diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0c1beb9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/nginx-1.20.1.tar.gz +SOURCES/poweredby.png diff --git a/.rh-nginx120-nginx.metadata b/.rh-nginx120-nginx.metadata new file mode 100644 index 0000000..1d0906d --- /dev/null +++ b/.rh-nginx120-nginx.metadata @@ -0,0 +1,2 @@ +6b4ab4eff3c617e133819f43fdfc14708e593a79 SOURCES/nginx-1.20.1.tar.gz +2ec82988cd0d9b1304c95a16b28eff70f0f69abc SOURCES/poweredby.png diff --git a/SOURCES/404.html b/SOURCES/404.html new file mode 100644 index 0000000..90a98fa --- /dev/null +++ b/SOURCES/404.html @@ -0,0 +1,120 @@ + + + + + The page is not found + + + + + +

nginx error!

+ +
+ +

The page you are looking for is not found.

+ +
+

Website Administrator

+
+

Something has triggered missing webpage on your + website. This is the default 404 error page for + nginx that is distributed with + Red Hat Enterprise Linux. It is located + /opt/rh/rh-nginx$scl_name_version/root/usr/share/nginx/html/404.html

+ +

You should customize this error page for your own + site or edit the error_page directive in + the nginx configuration file + /etc/opt/rh/rh-nginx$scl_name_version/nginx/nginx.conf.

+ +

For information on Red Hat Enterprise Linux, please visit the Red Hat, Inc. website. The documentation for Red Hat Enterprise Linux is available on the Red Hat, Inc. website.

+ +
+
+ +
+ [ Powered by nginx ] + [ Powered by Red Hat Enterprise Linux ] +
+
+ + diff --git a/SOURCES/50x.html b/SOURCES/50x.html new file mode 100644 index 0000000..2d08c10 --- /dev/null +++ b/SOURCES/50x.html @@ -0,0 +1,120 @@ + + + + + The page is temporarily unavailable + + + + + +

nginx error!

+ +
+ +

The page you are looking for is temporarily unavailable. Please try again later.

+ +
+

Website Administrator

+
+

Something has triggered missing webpage on your + website. This is the default error page for + nginx that is distributed with + Red Hat Enterprise Linux. It is located + /opt/rh/rh-nginx$scl_name_version/root/usr/share/nginx/html/50x.html

+ +

You should customize this error page for your own + site or edit the error_page directive in + the nginx configuration file + /etc/opt/rh/rh-nginx$scl_name_version/nginx/nginx.conf.

+ +

For information on Red Hat Enterprise Linux, please visit the Red Hat, Inc. website. The documentation for Red Hat Enterprise Linux is available on the Red Hat, Inc. website.

+ +
+
+ +
+ [ Powered by nginx ] + [ Powered by Red Hat Enterprise Linux ] +
+
+ + diff --git a/SOURCES/README.dynamic b/SOURCES/README.dynamic new file mode 100644 index 0000000..59f03f6 --- /dev/null +++ b/SOURCES/README.dynamic @@ -0,0 +1,20 @@ +############### +Dynamic modules +############### + +Dynamic modules are loaded using the "load_modules" directive. The RPM package +for each module has a '.conf' file in the /usr/share/nginx/modules directory. +The '.conf' file contains a single "load_modules" directive. + +This means that whenever a new dynamic module is installed, it will +automatically be enabled and Nginx will be reloaded. + +-------------------------------------------------------- +Prevent dynamic modules from being enabled automatically +-------------------------------------------------------- + +You may want to avoid dynamic modules being enabled automatically. Simply +remove this line from the top of /etc/nginx/nginx.conf: + + include /usr/lib64/nginx/modules/*.conf; + diff --git a/SOURCES/daemon-scl-helper.sh b/SOURCES/daemon-scl-helper.sh new file mode 100644 index 0000000..36d8000 --- /dev/null +++ b/SOURCES/daemon-scl-helper.sh @@ -0,0 +1,41 @@ +#!/bin/sh + +# This helper script is necessary for having proper SELinux context of daemon +# process run in SCL environment via systemd unit file. +# Without this script the process looses SELinux type because /usr/bin/scl +# has context bin_t and unit_t -> bin_t results in unconfined process running. +# If this helper script has the same SELinux context as the original binary, +# the process will have proper SELinux context. +# +# This script was designed to be usable the same as the scl command is used, +# including the collections given as more arguments, separated from binary +# itself by -- separator. +# So it is possible to use the list of collections to be enabled via +# environment file. +# Thus, instead of: +# /usr/bin/scl enable scl1 scl2 -- /path/to/bin arg1 arg2 +# you can use: +# /usr/bin/this-script enable scl1 scl2 -- /path/to/bin arg1 arg2 +# +# Notice: do not forget to set proper SELinux context for this file. +# The context should be the same as the binary running has. + +action="$1" +shift + +while [ -n "$1" ] && [ "$1" != "--" ] ; do + source scl_source "$action" "$1" + shift +done + +if [ $# -lt 2 ] ; then + echo "Usage `basename $0` enable sclname [sclname ...] -- /path/to/bin [arg ...]" >&2 + exit 1 +fi + +shift + +exec "$@" + + + diff --git a/SOURCES/index.html b/SOURCES/index.html new file mode 100644 index 0000000..f6855a1 --- /dev/null +++ b/SOURCES/index.html @@ -0,0 +1,117 @@ + + + + + Test Page for the Nginx HTTP Server on Red Hat Enterprise Linux + + + + + +

Welcome to nginx on Red Hat Enterprise Linux!

+ +
+

This page is used to test the proper operation of the + nginx HTTP server after it has been + installed. If you can read this page, it means that the + web server installed at this site is working + properly.

+ +
+

Website Administrator

+
+

This is the default index.html page that + is distributed with nginx on + Red Hat Enterprise Linux. It is located in + /opt/rh/rh-nginx$scl_name_version/root/usr/share/nginx/html.

+ +

You should now put your content in a location of + your choice and edit the root configuration + directive in the nginx + configuration file + /etc/opt/rh/rh-nginx$scl_name_version/nginx/nginx.conf.

+ +

For information on Red Hat Enterprise Linux, please visit the Red Hat, Inc. website. The documentation for Red Hat Enterprise Linux is available on the Red Hat, Inc. website.

