%global _hardened_build 1
%global nginx_user nginx
%global openssl_version 1.1.0h
%global rtmp_version 1.2.1
%global headers_more_version 0.33
%global nchan_version 1.1.14
%global brotli_version git+222564a
%global pcre_version 8.42
%global zlib_version 1.2.11
Name: nginx-openssl
Version: 1.15.2
Release: 1%{?dist}
Summary: Nginx web server and reverse proxy server with openssl
Group: System Environment/Daemons
# BSD License (two clause)
# http://www.freebsd.org/copyright/freebsd-license.html
License: BSD
URL: https://nginx.org/
Source0: https://nginx.org/download/nginx-%{version}.tar.gz
Source1: https://nginx.org/download/nginx-%{version}.tar.gz.asc
Source2: https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz
Source3: https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz.asc
Source4: https://github.com/arut/nginx-rtmp-module/archive/nginx-rtmp-module-%{rtmp_version}.tar.gz
Source5: https://github.com/openresty/headers-more-nginx-module/archive/headers-more-nginx-module-%{headers_more_version}.tar.gz
Source6: ngx_brotli-%{brotli_version}.tar.xz
Source7: https://ftp.pcre.org/pub/pcre/pcre-%{pcre_version}.tar.gz
Source8: https://zlib.net/zlib-%{zlib_version}.tar.gz
Source9: https://github.com/slact/nchan/archive/nchan-v%{nchan_version}.tar.gz
Source10: nginx.service
Source11: nginx.logrotate
Source12: nginx.conf
Source13: nginx-upgrade
Source14: nginx-upgrade.8
Source15: nginx-mime.types
BuildRequires: systemd
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
ExclusiveArch: x86_64
Requires: %{name}-filesystem = %{version}-%{release}
Provides: nginx = %{version}
Provides: bundled(zlib) = %{zlib_version}
Provides: bundled(pcre) = %{pcre_version}
Provides: bundled(openssl-lib) = %{openssl_version}
Conflicts: nginx-boringssl
Conflicts: nginx-libressl
Conflicts: nginx-wolfssl
%description
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.
This package uses OpenSSL for SSL/TLS.
%package all-modules
Group: System Environment/Daemons
Summary: A meta package that installs all available Nginx modules
BuildArch: noarch
Requires: %{name}-mod-http-geoip = %{version}-%{release}
Requires: %{name}-mod-http-headers-more-filter = %{version}-%{release}
Requires: %{name}-mod-http-image-filter = %{version}-%{release}
Requires: %{name}-mod-http-perl = %{version}-%{release}
Requires: %{name}-mod-http-xslt-filter = %{version}-%{release}
Requires: %{name}-mod-mail = %{version}-%{release}
Requires: %{name}-mod-nchan = %{version}-%{release}
Requires: %{name}-mod-rtmp = %{version}-%{release}
Requires: %{name}-mod-stream = %{version}-%{release}
Requires: %{name}-mod-stream-geoip = %{version}-%{release}
%description all-modules
%{summary}.
%package filesystem
Group: System Environment/Daemons
Summary: The basic directory layout for the Nginx server
BuildArch: noarch
Requires: %{name}
Requires(pre): shadow-utils
%description filesystem
The nginx-filesystem package contains the basic directory layout
for the Nginx server including the correct permissions for the
directories.
%package mod-http-geoip
Group: System Environment/Daemons
Summary: Nginx HTTP geoip module
URL: https://nginx.org/en/docs/http/ngx_http_geoip_module.html
BuildRequires: GeoIP-devel
Requires: %{name}
Requires: GeoIP
%description mod-http-geoip
%{summary}.
%package mod-http-headers-more-filter
Group: System Environment/Daemons
Summary: Nginx HTTP Headers more module
URL: https://github.com/openresty/headers-more-nginx-module
Requires: %{name}
%description mod-http-headers-more-filter
%{summary}.
%package mod-http-image-filter
Group: System Environment/Daemons
Summary: Nginx HTTP image filter module
URL: https://nginx.org/en/docs/http/ngx_http_image_filter_module.html
BuildRequires: gd-devel
Requires: %{name}
Requires: gd
%description mod-http-image-filter
%{summary}.
%package mod-http-xslt-filter
Group: System Environment/Daemons
Summary: Nginx XSLT module
URL: https://nginx.org/en/docs/http/ngx_http_xslt_module.html
BuildRequires: libxslt-devel
Requires: %{name}
%description mod-http-xslt-filter
%{summary}.
%package mod-http-perl
Group: System Environment/Daemons
Summary: Nginx HTTP perl module
URL: https://nginx.org/en/docs/http/ngx_http_perl_module.html
BuildRequires: perl-devel
%if 0%{?fedora} >= 24
BuildRequires: perl-generators
%endif
BuildRequires: perl(ExtUtils::Embed)
Requires: %{name}
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
%description mod-http-perl
%{summary}.
