# - missing perl build/install requires
#
# Conditional build for nginx:
-%bcond_with light # don't build light version
+# Features
+%bcond_with debug # enable debug logging: http://nginx.org/en/docs/debugging_log.html
+%bcond_without threads # thread pool support
+# Modules
+%bcond_without addition # http addition module
+%bcond_without auth_request # auth_request module
+%bcond_without dav # WebDAV
+%bcond_without flv # http FLV module
+%bcond_without gd # without http image filter module
+%bcond_without geoip # without http geoip module and stream geoip module
+%bcond_without http2 # HTTP/2 module
%bcond_without mail # don't build imap/mail proxy
%bcond_without perl # don't build with perl module
-%bcond_without addition # adds module
-%bcond_without dav # WebDAV
-%bcond_without flv # FLV stream
-%bcond_without ipv6 # build without ipv6 support
-%bcond_without sub # ngx_http_sub_module
-%bcond_without poll # poll
+%bcond_without poll # poll module
%bcond_without realip # real ip (behind proxy)
-%bcond_without select # select
-%bcond_without http2 # HTTP/2 module
-%bcond_without status # status module
-%bcond_without ssl # ssl support
-%bcond_without threads # thread pool support
-%bcond_with http_browser # header "User-agent" parser
-%bcond_with rtmp # rtmp support
-%bcond_with debug # enable debug logging: http://nginx.org/en/docs/debugging_log.html
-%bcond_without auth_request # auth_request module
+%bcond_without select # select module
+%bcond_without ssl # ssl support and http ssl module
+%bcond_without stream # TCP/UDP proxy module
+%bcond_without stub_status # http stub status module
+%bcond_without sub # ngx_http_sub_module
+%bcond_without xslt # without http xslt module
+%bcond_with http_browser # http browser module (header "User-agent" parser)
%bcond_with modsecurity # modsecurity module
+%bcond_with rtmp # rtmp support
%ifarch x32
%undefine with_rtsig
# - mainline: production quality but API can change
Name: nginx
Version: 1.11.5
-Release: 0.1
+Release: 0.6
License: BSD-like
Group: Networking/Daemons/HTTP
Source0: http://nginx.org/download/%{name}-%{version}.tar.gz
Source18: %{name}.service
Source22: http://www.modsecurity.org/tarball/%{modsecurity_version}/modsecurity-%{modsecurity_version}.tar.gz
# Source22-md5: 0fa92b852abc857a20b9e24f83f814cf
-Source101: https://github.com/arut/nginx-rtmp-module/archive/v%{rtmp_version}/nginx-rtmp-module-%{rtmp_version}.tar.gz
+Source101: https://github.com/arut/nginx-rtmp-module/archive/v%{rtmp_version}/%{name}-rtmp-module-%{rtmp_version}.tar.gz
# Source101-md5: 8006de2560db3e55bb15d110220076ac
Patch0: %{name}-no-Werror.patch
Patch1: %{name}-modsecurity-xheaders.patch
URL: http://nginx.net/
-%{?with_modsecurity:BuildRequires: lua-devel}
BuildRequires: mailcap
-%{?with_ssl:BuildRequires: openssl-devel >= %{ssl_version}}
BuildRequires: pcre-devel
-%{?with_perl:BuildRequires: perl-CGI}
-%{?with_perl:BuildRequires: perl-devel}
-%{?with_perl:BuildRequires: python}
-%{?with_perl:BuildRequires: rpm-perlprov}
BuildRequires: rpmbuild(macros) >= 1.644
BuildRequires: zlib-devel
-%{?with_ssl:Requires: openssl >= %{ssl_version}}
+%if %{with geoip}
+BuildRequires: GeoIP-devel
+%endif
+%if %{with gd}
+BuildRequires: gd-devel
+%endif
+%if %{with modsecurity}
+BuildRequires: lua-devel
+%endif
+%if %{with perl}
+BuildRequires: perl-CGI
+BuildRequires: perl-devel
+BuildRequires: python
+BuildRequires: rpm-perlprov
+%endif
+%if %{with ssl}
+BuildRequires: openssl-devel >= %{ssl_version}
+Requires: openssl >= %{ssl_version}
+%endif
+%if %{with xslt}
+BuildRequires: libxslt-devel
+%endif
Provides: group(http)
Provides: group(nginx)
Provides: user(nginx)
Requires: rc-scripts >= 0.2.0
Requires: systemd-units >= 38
Suggests: vim-syntax-nginx
+Conflicts: rpm < 4.4.2-0.2
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%define _sysconfdir /etc/%{name}
%define _nginxdir /home/services/%{name}
+# minimizing restarts logics. we restart webserver:
+#
+# 1. at the end of transaction. (posttrans, feature from rpm 4.4.2)
+# 2. first install of module (post: $1 = 1)
+# 2. uninstall of module (postun: $1 == 0)
+#
+# the strict internal deps between modules and
+# main package are very important for all this to work.