+ +
+
+ +
+ [ Powered by nginx ] + [ Powered by Red Hat Enterprise Linux ] +
+
+ + diff --git a/SOURCES/nginx-1.14.0-logs-perm.patch b/SOURCES/nginx-1.14.0-logs-perm.patch new file mode 100644 index 0000000..4884a84 --- /dev/null +++ b/SOURCES/nginx-1.14.0-logs-perm.patch @@ -0,0 +1,13 @@ +diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c +index aee7a58..bcceecb 100644 +--- a/src/core/ngx_cycle.c ++++ b/src/core/ngx_cycle.c +@@ -1108,7 +1108,7 @@ ngx_reopen_files(ngx_cycle_t *cycle, ngx_uid_t user) + } + + fd = ngx_open_file(file[i].name.data, NGX_FILE_APPEND, +- NGX_FILE_CREATE_OR_OPEN, NGX_FILE_DEFAULT_ACCESS); ++ NGX_FILE_CREATE_OR_OPEN, NGX_FILE_DEFAULT_ACCESS | 0220); + + ngx_log_debug3(NGX_LOG_DEBUG_EVENT, cycle->log, 0, + "reopen file \"%s\", old:%d new:%d", diff --git a/SOURCES/nginx-1.14.1-perl-module-hardening.patch b/SOURCES/nginx-1.14.1-perl-module-hardening.patch new file mode 100644 index 0000000..1915ebe --- /dev/null +++ b/SOURCES/nginx-1.14.1-perl-module-hardening.patch @@ -0,0 +1,13 @@ +diff --git a/src/http/modules/perl/Makefile.PL b/src/http/modules/perl/Makefile.PL +index 7edadcb..2ebb7c4 100644 +--- a/src/http/modules/perl/Makefile.PL ++++ b/src/http/modules/perl/Makefile.PL +@@ -14,7 +14,7 @@ WriteMakefile( + AUTHOR => 'Igor Sysoev', + + CCFLAGS => "$ENV{NGX_PM_CFLAGS}", +- OPTIMIZE => '-O', ++ OPTIMIZE => '-O2', + + LDDLFLAGS => "$ENV{NGX_PM_LDFLAGS}", + diff --git a/SOURCES/nginx-1.16.0-pkcs11.patch b/SOURCES/nginx-1.16.0-pkcs11.patch new file mode 100644 index 0000000..b367d5b --- /dev/null +++ b/SOURCES/nginx-1.16.0-pkcs11.patch @@ -0,0 +1,29 @@ +diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c +index 7be4fb4..ab3865a 100644 +--- a/src/event/ngx_event_openssl.c ++++ b/src/event/ngx_event_openssl.c +@@ -727,16 +727,24 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err, + return NULL; + } + ++ if (!ENGINE_init(engine)) { ++ *err = "ENGINE_init() failed"; ++ ENGINE_free(engine); ++ return NULL; ++ } ++ + *last++ = ':'; + + pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0); + + if (pkey == NULL) { + *err = "ENGINE_load_private_key() failed"; ++ ENGINE_finish(engine); + ENGINE_free(engine); + return NULL; + } + ++ ENGINE_finish(engine); + ENGINE_free(engine); + + return pkey; diff --git a/SOURCES/nginx-auto-cc-gcc.patch b/SOURCES/nginx-auto-cc-gcc.patch new file mode 100644 index 0000000..ff693dc --- /dev/null +++ b/SOURCES/nginx-auto-cc-gcc.patch @@ -0,0 +1,13 @@ +--- auto/cc/gcc.orig 2007-03-22 08:34:53.000000000 -0600 ++++ auto/cc/gcc 2007-03-22 08:58:47.000000000 -0600 +@@ -172,7 +172,9 @@ + + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++# This combined with Fedora's FORTIFY_SOURCE=2 option causes it nginx ++# to not compile. ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" diff --git a/SOURCES/nginx-logo.png b/SOURCES/nginx-logo.png new file mode 100644 index 0000000..638b499 Binary files /dev/null and b/SOURCES/nginx-logo.png differ diff --git a/SOURCES/nginx.conf b/SOURCES/nginx.conf new file mode 100644 index 0000000..bc2f8d6 --- /dev/null +++ b/SOURCES/nginx.conf @@ -0,0 +1,116 @@ +# For more information on configuration, see: +# * Official English Documentation: http://nginx.org/en/docs/ +# * Official Russian Documentation: http://nginx.org/ru/docs/ + +user nginx; +worker_processes auto; +error_log $logdir/error.log; +pid $localstatedir/run/nginx/nginx.pid; + +# Load dynamic modules. See $docdir/README.dynamic. +include $datadir/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +http { + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log $logdir/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 4096; + + include $sysconfdir/nginx/mime.types; + default_type application/octet-stream; + + # Load modular configuration files from the /etc/nginx/conf.d directory. + # See http://nginx.org/en/docs/ngx_core_module.html#include + # for more information. + include $sysconfdir/nginx/conf.d/*.conf; + + server { + listen 80; + listen [::]:80; + server_name _; + root $datadir/nginx/html; + + # Load configuration files for the default server block. + include $sysconfdir/nginx/default.d/*.conf; + + error_page 404 /404.html; + location = /40x.html { + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + } + + + # another virtual host using mix of IP-, name-, and port-based configuration + # + #server { + # listen 8000; + # listen somename:8080; + # server_name somename alias another.alias; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + + + # HTTPS server + # + #server { + # listen 443; + # server_name localhost; + + # ssl on; + # ssl_certificate cert.pem; + # ssl_certificate_key cert.key; + + # ssl_session_timeout 5m; + + # ssl_protocols SSLv2 SSLv3 TLSv1; + # ssl_ciphers HIGH:!aNULL:!MD5; + # ssl_prefer_server_ciphers on; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + +} diff --git a/SOURCES/nginx.init b/SOURCES/nginx.init new file mode 100644 index 0000000..7b8a027 --- /dev/null +++ b/SOURCES/nginx.init @@ -0,0 +1,157 @@ +#!/bin/sh +# +# nginx - this script starts and stops the nginx daemon +# +# chkconfig: - 85 15 +# description: Nginx is an HTTP(S) server, HTTP(S) reverse \ +# proxy and IMAP/POP3 proxy server +# processname: nginx +# config: /etc/nginx/nginx.conf +# config: /etc/sysconfig/nginx +# pidfile: /var/run/nginx.pid + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +# Check that networking is up. +[ "$NETWORKING" = "no" ] && exit 0 + +nginx="$sbindir/nginx" +prog=$(basename $nginx) + +sysconfig="$sysconfdir/sysconfig/$sclprefix$prog" +lockfile="$localstatedir/lock/subsys/nginx" +pidfile="$localstatedir/run/${prog}/${prog}.pid" + +NGINX_CONF_FILE="$sysconfdir/nginx/nginx.conf" + +[ -f $sysconfig ] && . $sysconfig + + +start() { + [ -x $nginx ] || exit 5 + [ -f $NGINX_CONF_FILE ] || exit 6 + echo -n $"Starting $prog: " + daemon $nginx -c $NGINX_CONF_FILE + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + killproc -p $pidfile $prog + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + configtest_q || return 6 + stop + start +} + +reload() { + configtest_q || return 6 + echo -n $"Reloading $prog: " + killproc -p $pidfile $prog -HUP + echo +} + +configtest() { + $nginx -t -c $NGINX_CONF_FILE +} + +configtest_q() { + $nginx -t -q -c $NGINX_CONF_FILE +} + +rh_status() { + status -p $pidfile -l $lockfile $prog +} + +rh_status_q() { + rh_status -p $pidfile -l $lockfile >/dev/null 2>&1 +} + +# Upgrade the binary with no downtime. +upgrade() { + local oldbin_pidfile="${pidfile}.oldbin" + + configtest_q || return 6 + echo -n $"Upgrading $prog: " + killproc -p $pidfile $prog -USR2 + retval=$? + sleep 1 + if [[ -f ${oldbin_pidfile} && -f ${pidfile} ]]; then + killproc -p $oldbin_pidfile $prog -QUIT + success $"$prog online upgrade" + echo + return 0 + else + failure $"$prog online upgrade" + echo + return 1 + fi +} + +# Tell nginx