%package mod-mail
Group: System Environment/Daemons
Summary: Nginx mail modules
URL: https://nginx.org/en/docs/mail/ngx_mail_core_module.html
Requires: %{name}
%description mod-mail
%{summary}.
%package mod-nchan
Group: System Environment/Daemons
Summary: Nginx nchan module
URL: https://nchan.io/
Requires: %{name}
%description mod-nchan
%{summary}.
%package mod-rtmp
Group: System Environment/Daemons
Summary: Nginx rtmp module
URL: https://github.com/arut/nginx-rtmp-module
Requires: %{name}
%description mod-rtmp
%{summary}.
%package mod-stream
Group: System Environment/Daemons
Summary: Nginx stream modules
URL: https://nginx.org/en/docs/stream/ngx_stream_core_module.html
Requires: %{name}
%description mod-stream
%{summary}.
%package mod-stream-geoip
Group: System Environment/Daemons
Summary: Nginx stream GeoIP modules
URL: https://nginx.org/en/docs/stream/ngx_stream_geoip_module.html
BuildRequires: GeoIP-devel
Requires: %{name}-mod-stream
Requires: GeoIP
%description mod-stream-geoip
%{summary}.
When using this modules, load %{name}-mod-stream before this one.
%prep
%setup -q -n nginx-%{version} -b 2 -b 4 -b 5 -b 6 -b 7 -b 8 -b 9
%if 0%{?rhel} < 8
sed -i -e 's#KillMode=.*#KillMode=process#g' %{SOURCE10}
sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' %{SOURCE12}
%endif
%build
# nginx does not utilize a standard configure script. It has its own
# and the standard configure options cause the nginx configure script
# to error out. This is is also the reason for the DESTDIR environment
# variable.
export DESTDIR=%{buildroot}
./configure \
--prefix=%{_datadir}/nginx \
--sbin-path=%{_sbindir}/nginx \
--modules-path=%{_libdir}/nginx/modules \
--conf-path=%{_sysconfdir}/nginx/nginx.conf \
--error-log-path=%{_localstatedir}/log/nginx/error.log \
--http-log-path=%{_localstatedir}/log/nginx/access.log \
--http-client-body-temp-path=%{_localstatedir}/lib/nginx/tmp/client_body \
--http-proxy-temp-path=%{_localstatedir}/lib/nginx/tmp/proxy \
--http-fastcgi-temp-path=%{_localstatedir}/lib/nginx/tmp/fastcgi \
--http-uwsgi-temp-path=%{_localstatedir}/lib/nginx/tmp/uwsgi \
--http-scgi-temp-path=%{_localstatedir}/lib/nginx/tmp/scgi \
--pid-path=/run/nginx.pid \
--lock-path=/run/lock/subsys/nginx \
--user=%{nginx_user} \
--group=%{nginx_user} \
--with-file-aio \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_perl_module=dynamic \
--with-http_auth_request_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-threads \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_ssl_preread_module \
--with-stream_geoip_module=dynamic \
--with-http_slice_module \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-file-aio \
--with-http_v2_module \
--with-pcre \
--with-pcre-jit \
--with-debug \
--with-compat \
--with-zlib=../zlib-%{zlib_version} \
--with-pcre=../pcre-%{pcre_version} \
--with-openssl=../openssl-%{openssl_version} \
--add-module=../ngx_brotli \
--add-dynamic-module=../nchan-%{nchan_version} \
--add-dynamic-module=../nginx-rtmp-module-%{rtmp_version} \
--add-dynamic-module=../headers-more-nginx-module-%{headers_more_version} \
--with-cc-opt="-fPIC -pie %{optflags}" \
--with-ld-opt="-Wl,-z,now -lrt -Wl,-E"
make %{?_smp_mflags}
%install
make install DESTDIR=%{buildroot} INSTALLDIRS=vendor
find %{buildroot} -type f -name .packlist -exec rm -f '{}' \;
find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \;
find %{buildroot} -type f -empty -exec rm -f '{}' \;
find %{buildroot} -type f -iname '*.so' -exec chmod 0755 '{}' \;
install -p -D -m 0644 %{SOURCE10} \
%{buildroot}%{_unitdir}/nginx.service
install -p -D -m 0644 %{SOURCE11} \
%{buildroot}%{_sysconfdir}/logrotate.d/nginx
install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/conf.d
install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/default.d
install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx
install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx/tmp
install -p -d -m 0700 %{buildroot}%{_localstatedir}/log/nginx
