nixpkgs/pkgs/servers/http/nginx/default.nix

{ stdenv, fetchurl, fetchFromGitHub, openssl, zlib, pcre, libxml2, libxslt, expat
, gd, geoip
, modules ? []
, hardening ? true
}:

with stdenv.lib;

let
  version = "1.8.1";
  mainSrc = fetchurl {
    url = "http://nginx.org/download/nginx-${version}.tar.gz";
    sha256 = "1dwpyw4pvhj68vxramqxm8f79pqz9lrm8mvifbn49h3615ikqjwg";
  };

in

stdenv.mkDerivation rec {
  name = "nginx-${version}";
  src = mainSrc;

  buildInputs =
    [ openssl zlib pcre libxml2 libxslt gd geoip ]
    ++ concatMap (mod: mod.inputs or []) modules;

  configureFlags = [
    "--with-select_module"
    "--with-poll_module"
    "--with-threads"
    "--with-http_ssl_module"
    "--with-http_spdy_module"
    "--with-http_realip_module"
    "--with-http_addition_module"
    "--with-http_xslt_module"
    "--with-http_image_filter_module"
    "--with-http_geoip_module"
    "--with-http_sub_module"
    "--with-http_dav_module"
    "--with-http_flv_module"
    "--with-http_mp4_module"
    "--with-http_gunzip_module"
    "--with-http_gzip_static_module"
    "--with-http_auth_request_module"
    "--with-http_random_index_module"
    "--with-http_secure_link_module"
    "--with-http_degradation_module"
    "--with-http_stub_status_module"
    "--with-ipv6"
    # Install destination problems
    # "--with-http_perl_module"
  ] ++ optionals (elem stdenv.system (with platforms; linux ++ freebsd))
        [ "--with-file-aio" "--with-aio_module" ]
    ++ map (mod: "--add-module=${mod.src}") modules;

  NIX_CFLAGS_COMPILE = [ "-I${libxml2}/include/libxml2" ] ++ optional stdenv.isDarwin "-Wno-error=deprecated-declarations -Wno-error=conditional-uninitialized";

  preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules)
    + optionalString (hardening && (stdenv.cc.cc.isGNU or false)) ''
      configureFlagsArray=(
        --with-cc-opt="-fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2"
        --with-ld-opt="-pie -Wl,-z,relro,-z,now"
      )
    ''
    ;

  meta = {
    description = "A reverse proxy and lightweight webserver";
    homepage    = http://nginx.org;
    license     = licenses.bsd2;
    platforms   = platforms.all;
    maintainers = with maintainers; [ thoughtpolice raskin ];
  };
}
nginx: 1.6.1 -> 1.6.2 Additionally, update all extensions and convert them to fetchFromGitHub 2014-09-20 03:42:02 +04:00			`{ stdenv, fetchurl, fetchFromGitHub, openssl, zlib, pcre, libxml2, libxslt, expat`
nginx: factor out modules in a separate file 2015-10-19 11:48:43 +03:00			`, gd, geoip`
			`, modules ? []`
nginx, nginxUnstable: enable hardening. Flags as recommended by @arno01 (Andrey Arapov) in #7190 2016-03-04 18:54:27 +03:00			`, hardening ? true`
nginx: Add set-misc-nginx-module 2015-01-21 14:38:34 +03:00			`}:`
nginx: add echo module, fix aio on linux&freebsd 2014-06-03 17:59:08 +04:00
			`with stdenv.lib;`
nginx: Update to 1.2.4 2012-10-09 22:20:44 +04:00
nginx: Don't fetch the full WebDAV extension unless needed Signed-off-by: Shea Levy <shea@shealevy.com> 2013-05-05 23:48:07 +04:00			`let`
nginx: 1.8.0->1.8.1, 1.9.9->1.9.10 2016-01-26 20:12:01 +03:00			`version = "1.8.1";`
Fixing automatic update of Nginx 2013-11-25 10:58:34 +04:00			`mainSrc = fetchurl {`
			`url = "http://nginx.org/download/nginx-${version}.tar.gz";`
nginx: 1.8.0->1.8.1, 1.9.9->1.9.10 2016-01-26 20:12:01 +03:00			`sha256 = "1dwpyw4pvhj68vxramqxm8f79pqz9lrm8mvifbn49h3615ikqjwg";`
Fixing automatic update of Nginx 2013-11-25 10:58:34 +04:00			`};`