to reopen logs +reopen_logs() { + configtest_q || return 6 + echo -n $"Reopening $prog logs: " + killproc -p $pidfile $prog -USR1 + retval=$? + echo + return $retval +} + +# We have to re-enable SCL environment, because /sbin/service +# clears almost all environment variables. +# Since X_SCLS is cleared as well, we lose information about other +# collections enabled. +source /opt/rh/$sclname/service-environment +source scl_source enable $$upperscl_SCLS_ENABLED + +# we want start daemon only inside "scl enable" invocation +if ! scl_enabled $sclname; then + echo "Collection $sclname has to be listed in /opt/rh/$sclname/service-environment" + exit 1 +fi + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q || exit 0 + $1 + ;; + restart|configtest|reopen_logs) + $1 + ;; + force-reload|upgrade) + rh_status_q || exit 7 + upgrade + ;; + reload) + rh_status_q || exit 7 + $1 + ;; + status|status_q) + rh_$1 + ;; + condrestart|try-restart) + rh_status_q || exit 7 + restart + ;; + *) + echo $"Usage: $0 {start|stop|reload|configtest|status|force-reload|upgrade|restart|reopen_logs}" + exit 2 +esac diff --git a/SOURCES/nginx.logrotate b/SOURCES/nginx.logrotate new file mode 100644 index 0000000..a57d621 --- /dev/null +++ b/SOURCES/nginx.logrotate @@ -0,0 +1,13 @@ +$logdir/*log { + create 0644 nginx nginx + daily + rotate 10 + missingok + notifempty + compress + sharedscripts + postrotate + /bin/kill -USR1 `cat $localstatedir/run/nginx/nginx.pid 2>/dev/null` 2>/dev/null || true + endscript +} + diff --git a/SOURCES/nginx.service b/SOURCES/nginx.service new file mode 100644 index 0000000..47684f8 --- /dev/null +++ b/SOURCES/nginx.service @@ -0,0 +1,24 @@ +[Unit] +Description=The nginx HTTP and reverse proxy server +After=syslog.target network.target remote-fs.target nss-lookup.target + +[Service] +Type=forking +PIDFile=$localstatedir/run/nginx/nginx.pid +EnvironmentFile=/opt/rh/rh-nginx$scl_name_version/service-environment +# Nginx will fail to start if /run/nginx.pid already exists but has the wrong +# SELinux context. This might happen when running `nginx -t` from the cmdline. +# https://bugzilla.redhat.com/show_bug.cgi?id=1268621 +ExecStartPre=/usr/bin/rm -f /var/opt/rh/rh-nginx$scl_name_version/run/nginx/nginx.pid +ExecStartPre=$libexecdir/nginx-scl-helper enable $RH_NGINX$scl_name_version_SCLS_ENABLED -- /usr/bin/scl_enabled rh-nginx$scl_name_version +ExecStartPre=$libexecdir/nginx-scl-helper enable $RH_NGINX$scl_name_version_SCLS_ENABLED -- /opt/rh/rh-nginx$scl_name_version/root/usr/sbin/nginx -t +ExecStart=$libexecdir/nginx-scl-helper enable $RH_NGINX$scl_name_version_SCLS_ENABLED -- /opt/rh/rh-nginx$scl_name_version/root/usr/sbin/nginx +ExecReload=/bin/kill -s HUP $MAINPID +ExecStop=/bin/kill -s QUIT $MAINPID +KillSignal=SIGQUIT +TimeoutStopSec=5 +KillMode=process +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/nginx.sysconfig b/SOURCES/nginx.sysconfig new file mode 100644 index 0000000..19bb3d2 --- /dev/null +++ b/SOURCES/nginx.sysconfig @@ -0,0 +1,4 @@ +# Configuration file for the nginx service + +# set this to the location of the nginx configuration file +NGINX_CONF_FILE=$sysconfdir/nginx/nginx.conf diff --git a/SOURCES/scl-register-helper.sh b/SOURCES/scl-register-helper.sh new file mode 100644 index 0000000..fea08d0 --- /dev/null +++ b/SOURCES/scl-register-helper.sh @@ -0,0 +1,113 @@ +#!/bin/sh + +scl_reggen(){ + + # helper function to save some chars + add2file(){ + if ! [ -f "${2}" ] ; then + mkdir -p $(dirname "${2}") + echo "#!/bin/sh" >"${2}" + chmod a+x "${2}" + fi + echo "${1}" >>"${2}" + } + + package=$1 + [ -z "$package" ] && echo "No package specified." && return 1 + shift + + while [ -n "$1" ] ; do + action="$1" + shift + + case "$action" in + + --cpfile ) + file=$1 + shift + [ -z "$file" ] && echo "No file specified for cpfile." && return 1 + # make dir and cp file + mkdir -p $(dirname ${_SR_BUILDROOT}${_SR_SCL_SCRIPTS}/register.content${file}) + cp ${_SR_BUILDROOT}${file} ${_SR_BUILDROOT}${_SR_SCL_SCRIPTS}/register.content${file} + # add command to script that handles copying file on register + add2file "cp -n ${_SR_SCL_SCRIPTS}/register.content${file} ${file}" \ + ${_SR_BUILDROOT}${_SR_SCL_SCRIPTS}/register.d/50.${package}.content-create + # add command to script that handles removing file on deregister + add2file "rm -f ${file}" ${_SR_BUILDROOT}${_SR_SCL_SCRIPTS}/deregister.d/50.${package}.content-remove + ;; + + --selinux ) + dst=$1 + src=$2 + shift 2 + [ -z "$dst" ] && echo "No src or dst specified for selinux." && return 1 + # store rule for setting selinux + add2file "semanage fcontext -a -e \"$src\" \"$dst\" >/dev/null 2>&1 || :" \ + ${_SR_BUILDROOT}${_SR_SCL_SCRIPTS}/register.d/20.${package}.selinux-set + # store rule for restoring selinux + add2file "restorecon -R \"$dst\" >/dev/null 2>&1 || :" \ + ${_SR_BUILDROOT}${_SR_SCL_SCRIPTS}/register.d/80.${package}.selinux-restore + ;; + + --mkdir ) + dst=$1 + shift + [ -z "$dst" ] && echo "No dst specified for mkdir." && return 1 + # store command for creating directory + add2file "mkdir -p ${dst}" ${_SR_BUILDROOT}${_SR_SCL_SCRIPTS}/register.d/40.${package}.content-create + # store command for removing directory if empty, ignore errors + add2file "rmdir --ignore-fail-on-non-empty -p ${dst}" \ + ${_SR_BUILDROOT}${_SR_SCL_SCRIPTS}/deregister.d/60.${package}.content-remove + ;; + + --touch ) + file=$1 + shift + [ -z "$file" ] && echo "No file specified for touch." && return 1 + # store command for creating file + add2file "touch ${file}" ${_SR_BUILDROOT}${_SR_SCL_SCRIPTS}/register.d/50.${package}.content-create + # add command to script that handles removing file on deregister + add2file "rm -f ${file}" ${_SR_BUILDROOT}${_SR_SCL_SCRIPTS}/deregister.d/50.${package}.content-remove + ;; + + --chmod ) + dst=$2 + args=$1 + shift 2 + [ -z "$args" ] && echo "No dst or args specified for chmod." && return 1 + # store command for chmod + add2file "chmod $args ${dst}" ${_SR_BUILDROOT}${_SR_SCL_SCRIPTS}/register.d/60.${package}.attrs + ;; + + --chown ) + dst=$1 + args=$2 + shift 2 + [ -z "$args" ] && echo "No dst or args specified for chown." && return 1 + # store command for chown + add2file "chown $args ${dst}" ${_SR_BUILDROOT}${_SR_SCL_SCRIPTS}/register.d/60.${package}.attrs + ;; + + --runafterregister ) + cmd=$1 + shift + [ -z "$cmd" ] && echo "No cmd specified for run." && return 1 + # store command for running after + add2file "$cmd" ${_SR_BUILDROOT}${_SR_SCL_SCRIPTS}/register.d/90.${package}.run + ;; + + --runafterderegister ) + cmd=$1 + shift + [ -z "$cmd" ] && echo "No cmd specified for run." && return 1 + # store command for running after + add2file "$cmd" ${_SR_BUILDROOT}${_SR_SCL_SCRIPTS}/deregister.d/90.