install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/html
install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/modules
install -p -d -m 0755 %{buildroot}%{_libdir}/nginx/modules
install -p -m 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/nginx
install -p -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/nginx/mime.types
install -p -D -m 0644 %{_builddir}/nginx-%{version}/man/nginx.8 \
%{buildroot}%{_mandir}/man8/nginx.8
install -p -D -m 0755 %{SOURCE13} %{buildroot}%{_bindir}/nginx-upgrade
install -p -D -m 0644 %{SOURCE14} %{buildroot}%{_mandir}/man8/nginx-upgrade.8
for i in ftdetect indent syntax; do
install -p -D -m644 contrib/vim/${i}/nginx.vim \
%{buildroot}%{_datadir}/vim/vimfiles/${i}/nginx.vim
done
echo 'load_module "%{_libdir}/nginx/modules/ngx_http_geoip_module.so";' \
> %{buildroot}%{_datadir}/nginx/modules/mod-http-geoip.conf
echo 'load_module "%{_libdir}/nginx/modules/ngx_http_headers_more_filter_module.so";' \
> %{buildroot}%{_datadir}/nginx/modules/mod-http-headers-more-filter.conf
echo 'load_module "%{_libdir}/nginx/modules/ngx_http_image_filter_module.so";' \
> %{buildroot}%{_datadir}/nginx/modules/mod-http-image-filter.conf
echo 'load_module "%{_libdir}/nginx/modules/ngx_http_perl_module.so";' \
> %{buildroot}%{_datadir}/nginx/modules/mod-http-perl.conf
echo 'load_module "%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so";' \
> %{buildroot}%{_datadir}/nginx/modules/mod-http-xslt-filter.conf
echo 'load_module "%{_libdir}/nginx/modules/ngx_mail_module.so";' \
> %{buildroot}%{_datadir}/nginx/modules/mod-mail.conf
echo 'load_module "%{_libdir}/nginx/modules/ngx_nchan_module.so";' \
> %{buildroot}%{_datadir}/nginx/modules/mod-nchan.conf
echo 'load_module "%{_libdir}/nginx/modules/ngx_rtmp_module.so";' \
> %{buildroot}%{_datadir}/nginx/modules/mod-rtmp.conf
echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_module.so";' \
> %{buildroot}%{_datadir}/nginx/modules/mod-stream.conf
echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_geoip_module.so";' \
> %{buildroot}%{_datadir}/nginx/modules/mod-stream-geoip.conf
%pre filesystem
getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user}
getent passwd %{nginx_user} > /dev/null || \
useradd -r -d %{_localstatedir}/lib/nginx -g %{nginx_user} \
-s /sbin/nologin -c "Nginx web server" %{nginx_user}
exit 0
%post
%systemd_post nginx.service
%post mod-http-geoip
if [ $1 -eq 1 ]; then
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
fi
%post mod-http-headers-more-filter
if [ $1 -eq 1 ]; then
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
fi
%post mod-http-image-filter
if [ $1 -eq 1 ]; then
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
fi
%post mod-http-perl
if [ $1 -eq 1 ]; then
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
fi
%post mod-http-xslt-filter
if [ $1 -eq 1 ]; then
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
fi
%post mod-mail
if [ $1 -eq 1 ]; then
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
fi
%post mod-nchan
if [ $1 -eq 1 ]; then
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
fi
%post mod-rtmp
if [ $1 -eq 1 ]; then
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
fi
%post mod-stream
if [ $1 -eq 1 ]; then
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
fi
%post mod-stream-geoip
if [ $1 -eq 1 ]; then
/usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
fi
%preun
%systemd_preun nginx.service
%postun
%systemd_postun nginx.service
if [ $1 -ge 1 ]; then
/usr/bin/nginx-upgrade >/dev/null 2>&1 || :
fi
%files
%license LICENSE
%doc CHANGES README
%{_datadir}/nginx/html/*
%{_bindir}/nginx-upgrade
%{_sbindir}/nginx
%{_datadir}/vim/vimfiles/ftdetect/nginx.vim
%{_datadir}/vim/vimfiles/syntax/nginx.vim
%{_datadir}/vim/vimfiles/indent/nginx.vim
%{_mandir}/man8/nginx.8*
%{_mandir}/man8/nginx-upgrade.8*
%{_unitdir}/nginx.service
%config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf
%config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf.default
