module
246 Group: Networking/Daemons/HTTP
247 Requires: %{name} = %{version}-%{release}
249 %description mod_mail
253 Summary: Nginx virtual host traffic status module
254 Group: Networking/Daemons/HTTP
255 Requires: %{name} = %{version}-%{release}
258 Nginx virtual host traffic status module.
261 Summary: Nginx stream modules
263 Requires: %{name} = %{version}-%{release}
265 %description mod_stream
266 Nginx stream modules.
268 %package -n monit-rc-nginx
269 Summary: nginx support for monit
270 Summary(pl.UTF-8): Wsparcie nginx dla monit
271 Group: Applications/System
272 Requires: %{name} = %{version}-%{release}
275 %description -n monit-rc-nginx
276 monitrc file for monitoring nginx webserver.
278 %description -n monit-rc-nginx -l pl.UTF-8
279 Plik monitrc do monitorowania serwera WWW nginx.
282 %setup -q %{?with_rtmp:-a101} %{?with_modsecurity:-a22} %{?with_vts:-a102} %{?with_headers_more:-a103}
284 %{?with_modsecurity:%patch1 -p0}
287 mv nginx-rtmp-module-%{rtmp_version} nginx-rtmp-module
291 mv nginx-module-vts-%{vts_version} nginx-vts-module
294 %if %{with headers_more}
295 mv headers-more-nginx-module-%{headers_more_version} nginx-headers-more-module
298 # build mime.types.conf
299 #sh %{SOURCE17} /etc/mime.types
302 # NB: not autoconf generated configure
303 cp -f configure auto/
306 --prefix=%{_prefix} \
307 --modules-path=%{_libdir}/%{name}/modules \
308 --sbin-path=%{_sbindir}/%{name} \
309 --conf-path=%{_sysconfdir}/%{name}.conf \
310 --error-log-path=%{_localstatedir}/log/%{name}/error.log \
311 --http-log-path=%{_localstatedir}/log/%{name}/access.log \
312 --pid-path=%{_localstatedir}/run/%{name}.pid \
313 --lock-path=%{_localstatedir}/lock/subsys/%{name} \
314 --http-client-body-temp-path=%{_localstatedir}/cache/%{name}/client_body_temp \
315 --http-fastcgi-temp-path=%{_localstatedir}/cache/%{name}/fastcgi_temp \
316 --http-proxy-temp-path=%{_localstatedir}/cache/%{name}/proxy_temp \
317 --http-uwsgi-temp-path=%{_localstatedir}/cache/%{name}/uwsgi_temp \
318 --http-scgi-temp-path=%{_localstatedir}/cache/%{name}/scgi_temp \
321 %{?with_select:--with-select_module} \
322 %{?with_poll:--with-poll_module} \
323 %{?with_rtsig:--with-rtsig_module} \
324 %{?with_perl:--with-http_perl_module=dynamic} \
325 %{?with_gd:--with-http_image_filter_module=dynamic} \
326 %{?with_xslt:--with-http_xslt_module=dynamic} \
327 %{?with_geoip:--with-http_geoip_module=dynamic} \
328 %{?with_geoip:--with-stream_geoip_module=dynamic} \
330 --with-mail=dynamic \
331 --with-mail_ssl_module \
334 --with-stream=dynamic \
335 --with-stream_ssl_module \
337 --with-cc="%{__cc}" \
338 --with-cc-opt="%{rpmcflags}" \
339 --with-ld-opt="%{rpmldflags}" \
340 %{?with_debug:--with-debug} \
341 %{?with_addition:--with-http_addition_module} \
342 %{?with_dav:--with-http_dav_module} \
343 %{?with_flv:--with-http_flv_module} \
344 %{?with_sub:--with-http_sub_module} \
345 %{?with_realip:--with-http_realip_module} \
346 %{?with_stub_status:--with-http_stub_status_module} \
347 %{?with_ssl:--with-http_ssl_module} \
348 %{!?with_http_browser:--without-http_browser_module} \
349 %{?with_headers_more:--add-dynamic-module=./nginx-headers-more-module} \
350 %{?with_rtmp:--add-module=./nginx-rtmp-module} \
351 %{?with_vts:--add-dynamic-module=./nginx-vts-module} \
352 %{?with_auth_request:--with-http_auth_request_module} \
353 %{?with_threads:--with-threads} \
354 %{?with_http2:--with-http_v2_module} \