${package}.run + ;; + + *) + echo "Wrong action $*" + return 1 + ;; + esac + done +} diff --git a/SPECS/nginx.spec b/SPECS/nginx.spec new file mode 100644 index 0000000..766bff6 --- /dev/null +++ b/SPECS/nginx.spec @@ -0,0 +1,997 @@ +%{?scl:%scl_package nginx} + +%if 0%{?rhel} > 6 +%define use_systemd 1 +%else +%define use_systemd 0 +%endif + +%define use_perl 1 + +%define use_geoip 0 +%global with_gperftools 0 + +%global _hardened_build 1 +%global nginx_user nginx +%global nginx_group %{nginx_user} +%global nginx_home %{_localstatedir}/lib/nginx +%global nginx_home_tmp %{nginx_home}/tmp +%global nginx_confdir %{_sysconfdir}/nginx +%global nginx_datadir %{_datadir}/nginx +%global nginx_logdir %{_localstatedir}/log/nginx +%global nginx_webroot %{nginx_datadir}/html + +%global service_name %{?scl_prefix}nginx + +%if 0%{?scl:1} +%global scl_upper %{lua:print(string.upper(string.gsub(rpm.expand("%{scl}"), "-", "_")))} +%{!?scl_name_version: %global scl_name_version %{lua:print(string.match(rpm.expand("%{scl}"), "%d+$"))}} +%endif + +%{!?scl_perl_prefix: %global scl_perl_prefix rh-perl530-} +%{!?_nginx_perl_vendorarch: %global _nginx_perl_vendorarch %perl_vendorarch} + +%{?filter_setup: +%filter_requires_in %{_nginx_perl_vendorarch} +%filter_provides_in %{_nginx_perl_vendorarch} +%filter_provides_in %{_libdir}/nginx/modules +%filter_setup +} + +Name: %{?scl:%scl_prefix}nginx +Epoch: 1 +Version: 1.20.1 +Release: 1%{?dist} +Summary: A high performance web server and reverse proxy server +Group: System Environment/Daemons +# BSD License (two clause) +# http://www.freebsd.org/copyright/freebsd-license.html +License: BSD +URL: http://nginx.org/ + +Source0: http://nginx.org/download/nginx-%{version}.tar.gz +Source2: scl-register-helper.sh +Source3: daemon-scl-helper.sh +Source10: nginx.service +Source11: nginx.logrotate +Source12: nginx.conf +Source15: nginx.init +Source16: nginx.sysconfig +Source100: index.html +Source101: poweredby.png +Source102: nginx-logo.png +Source103: 404.html +Source104: 50x.html +Source200: README.dynamic + +# removes -Werror in upstream build scripts. -Werror conflicts with +# -D_FORTIFY_SOURCE=2 causing warnings to turn into errors. +Patch0: nginx-auto-cc-gcc.patch + +# downstream patch - changing logs permissions to 664 instead +# previous 644 +Patch1: nginx-1.14.0-logs-perm.patch + +# PKCS#11 engine fix +Patch2: nginx-1.16.0-pkcs11.patch + +# https://bugzilla.redhat.com/show_bug.cgi?id=1655530 +Patch3: nginx-1.14.1-perl-module-hardening.patch + + +BuildRequires: gd-devel +%if 0%{?with_gperftools} +BuildRequires: gperftools-devel +%endif +BuildRequires: libxslt-devel +BuildRequires: openssl-devel >= 1:1.0.2k +BuildRequires: pcre-devel +BuildRequires: zlib-devel +%if 0%{?use_geoip} +BuildRequires: GeoIP-devel +%endif +Requires: gd +Requires(pre): shadow-utils +Provides: webserver + +%if %{use_systemd} +BuildRequires: systemd +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +%else +Requires(post): chkconfig +Requires(preun): chkconfig, initscripts +Requires(postun): initscripts +%endif +Requires(post): policycoreutils-python libselinux-utils +%{?scl:Requires:%scl_runtime} + +%description +Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and +IMAP protocols, with a strong focus on high concurrency, performance and low +memory usage. + +%if 0%{?use_geoip} +%package mod-http-geoip +Group: System Environment/Daemons +Summary: Nginx HTTP geoip module +BuildRequires: GeoIP-devel +Requires: %{?scl:%scl_prefix}nginx +Requires: GeoIP + +%description mod-http-geoip +%{summary}. +%endif + +%package mod-http-image-filter +Group: System Environment/Daemons +Summary: Nginx HTTP image filter module +BuildRequires: gd-devel +Requires: %{?scl:%scl_prefix}nginx +Requires: gd + +%description mod-http-image-filter +%{summary}. + +%if 0%{?use_perl} +%package mod-http-perl +Group: System Environment/Daemons +Summary: Nginx HTTP perl module +BuildRequires: %{scl_perl_prefix}perl-devel +%if 0%{?fedora} >= 24 +BuildRequires: %{scl_perl_prefix}perl-generators +%endif +BuildRequires: %{scl_perl_prefix}perl(ExtUtils::Embed) +Requires: %{?scl:%scl_prefix}nginx +Requires: %{scl_perl_prefix}perl(:MODULE_COMPAT_%(%{?scl:scl enable %{scl_perl} '}eval "`%{__perl} -V:version`"; echo $version%{?scl:'})) +Requires: %{scl_perl_prefix}perl(constant) + +%description mod-http-perl +%{summary}. +%endif + +%package mod-http-xslt-filter +Group: System Environment/Daemons +Summary: Nginx XSLT module +BuildRequires: libxslt-devel +Requires: %{?scl:%scl_prefix}nginx + +%description mod-http-xslt-filter +%{summary}. + +%package mod-mail +Group: System Environment/Daemons +Summary: Nginx mail modules +Requires: %{?scl:%scl_prefix}nginx + +%description mod-mail +%{summary}. + +%package mod-stream +Group: System Environment/Daemons +Summary: Nginx stream modules +Requires: %{?scl:%scl_prefix}nginx + +%description mod-stream +%{summary}. + + +%prep +%setup -q -n nginx-%{version} +%patch0 -p0 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +cp %{SOURCE200} . + +%build +%if 0%{?use_perl} +%{?scl:scl enable %{scl_perl} - << \EOF} +%endif +set -x + +# nginx does not utilize a standard configure script. It has its own +# and the standard configure options cause the nginx configure script +# to error out. This is is also the reason for the DESTDIR environment +# variable. +export DESTDIR=%{buildroot} +./configure \ + --prefix=%{nginx_datadir} \ + --sbin-path=%{_sbindir}/nginx \ + --modules-path=%{_libdir}/nginx/modules \ + --conf-path=%{nginx_confdir}/nginx.conf \ + --error-log-path=%{nginx_logdir}/error.log \ + --http-log-path=%{nginx_logdir}/access.log \ + --http-client-body-temp-path=%{nginx_home_tmp}/client_body \ + --http-proxy-temp-path=%{nginx_home_tmp}/proxy \ + --http-fastcgi-temp-path=%{nginx_home_tmp}/fastcgi \ + --http-uwsgi-temp-path=%{nginx_home_tmp}/uwsgi \ + --http-scgi-temp-path=%{nginx_home_tmp}/scgi \ + --pid-path=%{_localstatedir}/run/nginx/nginx.pid \ + --lock-path=%{_localstatedir}/lock/subsys/nginx \ + --user=%{nginx_user} \ + --group=%{nginx_group} \ + --with-file-aio \ + --with-ipv6 \ + --with-http_ssl_module \ + --with-http_v2_module \ + --with-http_auth_request_module \ + --with-http_realip_module \ + --with-stream_ssl_preread_module \ + --with-http_addition_module \ + --with-http_xslt_module=dynamic \ + --with-http_image_filter_module=dynamic \ +%if 0%{?use_geoip} + --with-http_geoip_module=dynamic \ +%endif + --with-http_sub_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_mp4_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_random_index_module \ + --with-http_secure_link_module \ + --with-http_degradation_module \ + --with-http_slice_module \ + --with-http_stub_status_module \ +%if 0%{?use_perl} + --with-http_perl_module=dynamic \ +%endif + --with-mail=dynamic \ + --with-mail_ssl_module \ + --with-pcre \ + --with-pcre-jit \ + --with-stream=dynamic \ + --with-stream_ssl_module \ +%if 0%{?with_gperftools} + --with-google_perftools_module \ +%endif + --with-debug \ + --with-cc-opt="%{optflags} $(pcre-config --cflags)" \ + --with-ld-opt="$RPM_LD_FLAGS -Wl,-E" # so the perl module finds its symbols + +make %{?