+
+# restart webserver at the end of transaction
+
+%define restart_webserver \
+ %systemd_post %{name}.service \
+ %service %{name} force-reload \
+ %{nil}
+
+# macro called at module post scriptlet
+%define module_post \
+if [ "$1" = "1" ]; then \
+ %restart_webserver \
+fi
+
+# macro called at module postun scriptlet
+%define module_postun \
+if [ "$1" = "0" ]; then \
+ %restart_webserver \
+fi
+
+# it's sooo annoying to write them
+%define module_scripts() \
+%post %1 \
+%module_post \
+\
+%postun %1 \
+%module_postun
+
%description
nginx ("engine x") is a high-performance HTTP server and reverse
proxy, as well as an IMAP/POP3 proxy server. nginx was written by Igor
fazie beta, już zasłynął dzięki stabilności, bogactwu dodatków,
prostej konfiguracji oraz małej "zasobożerności".
-%package perl
-Summary: High perfomance HTTP and reverse proxy server
-Summary(pl.UTF-8): Serwer HTTP i odwrotne proxy o wysokiej wydajności
-Group: Networking/Daemons/HTTP
+%package mod_http_geoip
+Summary: Nginx HTTP geoip module
+Group: Daemons
Requires: %{name} = %{version}-%{release}
+Requires: GeoIP
-%description perl
-nginx ("engine x") is a high-performance HTTP server and reverse
-proxy, as well as an IMAP/POP3 proxy server. nginx was written by Igor
-Sysoev for Rambler.ru, Russia's second-most visited website, where it
-has been running in production for over two and a half years. Igor has
-released the source code under a BSD-like license. Although still in
-beta, nginx is known for its stability, rich feature set, simple
-configuration, and low resource consumption.
+%description mod_http_geoip
+Nginx HTTP geoip module.
-nginx with Perl support. Mail modules not included.
+%package mod_stream_geoip
+Summary: Nginx stream geoip module
+Group: Daemons
+Requires: %{name} = %{version}-%{release}
+Requires: %{name}-mod_stream = %{version}-%{release}
+Requires: GeoIP
-%description perl -l pl.UTF-8
-nginx ("engine x") jest wysokowydajnym serwerem HTTP, odwrotnym proxy
-a także IMAP/POP3 proxy. nginx został napisany przez Igora Sysoeva na
-potrzeby serwisu Rambler.ru. Jest to drugi pod względem ilości
-odwiedzin serwis w Rosji i działa od ponad dwóch i pół roku. Igor
-opublikował źródła na licencji BSD. Mimo, że projekt jest ciągle w
-fazie beta, już zasłynął dzięki stabilności, bogactwu dodatków,
-prostej konfiguracji oraz małej "zasobożerności".
+%description mod_stream_geoip
+Nginx stream geoip module.
+
+%package mod_http_image_filter
+Summary: Nginx HTTP image filter module
+Group: Daemons
+Requires: %{name} = %{version}-%{release}
-nginx z obsługą Perla. Bez wsparcia dla modułów poczty.
+%description mod_http_image_filter
+Nginx HTTP image filter module.
-%package mail
-Summary: High perfomance IMAP, POP3, SMTP proxy server
-Summary(pl.UTF-8): IMAP, POP3, SMTP proxy o wysokiej wydajności
+%package mod_http_perl
+Summary: Nginx HTTP Perl module
Group: Networking/Daemons/HTTP
Requires: %{name} = %{version}-%{release}
-%description mail
-nginx ("engine x") is a high-performance HTTP server and reverse
-proxy, as well as an IMAP/POP3 proxy server. nginx was written by Igor
-Sysoev for Rambler.ru, Russia's second-most visited website, where it
-has been running in production for over two and a half years. Igor has
-released the source code under a BSD-like license. Although still in
-beta, nginx is known for its stability, rich feature set, simple
-configuration, and low resource consumption.
+%description mod_http_perl
+Nginx HTTP Perl module.
-nginx with mail support. Only mail modules included.