nginx: Don't fetch the full WebDAV extension unless needed Signed-off-by: Shea Levy <shea@shealevy.com> 2013-05-05 23:48:07 +04:00			`in`

update nginx to 1.1.7 svn path=/nixpkgs/trunk/; revision=30144 2011-10-31 22:26:20 +04:00			`stdenv.mkDerivation rec {`
Fixing automatic update of Nginx 2013-11-25 10:58:34 +04:00			`name = "nginx-${version}";`
			`src = mainSrc;`
nginx: Update to 1.2.4 2012-10-09 22:20:44 +04:00
nginx: upgrade to 1.6.0, expose many more modules By default, we now build all the optional nginx modules, including the out-of-band ones like moreheaders and rtmp support. Signed-off-by: Austin Seipp <aseipp@pobox.com> 2014-05-02 10:18:44 +04:00			`buildInputs =`
nginx: factor out modules in a separate file 2015-10-19 11:48:43 +03:00			`[ openssl zlib pcre libxml2 libxslt gd geoip ]`
			`++ concatMap (mod: mod.inputs or []) modules;`
nginx: Add optional patch for syslog support. close #1055. 2013-10-10 04:38:47 +04:00
Added nginx - lightweight http server svn path=/nixpkgs/trunk/; revision=13518 2008-11-30 12:06:53 +03:00			`configureFlags = [`
nginx: 1.6.3 -> 1.8.0 2015-04-23 01:28:10 +03:00			`"--with-select_module"`
			`"--with-poll_module"`
			`"--with-threads"`
Added nginx - lightweight http server svn path=/nixpkgs/trunk/; revision=13518 2008-11-30 12:06:53 +03:00			`"--with-http_ssl_module"`
nginx: enable ipv6 and spdy 2013-12-13 12:41:22 +04:00			`"--with-http_spdy_module"`
nginx: upgrade to 1.6.0, expose many more modules By default, we now build all the optional nginx modules, including the out-of-band ones like moreheaders and rtmp support. Signed-off-by: Austin Seipp <aseipp@pobox.com> 2014-05-02 10:18:44 +04:00			`"--with-http_realip_module"`
			`"--with-http_addition_module"`
Added nginx - lightweight http server svn path=/nixpkgs/trunk/; revision=13518 2008-11-30 12:06:53 +03:00			`"--with-http_xslt_module"`
nginx: upgrade to 1.6.0, expose many more modules By default, we now build all the optional nginx modules, including the out-of-band ones like moreheaders and rtmp support. Signed-off-by: Austin Seipp <aseipp@pobox.com> 2014-05-02 10:18:44 +04:00			`"--with-http_image_filter_module"`
			`"--with-http_geoip_module"`
Added nginx - lightweight http server svn path=/nixpkgs/trunk/; revision=13518 2008-11-30 12:06:53 +03:00			`"--with-http_sub_module"`
			`"--with-http_dav_module"`
nginx: upgrade to 1.6.0, expose many more modules By default, we now build all the optional nginx modules, including the out-of-band ones like moreheaders and rtmp support. Signed-off-by: Austin Seipp <aseipp@pobox.com> 2014-05-02 10:18:44 +04:00			`"--with-http_flv_module"`
			`"--with-http_mp4_module"`
			`"--with-http_gunzip_module"`
Added nginx - lightweight http server svn path=/nixpkgs/trunk/; revision=13518 2008-11-30 12:06:53 +03:00			`"--with-http_gzip_static_module"`
nginx: upgrade to 1.6.0, expose many more modules By default, we now build all the optional nginx modules, including the out-of-band ones like moreheaders and rtmp support. Signed-off-by: Austin Seipp <aseipp@pobox.com> 2014-05-02 10:18:44 +04:00			`"--with-http_auth_request_module"`