_smp_mflags} +%if 0%{?use_perl} +%{?scl:EOF} +%endif + +%install +#include helper script for creating register stuff +export _SR_BUILDROOT=%{buildroot} +export _SR_SCL_SCRIPTS=%{?_scl_scripts} +source %{SOURCE2} + +%if 0%{?use_perl} +%{?scl:scl enable %{scl_perl} - << \EOF} +%endif +set -x +make install DESTDIR=%{buildroot} INSTALLDIRS=vendor \ + INSTALLVENDORARCH=%{_nginx_perl_vendorarch} \ + INSTALLVENDORMAN3DIR=%{_mandir}/man3 +%if 0%{?use_perl} +%{?scl:EOF} +%endif + +find %{buildroot} -type f -name .packlist -exec rm -f '{}' \; +find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \; +find %{buildroot} -type f -empty -exec rm -f '{}' \; +find %{buildroot} -type f -iname '*.so' -exec chmod 0755 '{}' \; + +install -D -p -m 0755 %{SOURCE3} \ + %{buildroot}%{_libexecdir}/nginx-scl-helper + +%if %{use_systemd} +install -p -D -m 0644 %{SOURCE10} \ + %{buildroot}%{_unitdir}/%{?scl:%scl_prefix}nginx.service + +sed -i 's|\$sbindir|%{_sbindir}|' \ + %{buildroot}%{_unitdir}/%{?scl:%scl_prefix}nginx.service +sed -i 's|\$localstatedir|%{_localstatedir}|' \ + %{buildroot}%{_unitdir}/%{?scl:%scl_prefix}nginx.service +sed -i 's|\$libexecdir|%{_libexecdir}|' \ + %{buildroot}%{_unitdir}/%{?scl:%scl_prefix}nginx.service +sed -i 's|\$scl_name_version|%{scl_name_version}|g' \ + %{buildroot}%{_unitdir}/%{?scl:%scl_prefix}nginx.service + +touch -r %{SOURCE10} \ + %{buildroot}%{_unitdir}/%{?scl:%scl_prefix}nginx.service + +scl_reggen %{name} --cpfile %{_unitdir}/%{?scl:%scl_prefix}nginx.service + +%else +install -p -D -m 0755 %{SOURCE15} \ + %{buildroot}/etc/rc.d/init.d/%{?scl:%scl_prefix}nginx + +sed -i 's|\$sbindir|%{_sbindir}|' \ + %{buildroot}/etc/rc.d/init.d/%{?scl:%scl_prefix}nginx +sed -i 's|\$localstatedir|%{_localstatedir}|' \ + %{buildroot}/etc/rc.d/init.d/%{?scl:%scl_prefix}nginx +sed -i 's|\$sysconfdir|%{_sysconfdir}|' \ + %{buildroot}/etc/rc.d/init.d/%{?scl:%scl_prefix}nginx +sed -i 's|\$sclprefix|%scl_prefix|g' \ + %{buildroot}/etc/rc.d/init.d/%{?scl:%scl_prefix}nginx +sed -i 's|\$sclname|%scl|g' \ + %{buildroot}/etc/rc.d/init.d/%{?scl:%scl_prefix}nginx +sed -i 's|\$upperscl|%{scl_upper}|g' \ + %{buildroot}/etc/rc.d/init.d/%{?scl:%scl_prefix}nginx +scl_reggen %{name} --cpfile %{_root_initddir}/%{?scl:%scl_prefix}nginx + +install -p -D -m 0644 %{SOURCE16} \ + %{buildroot}/%{_sysconfdir}/sysconfig/%{?scl:%scl_prefix}nginx + +sed -i 's|\$sysconfdir|%{_sysconfdir}|' \ + %{buildroot}/%{_sysconfdir}/sysconfig/%{?scl:%scl_prefix}nginx +scl_reggen %{name} --mkdir %{_sysconfdir}/sysconfig +scl_reggen %{name} --cpfile %{_sysconfdir}/sysconfig/%{?scl:%scl_prefix}nginx +%endif + +install -p -D -m 0644 %{SOURCE11} \ + %{buildroot}/etc/logrotate.d/%{?scl:%scl_prefix}nginx + +sed -i 's|\$logdir|%{nginx_logdir}|' \ + %{buildroot}/etc/logrotate.d/%{?scl:%scl_prefix}nginx +sed -i 's|\$localstatedir|%{_localstatedir}|' \ + %{buildroot}/etc/logrotate.d/%{?scl:%scl_prefix}nginx +scl_reggen %{name} --cpfile %{_root_sysconfdir}/logrotate.d/%{?scl:%scl_prefix}nginx + +install -p -d -m 0755 %{buildroot}%{nginx_confdir}/conf.d +install -p -d -m 0755 %{buildroot}%{nginx_confdir}/default.d + +install -p -d -m 0700 %{buildroot}%{nginx_home} +install -p -d -m 0700 %{buildroot}%{nginx_home_tmp} +install -p -d -m 0700 %{buildroot}%{nginx_home_tmp}/client_body +install -p -d -m 0700 %{buildroot}%{nginx_home_tmp}/proxy +install -p -d -m 0700 %{buildroot}%{nginx_home_tmp}/fastcgi +install -p -d -m 0700 %{buildroot}%{nginx_home_tmp}/uwsgi +install -p -d -m 0700 %{buildroot}%{nginx_home_tmp}/scgi +install -p -d -m 0700 %{buildroot}%{nginx_logdir} +install -p -d -m 0755 %{buildroot}%{nginx_webroot} + +scl_reggen %{name} --mkdir %{nginx_confdir}/conf.d +scl_reggen %{name} --mkdir %{nginx_confdir}/default.d +scl_reggen %{name} --mkdir %{nginx_home} +scl_reggen %{name} --mkdir %{nginx_home_tmp} +scl_reggen %{name} --mkdir %{nginx_home_tmp}/client_body +scl_reggen %{name} --mkdir %{nginx_home_tmp}/proxy +scl_reggen %{name} --mkdir %{nginx_home_tmp}/fastcgi +scl_reggen %{name} --mkdir %{nginx_home_tmp}/uwsgi +scl_reggen %{name} --mkdir %{nginx_home_tmp}/scgi +scl_reggen %{name} --mkdir %{nginx_logdir} +scl_reggen %{name} --mkdir %{nginx_webroot} + +scl_reggen %{name} --chmod 0755 %{nginx_confdir}/conf.d +scl_reggen %{name} --chmod 0755 %{nginx_confdir}/default.d +scl_reggen %{name} --chmod 0700 %{nginx_home} +scl_reggen %{name} --chmod 0700 %{nginx_home_tmp} +scl_reggen %{name} --chmod 0700 %{nginx_home_tmp}/client_body +scl_reggen %{name} --chmod 0700 %{nginx_home_tmp}/proxy +scl_reggen %{name} --chmod 0700 %{nginx_home_tmp}/fastcgi +scl_reggen %{name} --chmod 0700 %{nginx_home_tmp}/uwsgi +scl_reggen %{name} --chmod 0700 %{nginx_home_tmp}/scgi +scl_reggen %{name} --chmod 0700 %{nginx_logdir} +scl_reggen %{name} --chmod 0755 %{nginx_webroot} + +scl_reggen %{name} --cpfile %{nginx_confdir}/fastcgi.conf +scl_reggen %{name} --cpfile %{nginx_confdir}/fastcgi.conf.default +scl_reggen %{name} --cpfile %{nginx_confdir}/fastcgi_params +scl_reggen %{name} --cpfile %{nginx_confdir}/fastcgi_params.default +scl_reggen %{name} --cpfile %{nginx_confdir}/koi-utf +scl_reggen %{name} --cpfile %{nginx_confdir}/koi-win +scl_reggen %{name} --cpfile %{nginx_confdir}/mime.types +scl_reggen %{name} --cpfile %{nginx_confdir}/mime.types.default +scl_reggen %{name} --cpfile %{nginx_confdir}/nginx.conf +scl_reggen %{name} --cpfile %{nginx_confdir}/nginx.conf.default +scl_reggen %{name} --cpfile %{nginx_confdir}/scgi_params +scl_reggen %{name} --cpfile %{nginx_confdir}/scgi_params.default +scl_reggen %{name} --cpfile %{nginx_confdir}/uwsgi_params +scl_reggen %{name} --cpfile %{nginx_confdir}/uwsgi_params.default +scl_reggen %{name} --cpfile %{nginx_confdir}/win-utf + + +scl_reggen %{name} --runafterregister "semanage fcontext -a -e /var/log/nginx %{nginx_logdir} >/dev/null 2>&1 || :" +scl_reggen %{name} --runafterregister "restorecon -R %{nginx_logdir} >/dev/null 2>&1 || :" +scl_reggen %{name} --runafterregister "semanage fcontext -a -e %{_root_sysconfdir}/nginx %{nginx_confdir} >/dev/null 2>&1 || :" +scl_reggen %{name} --runafterregister "restorecon -R %{nginx_confdir} >/dev/null 2>&1 || :" +scl_reggen %{name} --runafterregister "semanage fcontext -a -e %{_root_localstatedir}/lib/nginx %{_localstatedir}/lib/nginx >/dev/null 2>&1 || :" +scl_reggen %{name} --runafterregister "restorecon -R %{_localstatedir}/lib/nginx >/dev/null 2>&1 || :" +scl_reggen %{name} --runafterregister "semanage fcontext -a -e %{_root_localstatedir}/run/nginx %{_localstatedir}/run/nginx >/dev/null 2>&1 || :" +scl_reggen %{name} --runafterregister "restorecon -R %{_localstatedir}/run/nginx >/dev/null 2>&1 || :" + +install -p -m 0644 %{SOURCE12} \ + %{buildroot}%{nginx_confdir} + +# Change