355 %{?with_modsecurity:--add-module=modsecurity-%{modsecurity_version}/nginx/modsecurity} \
356 --with-http_secure_link_module \
361 %if %{with modsecurity}
362 cd modsecurity-%{modsecurity_version}
365 --enable-standalone-module \
374 rm -rf $RPM_BUILD_ROOT
375 install -d $RPM_BUILD_ROOT/etc/rc.d/init.d \
376 $RPM_BUILD_ROOT%{_nginxdir}/{cgi-bin,html,errors} \
377 $RPM_BUILD_ROOT%{_localstatedir}/log/{%{name},archive/%{name}} \
378 $RPM_BUILD_ROOT%{_localstatedir}/cache/%{name} \
379 $RPM_BUILD_ROOT%{_localstatedir}/lock/subsys/%{name} \
380 $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/{conf,modules,vhosts,webapps}.d} \
381 $RPM_BUILD_ROOT%{_sysconfdir}/snippets \
382 $RPM_BUILD_ROOT/etc/{logrotate.d,monit} \
383 $RPM_BUILD_ROOT{%{systemdunitdir},/etc/systemd/system}
387 DESTDIR=$RPM_BUILD_ROOT
389 %{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/*.default
391 cp -p %{_sourcedir}/%{name}.conf $RPM_BUILD_ROOT%{_sysconfdir}
392 cp -p %{_sourcedir}/%{name}.service $RPM_BUILD_ROOT%{systemdunitdir}
393 cp -p %{_sourcedir}/%{name}.monitrc $RPM_BUILD_ROOT/etc/monit
394 install -p %{SOURCE7} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
396 cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/logrotate.d/%{name}
397 cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/proxy.conf
398 cp -p %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/mime.types
399 rm -r $RPM_BUILD_ROOT%{_prefix}/html
400 cp -p html/index.html $RPM_BUILD_ROOT%{_nginxdir}/html
401 cp -p html/50x.html $RPM_BUILD_ROOT%{_nginxdir}/errors
402 cp -p %{SOURCE1} $RPM_BUILD_ROOT%{_nginxdir}/html/favicon.ico
405 local module=ngx_${1}_module.so conffile=mod_$1.conf
406 printf 'load_module "%{_libdir}/%{name}/modules/%s";' "$module" \
407 > $RPM_BUILD_ROOT%{_sysconfdir}/modules.d/$conffile
411 %{__rm} $RPM_BUILD_ROOT%{perl_archlib}/perllocal.pod
412 %{__rm} $RPM_BUILD_ROOT%{perl_vendorarch}/auto/nginx/.packlist
413 load_module http_perl
417 load_module http_geoip
418 load_module stream_geoip
421 load_module http_image_filter
424 load_module http_xslt_filter
429 %{?with_vts:load_module http_vhost_traffic_status}
430 %{?with_headers_more:load_module http_headers_more_filter}
436 rm -rf $RPM_BUILD_ROOT
439 %groupadd -r -g 213 %{name}
441 %useradd -r -u 213 -d /usr/share/empty -s /bin/false -c "Nginx HTTP User" -g %{name} %{name}
442 %addusertogroup %{name} http
445 for a in access.log error.log; do
446 if [ ! -f /var/log/%{name}/$a ]; then
448 touch /var/log/%{name}/$a
449 chown nginx:nginx /var/log/%{name}/$a
450 chmod 644 /var/log/%{name}/$a
453 /sbin/chkconfig --add %{name}
459 if [ "$1" = "0" ];then
460 %service %{name} stop
461 /sbin/chkconfig --del %{name}
463 %systemd_preun %{name}.service
466 if [ "$1" = "0" ]; then
472 %module_scripts mod_http_geoip
473 %module_scripts mod_http_image_filter
474 %module_scripts mod_http_perl
475 %module_scripts mod_http_xslt_filter
476 %module_scripts mod_mail
477 %module_scripts mod_vts
478 %module_scripts mod_headers_more
479 %module_scripts mod_stream
480 %module_scripts mod_stream_geoip
483 %defattr(644,root,root,755)
484 %doc CHANGES LICENSE README html/index.html conf/nginx.conf
485 %doc %lang(ru) CHANGES.ru
486 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/%{name}
487 %attr(754,root,root) /etc/rc.d/init.d/%{name}
488 %dir %attr(750,root,nginx) %{_sysconfdir}
489 %dir %{_sysconfdir}/conf.d
490 %dir %{_sysconfdir}/modules.d
