%bcond_without rtsig # rtsig
%bcond_without select # select
%bcond_without spdy # spdy module
-%bcond_without status # stats module
+%bcond_without status # status module
%bcond_without ssl # ssl support
%bcond_with http_browser # header "User-agent" parser
%bcond_with rtmp # rtmp support
%bcond_with threads # thread pool support
+%bcond_with debug # enable debug logging: http://nginx.org/en/docs/debugging_log.html
%bcond_without auth_request # auth_request module
+%bcond_with modsecurity # modsecurity module
%ifarch x32
%undefine with_rtsig
%endif
%define rtmp_version 1.1.7
+%define modsecurity_version 2.9.0
Summary: High perfomance HTTP and reverse proxy server
Summary(pl.UTF-8): Serwer HTTP i odwrotne proxy o wysokiej wydajności
# nginx lines:
# - mainline: production quality but API can change
Name: nginx
Version: 1.8.0
-Release: 2
+Release: 4
License: BSD-like
Group: Networking/Daemons/HTTP
Source0: http://nginx.org/download/%{name}-%{version}.tar.gz
Source2: proxy.conf
Source3: %{name}.logrotate
Source4: %{name}.mime
-Source5: %{name}-light.conf
Source6: %{name}-light.monitrc
-Source7: %{name}-light.init
+Source7: %{name}.init
Source8: %{name}-mail.conf
Source9: %{name}-mail.monitrc
-Source10: %{name}-mail.init
-Source11: %{name}-perl.conf
Source12: %{name}-perl.monitrc
-Source13: %{name}-perl.init
-Source14: %{name}-standard.conf
+Source14: %{name}.conf
Source15: %{name}-standard.monitrc
-Source16: %{name}-standard.init
Source17: %{name}-mime.types.sh
Source18: %{name}-standard.service
Source19: %{name}-light.service
Source20: %{name}-perl.service
Source21: %{name}-mail.service
+Source22: http://www.modsecurity.org/tarball/%{modsecurity_version}/modsecurity-%{modsecurity_version}.tar.gz
+# Source22-md5: ecf42d21f26338443d7111891851628c
Source101: https://github.com/arut/nginx-rtmp-module/archive/v%{rtmp_version}/nginx-rtmp-module-%{rtmp_version}.tar.gz
# Source101-md5: 8006de2560db3e55bb15d110220076ac
Patch0: %{name}-no-Werror.patch
+Patch1: %{name}-modsecurity-xheaders.patch
URL: http://nginx.net/
+%{?with_modsecurity:BuildRequires: lua-devel}
BuildRequires: mailcap
-BuildRequires: openssl-devel
+%{?with_ssl:BuildRequires: openssl-devel >= 1.0.2}
BuildRequires: pcre-devel
%{?with_perl:BuildRequires: perl-CGI}
%{?with_perl:BuildRequires: perl-devel}
Requires(pre): /usr/bin/getgid
Requires(pre): /usr/sbin/groupadd
Requires(pre): /usr/sbin/useradd
-Requires: openssl
-Requires: pcre
Requires: rc-scripts >= 0.2.0
Requires: systemd-units >= 38
-Requires: zlib
Provides: group(http)
Provides: group(nginx)
Provides: user(nginx)
Requires(post,preun): /sbin/chkconfig
Requires(post,preun,postun): systemd-units >= 38
Requires: %{name}-common = %{version}-%{release}
-Requires: openssl
-Requires: pcre
-Requires: zlib
+%{?with_ssl:Requires: openssl >= 1.0.2}
Provides: nginx-daemon
Provides: webserver
Requires(post,preun): /sbin/chkconfig
Requires(post,preun,postun): systemd-units >= 38
Requires: %{name}-common = %{version}-%{release}
-Requires: openssl
+%{?with_ssl:Requires: openssl >= 1.0.2}
Provides: nginx-daemon
Provides: webserver
Requires(post,preun): /sbin/chkconfig
Requires(post,preun,postun): systemd-units >= 38
Requires: %{name}-common = %{version}-%{release}
-Requires: openssl
-Requires: pcre
-Requires: zlib
Provides: nginx-daemon
%description mail
Requires(post,preun): /sbin/chkconfig
Requires(post,preun,postun): systemd-units >= 38
Requires: %{name}-common = %{version}-%{release}
-Requires: openssl
+%{?with_ssl:Requires: openssl >= 1.0.2}
Provides: nginx
Provides: nginx-daemon
Conflicts: logrotate < 3.7-4
Plik monitrc do monitorowania serwera WWW nginx.