+%package mod_http_xslt_filter
+Summary: Nginx XSLT module
+Group: Daemons
+Requires: %{name} = %{version}-%{release}
-%description mail -l pl.UTF-8
-nginx ("engine x") jest wysokowydajnym serwerem HTTP, odwrotnym proxy
-a także IMAP/POP3 proxy. nginx został napisany przez Igora Sysoeva na
-potrzeby serwisu Rambler.ru. Jest to drugi pod względem ilości
-odwiedzin serwis w Rosji i działa od ponad dwóch i pół roku. Igor
-opublikował źródła na licencji BSD. Mimo, że projekt jest ciągle w
-fazie beta, już zasłynął dzięki stabilności, bogactwu dodatków,
-prostej konfiguracji oraz małej "zasobożerności".
+%description mod_http_xslt_filter
+Nginx XSLT module.
+
+%package mod_mail
+Summary: Nginx mail module
+Group: Networking/Daemons/HTTP
+Requires: %{name} = %{version}-%{release}
+
+%description mod_mail
+Nginx mail module.
+
+%package mod_stream
+Summary: Nginx stream modules
+Group: Daemons
+Requires: %{name} = %{version}-%{release}
-nginx ze wsparciem tylko dla modułów poczty.
+%description mod_stream
+Nginx stream modules.
%package -n monit-rc-nginx
Summary: nginx support for monit
# NB: not autoconf generated configure
cp -f configure auto/
-install -d bin
-
-# build with default options
-build() {
- local type=$1; shift
./configure \
--prefix=%{_prefix} \
--modules-path=%{_libdir}/%{name}/modules \
--http-proxy-temp-path=%{_localstatedir}/cache/%{name}/proxy_temp \
--user=nginx \
--group=nginx \
- %{?with_ipv6:--with-ipv6} \
%{?with_select:--with-select_module} \
%{?with_poll:--with-poll_module} \
%{?with_rtsig:--with-rtsig_module} \
-%if %{with perl}
- --with-http_perl_module=dynamic \
-%endif
+ %{?with_perl:--with-http_perl_module=dynamic} \
+ %{?with_gd:--with-http_image_filter_module=dynamic} \
+ %{?with_xslt:--with-http_xslt_module=dynamic} \
+ %{?with_geoip:--with-http_geoip_module=dynamic} \
+ %{?with_geoip:--with-stream_geoip_module=dynamic} \
%if %{with mail}
--with-mail=dynamic \
--with-mail_ssl_module \
+%endif
+%if %{with stream}
+ --with-stream=dynamic \
+ --with-stream_ssl_module \
%endif
--with-cc="%{__cc}" \
--with-cc-opt="%{rpmcflags}" \
--with-ld-opt="%{rpmldflags}" \
%{?with_debug:--with-debug} \
- "$@"
-%{__make}
-}
-
-%if %{with modsecurity}
-cd modsecurity-%{modsecurity_version}
-./autogen.sh
-%configure \
- --enable-standalone-module \
- --disable-mlogc \
- --enable-alp2 \
- --with-lua=/usr
-%{__make}
-cd ..
-%endif
-
-%if %{with perl} && 0
-build perl \
- --with-http_perl_module \
%{?with_addition:--with-http_addition_module} \
%{?with_dav:--with-http_dav_module} \
%{?with_flv:--with-http_flv_module} \
%{?with_sub:--with-http_sub_module} \
%{?with_realip:--with-http_realip_module} \
- %{?with_status:--with-http_stub_status_module} \
+ %{?with_stub_status:--with-http_stub_status_module} \
%{?with_ssl:--with-http_ssl_module} \
%{!?with_http_browser:--without-http_browser_module} \
%{?with_rtmp:--add-module=./nginx-rtmp-module} \
%{?with_auth_request:--with-http_auth_request_module} \
%{?with_threads:--with-threads} \
%{?with_http2:--with-http_v2_module} \
- --with-http_secure_link_module \
- %{nil}
-
-mv -f objs/nginx bin/nginx-perl
-mv -f objs/src/http/modules/perl/blib/arch/auto/nginx/nginx.so bin/nginx.so
-mv -f objs/src/http/modules/perl/nginx.pm bin/nginx.pm
-%endif
-
-%if %{with mail} && 0
-build mail \
- --without-http \
- --with-imap \
- --with-mail \
- --with-mail_ssl_module \
- %{nil}
-
-mv -f objs/nginx bin/nginx-mail
-%endif
-
-%if %{with light}
-build light \
- %{?with_realip:--with-http_realip_module} \
- %{?with_status:--with-http_stub_status_module} \
- %{?with_ssl:--with-http_ssl_module} \
- %{?with_rtmp:--add-module=./nginx-rtmp-module} \
- %{?with_auth_request:--with-http_auth_request_module} \
- %{?with_threads:--with-threads} \