491 %dir %{_sysconfdir}/snippets
492 %dir %{_sysconfdir}/vhosts.d
493 %dir %{_sysconfdir}/webapps.d
494 %attr(640,root,root) %{_sysconfdir}/mime.types
495 %attr(640,root,root) %{_sysconfdir}/koi-utf
496 %attr(640,root,root) %{_sysconfdir}/koi-win
497 %attr(640,root,root) %{_sysconfdir}/win-utf
498 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fastcgi.conf
499 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nginx.conf
500 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/proxy.conf
501 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fastcgi_params
502 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/scgi_params
503 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/uwsgi_params
504 %attr(755,root,root) %{_sbindir}/%{name}
505 %dir %{_libdir}/%{name}
506 %dir %{_libdir}/%{name}/modules
507 %{systemdunitdir}/%{name}.service
509 %attr(750,nginx,logs) %dir /var/log/archive/%{name}
510 %attr(750,nginx,logs) /var/log/%{name}
511 %attr(770,root,nginx) /var/cache/%{name}
514 %dir %{_nginxdir}/cgi-bin
515 %dir %{_nginxdir}/html
516 %dir %{_nginxdir}/errors
517 %config(noreplace,missingok) %verify(not md5 mtime size) %{_nginxdir}/html/*
518 %config(noreplace,missingok) %verify(not md5 mtime size) %{_nginxdir}/errors/*
521 %files mod_http_geoip
522 %defattr(644,root,root,755)
523 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_geoip.conf
524 %attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_geoip_module.so
526 %files mod_stream_geoip
527 %defattr(644,root,root,755)
528 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_stream_geoip.conf
529 %attr(755,root,root) %{_libdir}/%{name}/modules/ngx_stream_geoip_module.so
533 %files mod_http_image_filter
534 %defattr(644,root,root,755)
535 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_image_filter.conf
536 %attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_image_filter_module.so
541 %defattr(644,root,root,755)
542 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_perl.conf
543 %attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_perl_module.so
544 %dir %{perl_vendorarch}/auto/%{name}
545 %attr(755,root,root) %{perl_vendorarch}/auto/%{name}/%{name}.so
546 %{perl_vendorarch}/%{name}.pm
547 %{_mandir}/man3/nginx.3pm*
551 %files mod_http_xslt_filter
552 %defattr(644,root,root,755)
553 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_xslt_filter.conf
554 %attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_xslt_filter_module.so
559 %defattr(644,root,root,755)
560 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_mail.conf
561 %attr(755,root,root) %{_libdir}/%{name}/modules/ngx_mail_module.so
564 %if %{with headers_more}
565 %files mod_headers_more
566 %defattr(644,root,root,755)
567 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_headers_more_filter.conf
568 %attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_headers_more_filter_module.so
573 %defattr(644,root,root,755)
574 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_vhost_traffic_status.conf
575 %attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_vhost_traffic_status_module.so
580 %defattr(644,root,root,755)
581 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_stream.conf
582 %attr(755,root,root) %{_libdir}/%{name}/modules/ngx_stream_module.so
585 %files -n monit-rc-nginx
586 %defattr(644,root,root,755)
587 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/monit/%{name}.monitrc