			`"--with-http_random_index_module"`
Added nginx - lightweight http server svn path=/nixpkgs/trunk/; revision=13518 2008-11-30 12:06:53 +03:00			`"--with-http_secure_link_module"`
nginx: upgrade to 1.6.0, expose many more modules By default, we now build all the optional nginx modules, including the out-of-band ones like moreheaders and rtmp support. Signed-off-by: Austin Seipp <aseipp@pobox.com> 2014-05-02 10:18:44 +04:00			`"--with-http_degradation_module"`
nginx: build http_stub_status module Signed-off-by: Austin Seipp <aseipp@pobox.com> 2014-05-02 09:42:40 +04:00			`"--with-http_stub_status_module"`
nginx: enable ipv6 and spdy 2013-12-13 12:41:22 +04:00			`"--with-ipv6"`
Update nginx svn path=/nixpkgs/trunk/; revision=20988 2010-04-09 15:26:54 +04:00			`# Install destination problems`
nginx: Update to 1.2.4 2012-10-09 22:20:44 +04:00			`# "--with-http_perl_module"`
nginx: factor out modules in a separate file 2015-10-19 11:48:43 +03:00			`] ++ optionals (elem stdenv.system (with platforms; linux ++ freebsd))`
nginx: Fix build for Darwin (no AIO there) 2015-05-21 20:41:57 +03:00			`[ "--with-file-aio" "--with-aio_module" ]`
nginx: factor out modules in a separate file 2015-10-19 11:48:43 +03:00			`++ map (mod: "--add-module=${mod.src}") modules;`
Add -Wno-error=deprecated-declarations for nginx, required to build on Darwin 2014-05-05 11:18:47 +04:00
nginx: factor out modules in a separate file 2015-10-19 11:48:43 +03:00			`NIX_CFLAGS_COMPILE = [ "-I${libxml2}/include/libxml2" ] ++ optional stdenv.isDarwin "-Wno-error=deprecated-declarations -Wno-error=conditional-uninitialized";`
nginx: add support for modescurity 2015-09-23 21:28:44 +03:00
nginx, nginxUnstable: enable hardening. Flags as recommended by @arno01 (Andrey Arapov) in #7190 2016-03-04 18:54:27 +03:00			`preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules)`
nginx, nginxUnstable: hardening: only use when the compiler is gcc 2016-03-04 18:57:47 +03:00			`+ optionalString (hardening && (stdenv.cc.cc.isGNU or false)) ''`
nginx, nginxUnstable: enable hardening. Flags as recommended by @arno01 (Andrey Arapov) in #7190 2016-03-04 18:54:27 +03:00			`configureFlagsArray=(`
			`--with-cc-opt="-fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2"`
			`--with-ld-opt="-pie -Wl,-z,relro,-z,now"`
			`)`
			`''`
			`;`
Added nginx - lightweight http server svn path=/nixpkgs/trunk/; revision=13518 2008-11-30 12:06:53 +03:00
			`meta = {`
nginx: Update to 1.2.4 2012-10-09 22:20:44 +04:00			`description = "A reverse proxy and lightweight webserver";`
nginx: upgrade to 1.6.0, expose many more modules By default, we now build all the optional nginx modules, including the out-of-band ones like moreheaders and rtmp support. Signed-off-by: Austin Seipp <aseipp@pobox.com> 2014-05-02 10:18:44 +04:00			`homepage = http://nginx.org;`
nginx: add echo module, fix aio on linux&freebsd 2014-06-03 17:59:08 +04:00			`license = licenses.bsd2;`
			`platforms = platforms.all;`
			`maintainers = with maintainers; [ thoughtpolice raskin ];`
Added nginx - lightweight http server svn path=/nixpkgs/trunk/; revision=13518 2008-11-30 12:06:53 +03:00			`};`
			`}`