- %{?with_http2:--with-http_v2_module} \
%{?with_modsecurity:--add-module=modsecurity-%{modsecurity_version}/nginx/modsecurity} \
- --without-http_browser_module \
--with-http_secure_link_module \
%{nil}
-mv -f objs/nginx bin/nginx-light
-%endif
+%{__make}
-build standard \
- %{?with_addition:--with-http_addition_module} \
- %{?with_dav:--with-http_dav_module} \
- %{?with_flv:--with-http_flv_module} \
- %{?with_sub:--with-http_sub_module} \
- %{?with_realip:--with-http_realip_module} \
- %{?with_status:--with-http_stub_status_module} \
- %{?with_ssl:--with-http_ssl_module} \
- %{!?with_http_browser:--without-http_browser_module} \
- %{?with_rtmp:--add-module=./nginx-rtmp-module} \
- %{?with_auth_request:--with-http_auth_request_module} \
- %{?with_threads:--with-threads} \
- %{?with_http2:--with-http_v2_module} \
- %{?with_modsecurity:--add-module=modsecurity-%{modsecurity_version}/nginx/modsecurity} \
- --with-http_secure_link_module \
- %{nil}
+%if %{with modsecurity}
+cd modsecurity-%{modsecurity_version}
+./autogen.sh
+%configure \
+ --enable-standalone-module \
+ --disable-mlogc \
+ --enable-alp2 \
+ --with-lua=/usr
+%{__make}
+cd ..
+%endif
%install
rm -rf $RPM_BUILD_ROOT
$RPM_BUILD_ROOT%{_localstatedir}/log/{%{name},archive/%{name}} \
$RPM_BUILD_ROOT%{_localstatedir}/cache/%{name} \
$RPM_BUILD_ROOT%{_localstatedir}/lock/subsys/%{name} \
- $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/{vhosts,webapps}.d} \
+ $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/{conf,modules,vhosts,webapps}.d} \
$RPM_BUILD_ROOT/etc/{logrotate.d,monit} \
$RPM_BUILD_ROOT{%{systemdunitdir},/etc/systemd/system}
cp -p html/50x.html $RPM_BUILD_ROOT%{_nginxdir}/errors
cp -p %{SOURCE1} $RPM_BUILD_ROOT%{_nginxdir}/html/favicon.ico
+load_module() {
+ local module=ngx_${1}_module.so conffile=mod_$1.conf
+ printf 'load_module "%{_libdir}/%{name}/modules/%s";' "$module" \
+ > $RPM_BUILD_ROOT%{_sysconfdir}/modules.d/$conffile
+}
+
%if %{with perl}
%{__rm} $RPM_BUILD_ROOT%{perl_archlib}/perllocal.pod
%{__rm} $RPM_BUILD_ROOT%{perl_vendorarch}/auto/nginx/.packlist
+load_module http_perl
%endif
-# only touch these for ghost packaging
-touch $RPM_BUILD_ROOT%{_sysconfdir}/{fastcgi,scgi,uwsgi}.params
+%if %{with geoip}
+load_module http_geoip
+load_module stream_geoip
+%endif
+%if %{with gd}
+load_module http_image_filter
+%endif
+%if %{with xslt}
+load_module http_xslt_filter
+%endif
+%if %{with mail}
+load_module mail
+%endif
+%if %{with stream}
+load_module stream
+%endif
%clean
rm -rf $RPM_BUILD_ROOT
fi
done
/sbin/chkconfig --add %{name}
-%systemd_post %{name}.service
-%service %{name} force-reload
+
+%posttrans
+%restart_webserver
%preun
if [ "$1" = "0" ];then
fi
%systemd_reload
-%triggerpostun -- %{name}-standard < 1.4.1-4
-%systemd_trigger %{name}-standard.service
-
-%triggerpostun -- %{name}-light < 1.4.1-4
-%systemd_trigger %{name}-light.service
-
-%triggerpostun -- %{name}-perl < 1.4.1-4
-%systemd_trigger %{name}-perl.service
-
-%triggerpostun -- %{name}-mail < 1.4.1-4
-%systemd_trigger %{name}-mail.service
-
-%triggerpostun -- %{name} < 1.8.0-2
-# skip *this* trigger on downgrade
-[ $1 -le 1 ] && exit 0
-ln -sf fastcgi_params %{_sysconfdir}/fastcgi.params
-ln -sf scgi_params %{_sysconfdir}/scgi.params
-ln -sf uwsgi_params %{_sysconfdir}/uwsgi.params
-exit 0
+%module_scripts mod_http_geoip
+%module_scripts mod_http_image_filter
+%module_scripts mod_http_perl
+%module_scripts mod_http_xslt_filter
+%module_scripts mod_mail
+%module_scripts mod_stream
+%module_scripts mod_stream_geoip
%files
%defattr(644,root,root,755)
%doc CHANGES LICENSE README html/index.html conf/nginx.conf
%doc %lang(ru) CHANGES.ru
-%dir %attr(750,root,nginx) %{_sysconfdir}
-%dir %{_nginxdir}
-%dir %{_nginxdir}/cgi-bin
-%dir %{_nginxdir}/html