%prep
-%setup -q %{?with_rtmp:-a101}
+%setup -q %{?with_rtmp:-a101} %{?with_modsecurity:-a22}
%patch0 -p0
+%{?with_modsecurity:%patch1 -p0}
%if %{with rtmp}
mv nginx-rtmp-module-%{rtmp_version} nginx-rtmp-module
install -d bin
-# build with common options
+# build with default options
build() {
+ local type=$1; shift
./configure \
--prefix=%{_prefix} \
+ --sbin-path=%{_sbindir}/%{name}-$type \
+ --conf-path=%{_sysconfdir}/%{name}-$type.conf \
+ --error-log-path=%{_localstatedir}/log/%{name}/%{name}-${type}_error.log \
+ --http-log-path=%{_localstatedir}/log/%{name}/%{name}-${type}_access.log \
+ --pid-path=%{_localstatedir}/run/%{name}-$type.pid \
+ --lock-path=%{_localstatedir}/lock/subsys/%{name}-$type \
+ --http-client-body-temp-path=%{_localstatedir}/cache/%{name}-$type/client_body_temp \
+ --http-fastcgi-temp-path=%{_localstatedir}/cache/%{name}-$type/fastcgi_temp \
+ --http-proxy-temp-path=%{_localstatedir}/cache/%{name}-$type/proxy_temp \
--user=nginx \
--group=nginx \
+ %{?with_ipv6:--with-ipv6} \
+ %{?with_select:--with-select_module} \
+ %{?with_poll:--with-poll_module} \
+ %{?with_rtsig:--with-rtsig_module} \
--with-cc="%{__cc}" \
--with-cc-opt="%{rpmcflags}" \
--with-ld-opt="%{rpmldflags}" \
- %{?debug:--with-debug} \
+ %{?with_debug:--with-debug} \
"$@"
%{__make}
}
+%if %{with modsecurity}
+cd modsecurity-%{modsecurity_version}
+./autogen.sh
+%configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --enable-alp2 \
+ --with-lua=/usr
+%{__make}
+cd ..
+%endif
+
%if %{with perl}
-build \
- --sbin-path=%{_sbindir}/%{name}-perl \
- --conf-path=%{_sysconfdir}/%{name}-perl.conf \
- --error-log-path=%{_localstatedir}/log/%{name}/%{name}-perl_error.log \
- --http-log-path=%{_localstatedir}/log/%{name}/%{name}-perl_access.log \
- --pid-path=%{_localstatedir}/run/%{name}-perl.pid \
- --lock-path=%{_localstatedir}/lock/subsys/%{name}-perl \
+build perl \
--with-http_perl_module \
- --without-mail_pop3_module \
- --without-mail_imap_module \
- --without-mail_smtp_module \
%{?with_addition:--with-http_addition_module} \
%{?with_dav:--with-http_dav_module} \
%{?with_flv:--with-http_flv_module} \
- %{?with_ipv6:--with-ipv6} \
%{?with_sub:--with-http_sub_module} \
- %{?with_poll:--with-poll_module} \
%{?with_realip:--with-http_realip_module} \
- %{?with_rtsig:--with-rtsig_module} \
- %{?with_select:--with-select_module} \
%{?with_status:--with-http_stub_status_module} \
%{?with_ssl:--with-http_ssl_module} \
%{!?with_http_browser:--without-http_browser_module} \
%{?with_threads:--with-threads} \
%{?with_spdy:--with-http_spdy_module} \
--with-http_secure_link_module \
- --http-client-body-temp-path=%{_localstatedir}/cache/%{name}-perl/client_body_temp \
- --http-proxy-temp-path=%{_localstatedir}/cache/%{name}-perl/proxy_temp \
- --http-fastcgi-temp-path=%{_localstatedir}/cache/%{name}-perl/fastcgi_temp \
%{nil}
mv -f objs/nginx bin/nginx-perl
%endif
%if %{with mail}
-build \
- --sbin-path=%{_sbindir}/%{name}-mail \
- --conf-path=%{_sysconfdir}/%{name}-mail.conf \
- --error-log-path=%{_localstatedir}/log/%{name}/%{name}-mail_error.log \
- --http-log-path=%{_localstatedir}/log/%{name}/%{name}-mail_access.log \
- --pid-path=%{_localstatedir}/run/%{name}-mail.pid \
- --lock-path=%{_localstatedir}/lock/subsys/%{name}-mail \
+build mail \
+ --without-http \
--with-imap \
--with-mail \
--with-mail_ssl_module \
- --without-http \
- %{?with_ipv6:--with-ipv6} \
- %{?with_poll:--with-poll_module} \
- %{?with_rtsig:--with-rtsig_module} \
- %{?with_select:--with-select_module} \
- --http-client-body-temp-path=%{_localstatedir}/cache/%{name}-mail/client_body_temp \
- --http-proxy-temp-path=%{_localstatedir}/cache/%{name}-mail/proxy_temp \