the nginx.conf paths +sed -i 's|\$datadir|%{_datadir}|' \ + %{buildroot}%{nginx_confdir}/nginx.conf +sed -i 's|\$docdir|%{_docdir}|' \ + %{buildroot}%{nginx_confdir}/nginx.conf +sed -i 's|\$sysconfdir|%{_sysconfdir}|' \ + %{buildroot}%{nginx_confdir}/nginx.conf +sed -i 's|\$localstatedir|%{_localstatedir}|' \ + %{buildroot}%{nginx_confdir}/nginx.conf +sed -i 's|\$logdir|%{nginx_logdir}|' \ + %{buildroot}%{nginx_confdir}/nginx.conf + +install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/modules +install -p -d -m 0755 %{buildroot}%{_libdir}/nginx/modules + +%if 0%{?use_geoip} +echo 'load_module "%{_libdir}/nginx/modules/ngx_http_geoip_module.so";' \ + > %{buildroot}%{_datadir}/nginx/modules/mod-http-geoip.conf +%endif +echo 'load_module "%{_libdir}/nginx/modules/ngx_http_image_filter_module.so";' \ + > %{buildroot}%{_datadir}/nginx/modules/mod-http-image-filter.conf +%if 0%{?use_perl} +cat > %{buildroot}%{_datadir}/nginx/modules/mod-http-perl.conf < %{buildroot}%{_datadir}/nginx/modules/mod-http-xslt-filter.conf +echo 'load_module "%{_libdir}/nginx/modules/ngx_mail_module.so";' \ + > %{buildroot}%{_datadir}/nginx/modules/mod-mail.conf +echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_module.so";' \ + > %{buildroot}%{_datadir}/nginx/modules/mod-stream.conf + +touch -r %{SOURCE12} %{buildroot}%{nginx_confdir}/nginx.conf \ + %{buildroot}%{_datadir}/nginx/modules/*.conf + +install -p -m 0644 %{SOURCE100} \ + %{buildroot}%{nginx_webroot} +install -p -m 0644 %{SOURCE101} %{SOURCE102} \ + %{buildroot}%{nginx_webroot} +install -p -m 0644 %{SOURCE103} %{SOURCE104} \ + %{buildroot}%{nginx_webroot} + +# Replaces variables in html files with prober values +%if 0%{?scl:1} + +# in all html files +for f in %{SOURCE100} %{SOURCE103} %{SOURCE104}; do + sed -i 's|\$scl_name_version|%{scl_name_version}|g' \ + %{buildroot}%{nginx_webroot}/`basename $f` + + touch -r $f \ + %{buildroot}%{nginx_webroot}/`basename $f` +done +%endif + +install -p -D -m 0644 %{_builddir}/nginx-%{version}/man/nginx.8 \ + %{buildroot}%{_mandir}/man8/nginx.8 + +mkdir -p %{buildroot}%{_localstatedir}/run/nginx + +# Replaces variables in man page with proper values +sed -i 's|\%\%PREFIX\%\%|%{nginx_datadir}|' \ + %{buildroot}%{_mandir}/man8/nginx.8 +sed -i 's|\%\%PID_PATH\%\%|%{_localstatedir}/run/nginx/nginx.pid|' \ + %{buildroot}%{_mandir}/man8/nginx.8 +sed -i 's|\%\%CONF_PATH\%\%|%{nginx_confdir}/nginx.conf|' \ + %{buildroot}%{_mandir}/man8/nginx.8 +sed -i 's|\%\%ERROR_LOG_PATH\%\%|%{nginx_logdir}/error.log|' \ + %{buildroot}%{_mandir}/man8/nginx.8 + +%if 0%{?scl:1} +cat << EOF | tee -a %{buildroot}%{?_scl_scripts}/service-environment +# Services are started in a fresh environment without any influence of user's +# environment (like environment variable values). As a consequence, +# information of all enabled collections will be lost during service start up. +# If user needs to run a service under any software collection enabled, this +# collection has to be written into %{scl_upper}_SCLS_ENABLED variable +# in %{?_scl_scripts}/service-environment. +%{scl_upper}_SCLS_ENABLED="%{scl}" +EOF +%endif #scl + +%pre +getent group %{nginx_group} > /dev/null || groupadd -r %{nginx_group} +getent passwd %{nginx_user} > /dev/null || \ + useradd -r -d %{nginx_home} -g %{nginx_group} \ + -s /sbin/nologin -c "Nginx web server" %{nginx_user} +exit 0 + +%post +restorecon -R %{_scl_root} >/dev/null 2>&1 || : +semanage fcontext -a -e /var/log/nginx %{nginx_logdir} >/dev/null 2>&1 || : +restorecon -R %{nginx_logdir} >/dev/null 2>&1 || : + +semanage fcontext -a -e %{_root_sysconfdir}/nginx %{nginx_confdir} >/dev/null 2>&1 || : +restorecon -R %{nginx_confdir} >/dev/null 2>&1 || : + +semanage fcontext -a -e %{_root_localstatedir}/lib/nginx %{_localstatedir}/lib/nginx >/dev/null 2>&1 || : +restorecon -R %{_localstatedir}/lib/nginx >/dev/null 2>&1 || : + +semanage fcontext -a -e %{_root_localstatedir}/run/nginx %{_localstatedir}/run/nginx >/dev/null 2>&1 || : +restorecon -R %{_localstatedir}/run/nginx >/dev/null 2>&1 || : + +%if %{use_systemd} +# Ensure the helper script has the right context. +semanage fcontext -a -t httpd_exec_t %{_root_libexecdir}/nginx-scl-helper >/dev/null 2>&1 || : +restorecon -R %{_libexecdir}/nginx-scl-helper >/dev/null 2>&1 || : +%systemd_post %{service_name}.service +%else +semanage fcontext -a -e /etc/rc.d/init.d/nginx /etc/rc.d/init.d/%{?scl:%scl_prefix}nginx >/dev/null 2>&1 || : +restorecon -R /etc/rc.d/init.d/%{?scl:%scl_prefix}nginx >/dev/null 2>&1 || : +if [ $1 -eq 1 ]; then + /sbin/chkconfig --add %{name} +fi +%endif +if [ $1 -eq 2 ]; then + # Make sure these directories are not world readable. + chmod 700 %{nginx_home} + chmod -R 700 %{nginx_home_tmp} + chmod 700 %{nginx_logdir} +fi + +%preun +%if %{use_systemd} +%systemd_preun %{service_name}.service +%else +if [ $1 -eq 0 ]; then + /sbin/service %{name} stop >/dev/null 2>&1 + /sbin/chkconfig --del %{name} +fi +%endif + +%postun +%if %{use_systemd} +%systemd_postun %{service_name}.service +%else +if [ $1 -eq 2 ]; then + /sbin/service %{name} upgrade || : +fi +%endif + +%files +%doc LICENSE CHANGES README README.dynamic +%dir %{nginx_datadir} +%{nginx_datadir}/html +%dir %{nginx_datadir}/modules +%{_sbindir}/nginx +%{_mandir}/man8/nginx.8* +%{?scl:%{_libexecdir}/nginx-scl-helper} +%if %{use_systemd} +%{_unitdir}/%{service_name}.service +%else +/etc/rc.d/init.d/%{?scl:%scl_prefix}nginx +%config(noreplace) %{_sysconfdir}/sysconfig/%{?scl:%scl_prefix}nginx +%endif +%dir %{nginx_confdir} +%dir %{nginx_confdir}/conf.d +%dir %{nginx_confdir}/default.d +%config(noreplace) %{nginx_confdir}/fastcgi.conf +%config(noreplace) %{nginx_confdir}/fastcgi.conf.default +%config(noreplace) %{nginx_confdir}/fastcgi_params +%config(noreplace) %{nginx_confdir}/fastcgi_params.default +%config(noreplace) %{nginx_confdir}/koi-utf +%config(noreplace) %{nginx_confdir}/koi-win +%config(noreplace) %{nginx_confdir}/mime.types +%config(noreplace) %{nginx_confdir}/mime.types.default +%config(noreplace) %{nginx_confdir}/nginx.conf +%config(noreplace) %{nginx_confdir}/nginx.conf.default +%config(noreplace) %{nginx_confdir}/scgi_params +%config(noreplace) %{nginx_confdir}/scgi_params.default +%config(noreplace) %{nginx_confdir}/uwsgi_params +%config(noreplace) %{nginx_confdir}/uwsgi_params.default +%config(noreplace) %{nginx_confdir}/win-utf +%config(noreplace) /etc/logrotate.d/%{?scl:%scl_prefix}nginx +%attr(700,%{nginx_user},%{nginx_group}) %dir %{nginx_home} +%attr(700,%{nginx_user},%{nginx_group}) %{nginx_home_tmp} +%attr(700,%{nginx_user},%{nginx_group}) %dir %{nginx_logdir} +%attr(700,%{nginx_user},%{nginx_group}) %dir %{_localstatedir}/run/nginx +%dir %{_libdir}/nginx +%dir %{_libdir}/nginx/modules + +%{?scl: %{_scl_scripts}/register.d/*} +%{?scl: %{_scl_scripts}/register.content/*} +%{?scl: %{_scl_scripts}/deregister.d/*} +%{?scl:%config(noreplace) %{?