%config(noreplace) %{_sysconfdir}/nginx/fastcgi_params
%config(noreplace) %{_sysconfdir}/nginx/fastcgi_params.default
%config(noreplace) %{_sysconfdir}/nginx/koi-utf
%config(noreplace) %{_sysconfdir}/nginx/koi-win
%config(noreplace) %{_sysconfdir}/nginx/mime.types
%config(noreplace) %{_sysconfdir}/nginx/mime.types.default
%config(noreplace) %{_sysconfdir}/nginx/nginx.conf
%config(noreplace) %{_sysconfdir}/nginx/nginx.conf.default
%config(noreplace) %{_sysconfdir}/nginx/scgi_params
%config(noreplace) %{_sysconfdir}/nginx/scgi_params.default
%config(noreplace) %{_sysconfdir}/nginx/uwsgi_params
%config(noreplace) %{_sysconfdir}/nginx/uwsgi_params.default
%config(noreplace) %{_sysconfdir}/nginx/win-utf
%config(noreplace) %{_sysconfdir}/logrotate.d/nginx
%attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/lib/nginx
%attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/lib/nginx/tmp
%attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/log/nginx
%dir %{_libdir}/nginx/modules
%files all-modules
%files filesystem
%dir %{_datadir}/nginx
%dir %{_datadir}/nginx/html
%dir %{_sysconfdir}/nginx
%dir %{_sysconfdir}/nginx/conf.d
%dir %{_sysconfdir}/nginx/default.d
%files mod-http-geoip
%{_datadir}/nginx/modules/mod-http-geoip.conf
%{_libdir}/nginx/modules/ngx_http_geoip_module.so
%files mod-http-headers-more-filter
%{_datadir}/nginx/modules/mod-http-headers-more-filter.conf
%{_libdir}/nginx/modules/ngx_http_headers_more_filter_module.so
%files mod-http-image-filter
%{_datadir}/nginx/modules/mod-http-image-filter.conf
%{_libdir}/nginx/modules/ngx_http_image_filter_module.so
%files mod-http-perl
%{_datadir}/nginx/modules/mod-http-perl.conf
%{_libdir}/nginx/modules/ngx_http_perl_module.so
%{_mandir}/man3/nginx.3pm*
%dir %{perl_vendorarch}/auto/nginx
%{perl_vendorarch}/nginx.pm
%{perl_vendorarch}/auto/nginx/nginx.so
%files mod-http-xslt-filter
%{_datadir}/nginx/modules/mod-http-xslt-filter.conf
%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so
%files mod-mail
%{_datadir}/nginx/modules/mod-mail.conf
%{_libdir}/nginx/modules/ngx_mail_module.so
%files mod-nchan
%{_datadir}/nginx/modules/mod-nchan.conf
%{_libdir}/nginx/modules/ngx_nchan_module.so
%files mod-rtmp
%{_datadir}/nginx/modules/mod-rtmp.conf
%{_libdir}/nginx/modules/ngx_rtmp_module.so
%files mod-stream
%{_datadir}/nginx/modules/mod-stream.conf
%{_libdir}/nginx/modules/ngx_stream_module.so
%files mod-stream-geoip
%{_datadir}/nginx/modules/mod-stream-geoip.conf
%{_libdir}/nginx/modules/ngx_stream_geoip_module.so
%changelog
* Wed Aug 1 2018 Matthias Adler <macedigital@gmail.com> - 1.15.2-1
- Update nginx to 1.15.2
* Thu Jul 5 2018 Matthias Adler <macedigital@gmail.com> - 1.15.1-1
- Update to nginx 1.15.1
* Tue Apr 17 2018 Matthias Adler <macedigital@gmail.com> - 1.14.0-1
- Update to nginx 1.14.0
* Thu Apr 12 2018 Matthias Adler <macedigital@gmail.com> - 1.13.12-1
- Update to nginx 1.13.12
* Fri Apr 6 2018 Matthias Adler <macedigital@gmail.com> - 1.13.11-1
- Update nginx to 1.13.11
- Update pcre to 8.42
- Refer to external sites via https protocol only
* Wed Mar 28 2018 Matthias Adler <macedigital@gmail.com> - 1.13.10-2
- Update openssl to 1.1.0h
Sun Mar 25 2018 Matthias Adler <macedigital@gmail.com> - 1.13.10-1
- Update to nginx 1.13.10
- Remove ct-module
* Fri Nov 3 2017 Matthias Adler <macedigital@gmail.com> - 1.13.6-1
- Update nginx to 1.13.6
- Update openssl to 1.1.0g
* Tue Aug 8 2017 Matthias Adler <macedigital@gmail.com> - 1.13.4-1
- Update nginx to 1.13.4
- Update nginx-rtmp-module to v1.2.0
- Use named packages from github
* Mon Jul 17 2017 Matthias Adler <macedigital@gmail.com> - 1.13.3-1
- Update nginx to 1.13.3 (CVE-2017-7529)
- Update pcre to 8.41
- Add 'nchan' module
- Add documentation URLs to all modules
- Add explicit "bundles" information to provides
* Wed Jun 28 2017 Matthias Adler <macedigital@gmail.com> - 1.13.2-1
- Initial release with openssl 1.1.0f
- Add certificate transparency v1.3.2 dynamic module