- --http-fastcgi-temp-path=%{_localstatedir}/cache/%{name}-mail/fastcgi_temp \
%{nil}
mv -f objs/nginx bin/nginx-mail
%endif
%if %{with light}
-build \
- --sbin-path=%{_sbindir}/%{name}-light \
- --conf-path=%{_sysconfdir}/%{name}-light.conf \
- --error-log-path=%{_localstatedir}/log/%{name}/%{name}-light_error.log \
- --http-log-path=%{_localstatedir}/log/%{name}/%{name}-light_access.log \
- --pid-path=%{_localstatedir}/run/%{name}-light.pid \
- --lock-path=%{_localstatedir}/lock/subsys/%{name}-light \
- %{?with_ipv6:--with-ipv6} \
- %{?with_poll:--with-poll_module} \
+build light \
%{?with_realip:--with-http_realip_module} \
- %{?with_rtsig:--with-rtsig_module} \
- %{?with_select:--with-select_module} \
%{?with_status:--with-http_stub_status_module} \
%{?with_ssl:--with-http_ssl_module} \
%{?with_rtmp:--add-module=./nginx-rtmp-module} \
%{?with_auth_request:--with-http_auth_request_module} \
%{?with_threads:--with-threads} \
%{?with_spdy:--with-http_spdy_module} \
+ %{?with_modsecurity:--add-module=modsecurity-%{modsecurity_version}/nginx/modsecurity} \
--without-http_browser_module \
- --without-mail_pop3_module \
- --without-mail_imap_module \
- --without-mail_smtp_module \
--with-http_secure_link_module \
- --http-client-body-temp-path=%{_localstatedir}/cache/%{name}-light/client_body_temp \
- --http-proxy-temp-path=%{_localstatedir}/cache/%{name}-light/proxy_temp \
- --http-fastcgi-temp-path=%{_localstatedir}/cache/%{name}-light/fastcgi_temp \
%{nil}
mv -f objs/nginx bin/nginx-light
%endif
-build \
- --sbin-path=%{_sbindir}/%{name}-standard \
- --conf-path=%{_sysconfdir}/%{name}-standard.conf \
- --error-log-path=%{_localstatedir}/log/%{name}/%{name}-standard_error.log \
- --http-log-path=%{_localstatedir}/log/%{name}/%{name}-standard_access.log \
- --pid-path=%{_localstatedir}/run/%{name}-standard.pid \
- --lock-path=%{_localstatedir}/lock/subsys/%{name}-standard \
+build standard \
%{?with_addition:--with-http_addition_module} \
%{?with_dav:--with-http_dav_module} \
%{?with_flv:--with-http_flv_module} \
- %{?with_ipv6:--with-ipv6} \
%{?with_sub:--with-http_sub_module} \
- %{?with_poll:--with-poll_module} \
%{?with_realip:--with-http_realip_module} \
- %{?with_rtsig:--with-rtsig_module} \
- %{?with_select:--with-select_module} \
%{?with_status:--with-http_stub_status_module} \
%{?with_ssl:--with-http_ssl_module} \
%{!?with_http_browser:--without-http_browser_module} \
%{?with_rtmp:--add-module=./nginx-rtmp-module} \
%{?with_auth_request:--with-http_auth_request_module} \
%{?with_threads:--with-threads} \
+ %{?with_modsecurity:--add-module=modsecurity-%{modsecurity_version}/nginx/modsecurity} \
--with-http_secure_link_module \
- --http-client-body-temp-path=%{_localstatedir}/cache/%{name}-standard/client_body_temp \
- --http-proxy-temp-path=%{_localstatedir}/cache/%{name}-standard/proxy_temp \
- --http-fastcgi-temp-path=%{_localstatedir}/cache/%{name}-standard/fastcgi_temp \
%{nil}
-mv -f objs/%{name} bin/%{name}-standard
+mv -f objs/nginx bin/nginx-standard
%install
rm -rf $RPM_BUILD_ROOT
cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/proxy.conf
cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/logrotate.d/%{name}
cp -p %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/mime.types
-cp -p %{SOURCE14} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}-standard.conf
-cp -p %{SOURCE15} $RPM_BUILD_ROOT/etc/monit/%{name}-standard.monitrc
-install -p %{SOURCE16} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}-standard
-cp -p %{SOURCE18} $RPM_BUILD_ROOT%{systemdunitdir}/%{name}-standard.service
-install -p bin/nginx-standard $RPM_BUILD_ROOT%{_sbindir}
+