-%dir %{_nginxdir}/errors
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/%{name}
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/proxy.conf
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fastcgi_params
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/scgi_params
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/uwsgi_params
-%ghost %{_sysconfdir}/fastcgi.params
-%ghost %{_sysconfdir}/scgi.params
-%ghost %{_sysconfdir}/uwsgi.params
+%attr(754,root,root) /etc/rc.d/init.d/%{name}
+%dir %attr(750,root,nginx) %{_sysconfdir}
+%dir %{_sysconfdir}/conf.d
+%dir %{_sysconfdir}/modules.d
+%dir %{_sysconfdir}/vhosts.d
+%dir %{_sysconfdir}/webapps.d
%attr(640,root,root) %{_sysconfdir}/mime.types
%attr(640,root,root) %{_sysconfdir}/koi-utf
%attr(640,root,root) %{_sysconfdir}/koi-win
%attr(640,root,root) %{_sysconfdir}/win-utf
-%dir %{_sysconfdir}/webapps.d
-%dir %{_sysconfdir}/vhosts.d
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nginx.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/proxy.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fastcgi_params
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/scgi_params
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/uwsgi_params
+%attr(755,root,root) %{_sbindir}/%{name}
+%dir %{_libdir}/%{name}
+%dir %{_libdir}/%{name}/modules
+%{systemdunitdir}/%{name}.service
+
%attr(750,nginx,logs) %dir /var/log/archive/%{name}
%attr(750,nginx,logs) /var/log/%{name}
+%attr(770,root,nginx) /var/cache/%{name}
+
+%dir %{_nginxdir}
+%dir %{_nginxdir}/cgi-bin
+%dir %{_nginxdir}/html
+%dir %{_nginxdir}/errors
%config(noreplace,missingok) %verify(not md5 mtime size) %{_nginxdir}/html/*
%config(noreplace,missingok) %verify(not md5 mtime size) %{_nginxdir}/errors/*
+%if %{with geoip}
+%files mod_http_geoip
%defattr(644,root,root,755)
-%attr(755,root,root) %{_sbindir}/%{name}
-%attr(770,root,%{name}) /var/cache/%{name}
-%attr(754,root,root) /etc/rc.d/init.d/%{name}
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}.conf
-%{systemdunitdir}/%{name}.service
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_geoip.conf
+%attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_geoip_module.so
-%if %{with mail}
-%files mail
+%files mod_stream_geoip
%defattr(644,root,root,755)
-%attr(755,root,root) %{_libdir}/%{name}/modules/ngx_mail_module.so
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_stream_geoip.conf
+%attr(755,root,root) %{_libdir}/%{name}/modules/ngx_stream_geoip_module.so
+%endif
+
+%if %{with gd}
+%files mod_http_image_filter
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_image_filter.conf
+%attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_image_filter_module.so
%endif
%if %{with perl}
-%files perl
+%files mod_http_perl
%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_perl.conf
%attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_perl_module.so
%dir %{perl_vendorarch}/auto/%{name}
%attr(755,root,root) %{perl_vendorarch}/auto/%{name}/%{name}.so
%{_mandir}/man3/nginx.3pm*
%endif
+%if %{with xslt}
+%files mod_http_xslt_filter
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_http_xslt_filter.conf
+%attr(755,root,root) %{_libdir}/%{name}/modules/ngx_http_xslt_filter_module.so
+%endif
+
+%if %{with mail}
+%files mod_mail
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_mail.conf
+%attr(755,root,root) %{_libdir}/%{name}/modules/ngx_mail_module.so
+%endif
+
+%if %{with stream}
+%files mod_stream
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/modules.d/mod_stream.conf
+%attr(755,root,root) %{_libdir}/%{name}/modules/ngx_stream_module.so
+%endif
+
%files -n monit-rc-nginx
%defattr(644,root,root,755)
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/monit/%{name}.monitrc