_scl_scripts}/service-environment} + +%if 0%{?use_geoip} +%files mod-http-geoip +%{_datadir}/nginx/modules/mod-http-geoip.conf +%{_libdir}/nginx/modules/ngx_http_geoip_module.so +%endif + +%files mod-http-image-filter +%{_datadir}/nginx/modules/mod-http-image-filter.conf +%{_libdir}/nginx/modules/ngx_http_image_filter_module.so + +%if 0%{?use_perl} +%files mod-http-perl +%{_datadir}/nginx/modules/mod-http-perl.conf +%{_libdir}/nginx/modules/ngx_http_perl_module.so +%{_nginx_perl_vendorarch}/* +%{_mandir}/man3/nginx.3pm.* +%endif + +%files mod-http-xslt-filter +%{_datadir}/nginx/modules/mod-http-xslt-filter.conf +%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so + +%files mod-mail +%{_datadir}/nginx/modules/mod-mail.conf +%{_libdir}/nginx/modules/ngx_mail_module.so + +%files mod-stream +%{_datadir}/nginx/modules/mod-stream.conf +%{_libdir}/nginx/modules/ngx_stream_module.so + +%changelog +* Wed Jul 14 2021 Luboš Uhliarik - 1:1.20.1-1 +- new version 1.20.1 + +* Tue May 25 2021 Luboš Uhliarik - 1:1.18.0-3 +- Resolves: #1963183 - CVE-2021-23017 rh-nginx118-nginx: nginx: Off-by-one + in ngx_resolver_copy() when labels are followed by a pointer to a root + domain name + +* Wed Sep 16 2020 Lubos Uhliarik - 1:1.18.0-2 +- switch rh-nginx118 to rh-perl530 + +* Tue Jul 21 2020 Lubos Uhliarik - 1:1.18.0-1 +- Resolves: #1853206 - RFE: add collection for NGINX 1.18 +- Increased types_hash_max_size to 4096 in default config +- Drop location / from default config (rhbz#1564768) +- Drop default_sever from default config (rhbz#1373822) + +* Tue Jun 23 2020 Lubos Uhliarik - 1:1.16.1-5 +- Resolves: #1798233 - CVE-2019-20372 rh-nginx116-nginx: nginx: HTTP request + smuggling via error pages in http/ngx_http_special_response.c + +* Mon Oct 07 2019 Lubos Uhliarik - 1:1.16.1-4 +- Resolves: #1758809 - Nginx service does not start (wrong version used in the + systemd unit file) + +* Thu Aug 29 2019 Lubos Uhliarik - 1:1.16.1-3 +- Resolves: #1745696 - CVE-2019-9511 rh-nginx116-nginx: HTTP/2: large amount + of data request leads to denial of service +- Resolves: #1745689 - CVE-2019-9513 rh-nginx116-nginx: HTTP/2: flood using + PRIORITY frames resulting in excessive resource consumption +- Resolves: #1745668 - CVE-2019-9516 rh-nginx116-nginx: HTTP/2: 0-length + headers leads to denial of service + +* Tue Aug 06 2019 Luboš Uhliarik - 1:1.16.0-1 +- Resolves: #1721187 - RFE: add collection for nginx 1.16 +- enable ngx_stream_ssl_preread module + +* Wed Aug 08 2018 Luboš Uhliarik - 1:1.14.0-3 +- fixed service file and error documents + +* Wed Jul 18 2018 Luboš Uhliarik - 1:1.14.0-2 +- Resolves: #1470746 - rh-nginx112: unexpected initscpript action + +* Thu Jul 12 2018 Luboš Uhliarik - 1:1.14.0-1 +- update to version 1.14.0 +- Resolves: #1601544 - Switch rh-nginx114 to rh-perl526 + +* Tue Aug 08 2017 Luboš Uhliarik - 1:1.12.1-2 +- Resolves: #1468712 - missing dependency for perl package + +* Wed Jul 12 2017 Luboš Uhliarik - 1:1.12.1-1 +- update to 1.12.1 +- Resolves: CVE-2017-7529 nginx: Integer overflow in nginx range filter module + leading to memory disclosure + +* Tue Jun 13 2017 Luboš Uhliarik - 1:1.12.0-4 +- Resolved: #1323835 - RFE: add nginx-auth-ldap to rh-nginx18 + +* Tue Jun 06 2017 Luboš Uhliarik - 1:1.12.0-1 +- update to 1.12.0 (#1447400) + +* Thu Mar 23 2017 Joe Orton - 1:1.10.2-7 +- filter auto-provides from module subpackages (#1434349) +- drop perl vendorarch directory ownership (#1434333) + +* Thu Mar 2 2017 Joe Orton - 1:1.10.2-6 +- run nginx under SCL environment from SysV init script + +* Thu Mar 2 2017 Joe Orton - 1:1.10.2-5 +- filter perl(*) req/prov (#1421927) + +* Wed Mar 1 2017 Joe Orton - 1:1.10.2-4 +- drop explicit Requires for openssl, gd +- run nginx under SCL environment from systemd service +- fix module .conf path in nginx.conf +- pass PERL5LIB, LD_LIBRARY_PATH from env when perl is loaded (#1421927) + +* Wed Feb 8 2017 Joe Orton - 1:1.10.2-3 +- add mod-http-perl + +* Thu Jan 19 2017 Joe Orton - 1:1.10.2-2 +- own libdir/nginx + +* Thu Jan 19 2017 Joe Orton - 1:1.10.2-1 +- update to 1.10.2 (#1404779) +- merge changes from Fedora + +* Mon Jun 20 2016 Joe Orton - 1:1.8.1-1 +- update to 1.8.1 (CVE-2016-0742 CVE-2016-0746 CVE-2016-0747) +- add security fix for CVE-2016-4450 + +* Fri Nov 13 2015 Jan Kaluza - 1:1.8.0-4 +- fix SELinux context of /var/opt and /etc/opt directories (#1280221) + +* Fri Sep 11 2015 Jan Kaluza - 1:1.8.0-3 +- fix bad path to nginx.pid in logrotate configuration (#1260595) + +* Tue Aug 11 2015 Jan Kaluza - 1:1.8.0-2 +- move logs to /var/opt/rh/rh-nginx18/log (#1250095) + +* Wed Jul 08 2015 Jan Kaluza - 1:1.8.0-1 +- update to version 1.8.0 + +* Wed Jan 21 2015 Jan Kaluza - 1:1.6.2-3 +- set use_systemd only on RHEL7 + +* Mon Jan 19 2015 Jan Kaluza - 1:1.6.2-2 +- add support for Phusion Passenger + +* Tue Jan 06 2015 Jan Kaluza - 1:1.6.2-1 +- update to version 1.6.2 +- do not use conditionals in systemd macros (#1152514) + +* Wed Sep 17 2014 Jan Kaluza - 1:1.6.1-2 +- prevent SSL session reuse in unrelated server{} blocks (CVE-2014-3616) + +* Wed Aug 06 2014 Jan Kaluza - 1:1.6.1-1 +- update to 1.6.1 (CVE-2014-3556) + +* Wed Jul 02 2014 Jan Kaluza - 1:1.6.0-4 +- correct the path for previous SELinux fix (#1088912) + +* Wed Jul 02 2014 Jan Kaluza - 1:1.6.0-3 +- fix SELinux context of initscript (#1088912) + +* Tue Jun 24 2014 Jan Kaluza - 1:1.6.0-2 +- rebuild because of rename to nginx16 + +* Mon Jun 9 2014 Joe Orton - 1:1.6.0-1 +- update to 1.6.0 (#1101921) + +* Tue Mar 4 2014 Joe Orton - 1:1.4.4-10 +- run restorecon in %%post for #1072266 + +* Tue Mar 4 2014 Joe Orton - 1:1.4.4-9 +- fix SELinux context for log directory (#1072266) + +* Thu Feb 20 2014 Jan Kaluza - 1:1.4.4-8 +- update poweredby logo and show it on default pages (#1065981) + +* Wed Jan 15 2014 Jan Kaluza - 1:1.4.4-7 +- call restorecon in post script (#1052935) + +* Mon Jan 06 2014 Jan Kaluza - 1:1.4.4-6 +- create temp subdirectories in nginx_home_tmp during installation (#1040470) + +* Tue Nov 26 2013 Joe Orton - 1:1.4.4-5 +- further default config tweak + +* Tue Nov 26 2013 Joe Orton - 1:1.4.4-4 +- update config file for log directory + +* Tue Nov 26 2013 Joe Orton - 1:1.4.4-3 +- change log directory + +* Tue Nov 19 2013 Joe Orton - 1:1.4.4-1 +- update to 1.4.4 (CVE-2013-4547) + +* Mon Nov 18 2013 Jan Kaluza - 1:1.4.2-6 +- require scl_runtime + +* Mon Nov 18 2013 Jan Kaluza - 1:1.4.2-5 +- improved index.html + +* Mon Nov 18 2013 Jan Kaluza - 1:1.4.2-4 +- support for software collections + +* Fri Aug 09 2013 Jonathan Steffan - 1:1.4.2-3 +- Add in conditionals to build for non-systemd targets + +* Sat Aug 03 2013 Petr Pisar - 1:1.4.2-2 +- Perl 5.18 rebuild + +* Fri Jul 19 2013 Jamie Nguyen - 1:1.4.2-1 +- update to upstream release 1.4.2 + +* Wed Jul 17 2013 Petr Pisar - 1:1.4.1-3 +- Perl 