+install_build() {
+ local type=$1
+ %{__sed} -e 's/@type@/standard/g' %{_sourcedir}/%{name}.conf \
+ > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}-$type.conf
+
+ install -p %{SOURCE7} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}-$type
+ %{__sed} -i -e 's/@type@/standard/g' $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}-$type
+
+ cp -p %{_sourcedir}/%{name}-$type.service $RPM_BUILD_ROOT%{systemdunitdir}
+ cp -p %{_sourcedir}/%{name}-$type.monitrc $RPM_BUILD_ROOT/etc/monit
+ install -p bin/%{name}-$type $RPM_BUILD_ROOT%{_sbindir}
+}
+
+install_build standard
ln -sf %{systemdunitdir}/%{name}-standard.service $RPM_BUILD_ROOT/etc/systemd/system/nginx.service
%if %{with light}
-cp -p %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}-light.conf
-cp -p %{SOURCE6} $RPM_BUILD_ROOT/etc/monit/%{name}-light.monitrc
-cp -p %{SOURCE7} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}-light
-cp -p %{SOURCE19} $RPM_BUILD_ROOT%{systemdunitdir}/%{name}-light.service
-install -p bin/nginx-light $RPM_BUILD_ROOT%{_sbindir}
-%endif
-
-%if %{with mail}
-cp -p %{SOURCE8} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}-mail.conf
-cp -p %{SOURCE9} $RPM_BUILD_ROOT/etc/monit/%{name}-mail.monitrc
-install -p bin/nginx-mail $RPM_BUILD_ROOT%{_sbindir}
-install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}-mail
-cp -p %{SOURCE21} $RPM_BUILD_ROOT%{systemdunitdir}/%{name}-mail.service
+install_build light
%endif
%if %{with perl}
install -d $RPM_BUILD_ROOT{%{perl_vendorarch},%{perl_vendorarch}/auto/%{name}}
-cp -p %{SOURCE11} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}-perl.conf
-cp -p %{SOURCE12} $RPM_BUILD_ROOT/etc/monit/%{name}-perl.monitrc
-install -p %{SOURCE13} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}-perl
-cp -p %{SOURCE20} $RPM_BUILD_ROOT%{systemdunitdir}/%{name}-perl.service
+install_build perl
cp -p bin/nginx.pm $RPM_BUILD_ROOT%{perl_vendorarch}/%{name}.pm
install -p bin/nginx.so $RPM_BUILD_ROOT%{perl_vendorarch}/auto/%{name}/%{name}.so
install -p bin/nginx-perl $RPM_BUILD_ROOT%{_sbindir}
%endif
-rm -f $RPM_BUILD_ROOT%{_sysconfdir}/*.default
-rm -rf $RPM_BUILD_ROOT%{_prefix}/html
+%if %{with mail}
+install_build mail
+%endif
# only touch these for ghost packaging
touch $RPM_BUILD_ROOT%{_sysconfdir}/{fastcgi,scgi,uwsgi}.params
done
/sbin/chkconfig --add %{name}-standard
%systemd_post %{name}-standard.service
-%service %{name}-standard restart
+%service %{name}-standard force-reload
echo 'NOTE: this nginx daemon is using "/etc/nginx/nginx-standard.conf" as config.'
if ! [ -L /etc/systemd/system/nginx.service ] ; then
ln -s %{systemdunitdir}/%{name}-standard.service /etc/systemd/system/nginx.service || :
done
/sbin/chkconfig --add %{name}-light
%systemd_post %{name}-light.service
-%service %{name}-light restart
+%service %{name}-light force-reload
echo 'NOTE: this nginx daemon is using "/etc/nginx/nginx-light.conf" as config'
%post perl
done
/sbin/chkconfig --add %{name}-perl
%systemd_post %{name}-perl.service
-%service %{name}-perl restart
+%service %{name}-perl force-reload
echo 'NOTE: this nginx daemon is using "/etc/nginx/nginx-perl.conf" as config'
%post mail
done
/sbin/chkconfig --add %{name}-mail
%systemd_post %{name}-mail.service
-%service %{name}-mail restart
+%service %{name}-mail force-reload
echo 'NOTE: this nginx daemon is using "/etc/nginx/nginx-mail.conf" as config'
%preun standard
%defattr(644,root,root,755)
%doc CHANGES LICENSE README html/index.html conf/nginx.conf
%doc %lang(ru) CHANGES.ru
-%dir %attr(754,root,root) %{_sysconfdir}
+%dir %attr(750,root,nginx) %{_sysconfdir}
%dir %{_nginxdir}
%dir %{_nginxdir}/cgi-bin
%dir %{_nginxdir}/html