5.18 rebuild + +* Tue Jun 11 2013 Remi Collet - 1:1.4.1-2 +- rebuild for new GD 2.1.0 + +* Tue May 07 2013 Jamie Nguyen - 1:1.4.1-1 +- update to upstream release 1.4.1 (#960605, #960606): + CVE-2013-2028 stack-based buffer overflow when handling certain chunked + transfer encoding requests + +* Sun Apr 28 2013 Dan Horák - 1:1.4.0-2 +- gperftools exist only on selected arches + +* Fri Apr 26 2013 Jamie Nguyen - 1:1.4.0-1 +- update to upstream release 1.4.0 +- enable SPDY module (new in this version) +- enable http gunzip module (new in this version) +- enable google perftools module and add gperftools-devel to BR +- enable debugging (#956845) +- trim changelog + +* Tue Apr 02 2013 Jamie Nguyen - 1:1.2.8-1 +- update to upstream release 1.2.8 + +* Fri Feb 22 2013 Jamie Nguyen - 1:1.2.7-2 +- make sure nginx directories are not world readable (#913724, #913735) + +* Sat Feb 16 2013 Jamie Nguyen - 1:1.2.7-1 +- update to upstream release 1.2.7 +- add .asc file + +* Tue Feb 05 2013 Jamie Nguyen - 1:1.2.6-6 +- use 'kill' instead of 'systemctl' when rotating log files to workaround + SELinux issue (#889151) + +* Wed Jan 23 2013 Jamie Nguyen - 1:1.2.6-5 +- uncomment "include /etc/nginx/conf.d/*.conf" by default but leave the + conf.d directory empty (#903065) + +* Wed Jan 23 2013 Jamie Nguyen - 1:1.2.6-4 +- add comment in nginx.conf regarding "include /etc/nginf/conf.d/*.conf" + (#903065) + +* Wed Dec 19 2012 Jamie Nguyen - 1:1.2.6-3 +- use correct file ownership when rotating log files + +* Tue Dec 18 2012 Jamie Nguyen - 1:1.2.6-2 +- send correct kill signal and use correct file permissions when rotating + log files (#888225) +- send correct kill signal in nginx-upgrade + +* Tue Dec 11 2012 Jamie Nguyen - 1:1.2.6-1 +- update to upstream release 1.2.6 + +* Sat Nov 17 2012 Jamie Nguyen - 1:1.2.5-1 +- update to upstream release 1.2.5 + +* Sun Oct 28 2012 Jamie Nguyen - 1:1.2.4-1 +- update to upstream release 1.2.4 +- introduce new systemd-rpm macros (#850228) +- link to official documentation not the community wiki (#870733) +- do not run systemctl try-restart after package upgrade to allow the + administrator to run nginx-upgrade and avoid downtime +- add nginx man page (#870738) +- add nginx-upgrade man page and remove README.fedora +- remove chkconfig from Requires(post/preun) +- remove initscripts from Requires(preun/postun) +- remove separate configuration files in "/etc/nginx/conf.d" directory + and revert to upstream default of a centralized nginx.conf file + (#803635) (#842738) + +* Fri Sep 21 2012 Jamie Nguyen - 1:1.2.3-1 +- update to upstream release 1.2.3 + +* Fri Jul 20 2012 Fedora Release Engineering - 1:1.2.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jun 28 2012 Petr Pisar - 1:1.2.1-2 +- Perl 5.16 rebuild + +* Sun Jun 10 2012 Jamie Nguyen - 1:1.2.1-1 +- update to upstream release 1.2.1 + +* Fri Jun 08 2012 Petr Pisar - 1:1.2.0-2 +- Perl 5.16 rebuild + +* Wed May 16 2012 Jamie Nguyen - 1:1.2.0-1 +- update to upstream release 1.2.0 + +* Wed May 16 2012 Jamie Nguyen - 1:1.0.15-4 +- add nginx-upgrade to replace functionality from the nginx initscript + that was lost after migration to systemd +- add README.fedora to describe usage of nginx-upgrade +- nginx.logrotate: use built-in systemd kill command in postrotate script +- nginx.service: start after syslog.target and network.target +- nginx.service: remove unnecessary references to config file location +- nginx.service: use /bin/kill instead of "/usr/sbin/nginx -s" following + advice from nginx-devel +- nginx.service: use private /tmp + +* Mon May 14 2012 Jamie Nguyen - 1:1.0.15-3 +- fix incorrect postrotate script in nginx.logrotate + +* Thu Apr 19 2012 Jamie Nguyen - 1:1.0.15-2 +- renable auto-cc-gcc patch due to warnings on rawhide + +* Sat Apr 14 2012 Jamie Nguyen - 1:1.0.15-1 +- update to upstream release 1.0.15 +- no need to apply auto-cc-gcc patch +- add %%global _hardened_build 1 + +* Thu Mar 15 2012 Jamie Nguyen - 1:1.0.14-1 +- update to upstream release 1.0.14 +- amend some %%changelog formatting + +* Tue Mar 06 2012 Jamie Nguyen - 1:1.0.13-1 +- update to upstream release 1.0.13 +- amend --pid-path and --log-path + +* Sun Mar 04 2012 Jamie Nguyen - 1:1.0.12-5 +- change pid path in nginx.conf to match systemd service file + +* Sun Mar 04 2012 Jamie Nguyen - 1:1.0.12-3 +- fix %%pre scriptlet + +* Mon Feb 20 2012 Jamie Nguyen - 1:1.0.12-2 +- update upstream URL +- replace %%define with %%global +- remove obsolete BuildRoot tag, %%clean section and %%defattr +- remove various unnecessary commands +- add systemd service file and update scriptlets +- add Epoch to accommodate %%triggerun as part of systemd migration + +* Sun Feb 19 2012 Jeremy Hinegardner - 1.0.12-1 +- Update to 1.0.12 + +* Thu Nov 17 2011 Keiran "Affix" Smith - 1.0.10-1 +- Bugfix: a segmentation fault might occur in a worker process if resolver got a big DNS response. Thanks to Ben Hawkes. +- Bugfix: in cache key calculation if internal MD5 implementation wasused; the bug had appeared in 1.0.4. +- Bugfix: the module ngx_http_mp4_module sent incorrect "Content-Length" response header line if the "start" argument was used. Thanks to Piotr Sikora. + +* Thu Oct 27 2011 Keiran "Affix" Smith - 1.0.8-1 +- Update to new 1.0.8 stable release + +* Fri Aug 26 2011 Keiran "Affix" Smith - 1.0.5-1 +- Update nginx to Latest Stable Release + +* Fri Jun 17 2011 Marcela Mašláňová - 1.0.0-3 +- Perl mass rebuild + +* Thu Jun 09 2011 Marcela Mašláňová - 1.0.0-2 +- Perl 5.14 mass rebuild + +* Wed Apr 27 2011 Jeremy Hinegardner - 1.0.0-1 +- Update to 1.0.0 + +* Tue Feb 08 2011 Fedora Release Engineering - 0.8.53-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Sun Dec 12 2010 Jeremy Hinegardner - 0.8.53.5 +- Extract out default config into its own file (bug #635776) + +* Sun Dec 12 2010 Jeremy Hinegardner - 0.8.53-4 +- Revert ownership of log dir + +* Sun Dec 12 2010 Jeremy Hinegardner - 0.8.53-3 +- Change ownership of /var/log/nginx to be 0700 nginx:nginx +- update init script to use killproc -p +- add reopen_logs command to init script +- update init script to use nginx -q option + +* Sun Oct 31 2010 Jeremy Hinegardner - 0.8.53-2 +- Fix linking of perl module + +* Sun Oct 31 2010 Jeremy Hinegardner - 0.8.53-1 +- Update to new stable 0.8.53 + +* Sat Jul 31 2010 Jeremy Hinegardner - 0.7.67-2 +- add Provides: webserver (bug #619693) + +* Sun Jun 20 2010 Jeremy Hinegardner - 0.7.67-1 +- Update to new stable 0.7.67 +- fix bugzilla #591543 + +* Tue Jun 01 2010 Marcela Maslanova - 0.7.65-2 +- Mass rebuild with perl-5.12.0 + +* Mon Feb 15 2010 Jeremy Hinegardner - 0.7.65-1 +- Update to new stable 0.7.65 +- change ownership of logdir to root:root +- add support for ipv6 (bug #561248) +- add random_index_module +- add secure_link_module + +* Fri Dec 04 2009 Jeremy Hinegardner - 0.7.64-1 +- Update to new stable 0.7.64