(define-module (glicid packages nginx) #:use-module (ice-9 match) #:use-module (guix) #:use-module (guix build-system gnu) #:use-module (guix download) #:use-module (guix git-download) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix utils) #:use-module (gnu packages compression) #:use-module (gnu packages cpp) #:use-module (gnu packages curl) #:use-module (gnu packages databases) #:use-module (gnu packages datastructures) #:use-module (gnu packages gd) #:use-module (gnu packages geo) #:use-module (gnu packages lua) #:use-module (gnu packages pcre) #:use-module (gnu packages perl) #:use-module (gnu packages pkg-config) #:use-module (gnu packages web) #:use-module (gnu packages xml) #:use-module (gnu packages tls) #:use-module (glicid packages openldap)) (define-public nginx (package (name "nginx") (version "1.25.0") (source (origin (method url-fetch) (uri (string-append "https://nginx.org/download/nginx-" version ".tar.gz")) (sha256 (base32 "130yxrzbs6qw71gclgwh3gijs3r16x147x5wlpla8wijji2lvm2y")))) (build-system gnu-build-system) (inputs (list libxml2 libxslt openssl pcre zlib gd gperftools)) (arguments `(#:tests? #f #:phases (modify-phases %standard-phases (add-before 'configure 'patch-/bin/sh (lambda _ (substitute* "auto/feature" (("/bin/sh") (which "sh"))) #t)) (replace 'configure (lambda* (#:key configure-flags inputs outputs #:allow-other-keys) (let ((flags (append (list (string-append "--prefix=" (assoc-ref outputs "out")) "--with-threads" "--with-file-aio" "--with-http_ssl_module" "--with-http_v2_module" "--with-http_realip_module" "--with-http_addition_module" "--with-http_xslt_module" "--with-http_image_filter_module" "--with-http_sub_module" "--with-http_dav_module" "--with-http_flv_module" "--with-http_mp4_module" "--with-http_gunzip_module" "--with-http_gzip_static_module" "--with-http_auth_request_module" "--with-http_random_index_module" "--with-http_secure_link_module" "--with-http_degradation_module" "--with-http_slice_module" "--with-http_stub_status_module" "--with-mail" "--with-stream" "--with-google_perftools_module" "--with-pcre-jit" ,(let ((system "Linux") (release "3.2.0") (machine (match (or (%current-target-system) (%current-system)) ("x86_64-linux" "x86_64") ("i686-linux" "i686") ("mips64el-linux" "mips64") (_ "UNSUPPORTED")))) (string-append "--crossbuild=" system ":" release ":" machine))) configure-flags))) (setenv "CC" ,(cc-for-target)) (setenv "CFLAGS" (string-append "-I" (assoc-ref inputs "libxml2") "/include/libxml2")) (format #t "configure flags: ~s~%" flags) (apply invoke "./configure" flags) #t))) (add-after 'install 'install-man-page (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) (man (string-append out "/share/man"))) (install-file "objs/nginx.8" (string-append man "/man8")) #t))) (add-after 'install 'fix-root-dirs (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) (share (string-append out "/share/nginx"))) (rmdir (string-append out "/logs")) (mkdir-p share) (rename-file (string-append out "/conf") (string-append share "/conf")) (rename-file (string-append out "/html") (string-append share "/html")) #t)))))) (home-page "https://nginx.org") (synopsis "HTTP and reverse proxy server") (description "Nginx (\"engine X\") is a high-performance web and reverse proxy server created by Igor Sysoev. It can be used both as a stand-alone web server and as a proxy to reduce the load on back-end HTTP or mail servers.") (license (list license:bsd-2 license:expat license:bsd-3 license:bsd-4)))) (define-public nginx-ldap-auth-module (package (inherit nginx) (name "nginx-ldap-auth-module") (version "83c059b") (source (origin (method url-fetch) (uri (list (string-append "https://github.com/kvspb/nginx-auth-ldap/archive/" version ".tar.gz"))) (sha256 (base32 "0r44dhsbw2ssg84vc5i68zdnhd0131nkbkbmxq7rpq9avddlw339")))) (synopsis "LDAP Authentication module for nginx") (description "LDAP module for nginx which supports authentication against multiple LDAP servers.") (build-system gnu-build-system) (inputs `(("nginx-sources" ,(package-source nginx)) ("openldap" ,openldap) ,@(package-inputs nginx))) (arguments (substitute-keyword-arguments `(#:configure-flags '("--add-dynamic-module=.") #:make-flags '("modules") ,@(package-arguments nginx)) ((#:phases phases) `(modify-phases ,phases (add-after 'unpack 'unpack-nginx-sources (lambda* (#:key inputs native-inputs #:allow-other-keys) (begin (format #t "decompressing nginx source code~%") (let ((tar (assoc-ref inputs "tar")) (nginx-srcs (assoc-ref inputs "nginx-sources"))) (invoke (string-append tar "/bin/tar") "xvf" nginx-srcs "--strip-components=1")) #t))) (replace 'install (lambda* (#:key outputs #:allow-other-keys) (let ((modules-dir (string-append (assoc-ref outputs "out") "/etc/nginx/modules"))) (install-file "objs/ngx_http_auth_ldap_module.so" modules-dir) #t))) (delete 'fix-root-dirs) (delete 'install-man-page))))))) (define-public modsecurity (package (name "modsecurity") (version "3.0.9") (source (origin (method url-fetch) (uri (list (string-append "https://github.com/SpiderLabs/ModSecurity/releases/download/v" version "/modsecurity-v" version ".tar.gz"))) (sha256 (base32 "1n6kjldpd1lfga4cn59kawhnpa8phnqvsbb5r7bs2cp34g6iw4d5")))) (synopsis "modsecurity module for nginx") (description "modsecurity module for nginx.") (license license:asl2.0) (home-page "https://github.com/SpiderLabs/ModSecurity") (build-system gnu-build-system) (inputs `(("curl" ,curl) ("libxml2" ,libxml2) ("libxslt" ,libxslt) ("openssl" ,openssl) ("pcre:bin" ,pcre "bin") ("pcre2" ,pcre2) ("zlib" ,zlib) ("pkg-config" ,pkg-config) ("yajl" ,yajl) ("lmdb" ,lmdb) ("ssdeep" ,ssdeep) ("lua" ,lua) ("nginx-sources" ,(package-source nginx)))) (arguments `(#:configure-flags (list (string-append "--with-curl=" (assoc-ref %build-inputs "curl")) (string-append "--with-yajl=" (assoc-ref %build-inputs "yajl")) (string-append "--with-lmdb=" (assoc-ref %build-inputs "lmdb")) (string-append "--with-ssdeep=" (assoc-ref %build-inputs "ssdeep")) (string-append "--with-lua=" (assoc-ref %build-inputs "lua")) (string-append "--with-pcre2=" (assoc-ref %build-inputs "pcre2")) (string-append "--with-libxml=" (assoc-ref %build-inputs "libxml2")) "--with-geoip=no" "--with-maxmind=no" "--disable-doxygen-doc" "--enable-standalone-module") #:phases (modify-phases %standard-phases (add-before 'check 'cleaning-tests (lambda* (#:key input #:allow-other-keys) ; remote tests won't work (with-output-to-file "test/test-cases/regression/action-exec.json" (lambda () (invoke "echo" "'[]'"))) (with-output-to-file "test/test-cases/regression/config-secremoterules.json" (lambda () (invoke "echo" "'[]'"))) (with-output-to-file "test/test-cases/regression/operator-inpectFile.json" (lambda () (invoke "echo" "'[]'"))) (with-output-to-file "test/test-cases/regression/operator-ipMatchFromFile.json" (lambda () (invoke "echo" "'[]'"))) (with-output-to-file "test/test-cases/secrules-language-tests/operators/geoLookup.json" (lambda () (invoke "echo" "'[]'")))))) )))) (define-public nginx-modsecurity-module (package (inherit nginx) (name "nginx-modsecurity-module") (version "1.0.3") (source (origin (method url-fetch) (uri (list (string-append "https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v" version "/modsecurity-nginx-v" version ".tar.gz"))) (sha256 (base32 "1pcayz0kkpr0fvs8fwai0xv7jw9r7ph66vwxm6vrq0mc11r1r0df")))) (synopsis "ModSecurity module for nginx") (description "ModSecurity module for nginx.") (build-system gnu-build-system) (inputs `(("nginx-sources" ,(package-source nginx)) ("modsecurity" ,modsecurity) ,@(package-inputs nginx))) (arguments (substitute-keyword-arguments `(#:configure-flags '("--add-dynamic-module=.") #:make-flags '("modules") ,@(package-arguments nginx)) ((#:phases phases) `(modify-phases ,phases (add-after 'unpack 'unpack-nginx-sources (lambda* (#:key inputs native-inputs #:allow-other-keys) (begin (format #t "decompressing nginx source code~%") (let ((tar (assoc-ref inputs "tar")) (nginx-srcs (assoc-ref inputs "nginx-sources"))) (invoke (string-append tar "/bin/tar") "xvf" nginx-srcs "--strip-components=1")) #t))) (replace 'install (lambda* (#:key outputs #:allow-other-keys) (let ((modules-dir (string-append (assoc-ref outputs "out") "/etc/nginx/modules"))) (install-file "objs/ngx_http_modsecurity_module.so" modules-dir) #t))) (delete 'fix-root-dirs) (delete 'install-man-page))))))) (define-public nginx-geoip2-module (package (inherit nginx) (name "nginx-geoip2-module") (version "3.4") (source (origin (method url-fetch) (uri (list (string-append "https://github.com/leev/ngx_http_geoip2_module/archive/refs/tags/" version ".tar.gz"))) (sha256 (base32 "0lllgnasd97r6xkj70q42rp61cxrz8qlb64l14rmlwcd6hizqwmd")))) (synopsis "GeoIP2 module for nginx") (description "GeoIP2 module for nginx.") (build-system gnu-build-system) (inputs `(("nginx-sources" ,(package-source nginx)) ("libmaxminddb" ,libmaxminddb) ,@(package-inputs nginx))) (arguments (substitute-keyword-arguments `(#:configure-flags '("--add-dynamic-module=.") #:make-flags '("modules") ,@(package-arguments nginx)) ((#:phases phases) `(modify-phases ,phases (add-after 'unpack 'unpack-nginx-sources (lambda* (#:key inputs native-inputs #:allow-other-keys) (begin (format #t "decompressing nginx source code~%") (let ((tar (assoc-ref inputs "tar")) (nginx-srcs (assoc-ref inputs "nginx-sources"))) (invoke (string-append tar "/bin/tar") "xvf" nginx-srcs "--strip-components=1")) #t))) (replace 'install (lambda* (#:key outputs #:allow-other-keys) (let ((modules-dir (string-append (assoc-ref outputs "out") "/etc/nginx/modules"))) (install-file "objs/ngx_http_geoip2_module.so" modules-dir) (install-file "objs/ngx_stream_geoip2_module.so" modules-dir) #t))) (delete 'fix-root-dirs) (delete 'install-man-page))))))) (define-public nginx-http_subs_filter-module (package (inherit nginx) (name "nginx-http_subs_filter-module") (version "e12e965") (source (origin (method url-fetch) (uri (list (string-append "https://github.com/yaoweibin/ngx_http_substitutions_filter_module/archive/" version ".tar.gz"))) (sha256 (base32 "1cxb3yv6085rj50s001p2vblvz5px2v92whwjhb14kl8fnm2cans")))) (synopsis "substitutions_filter module for nginx") (description "substitutions_filter module for nginx.") (build-system gnu-build-system) (inputs `(("nginx-sources" ,(package-source nginx)) ,@(package-inputs nginx))) (arguments (substitute-keyword-arguments `(#:configure-flags '("--add-dynamic-module=.") #:make-flags '("modules") ,@(package-arguments nginx)) ((#:phases phases) `(modify-phases ,phases (add-after 'unpack 'unpack-nginx-sources (lambda* (#:key inputs native-inputs #:allow-other-keys) (begin (format #t "decompressing nginx source code~%") (let ((tar (assoc-ref inputs "tar")) (nginx-srcs (assoc-ref inputs "nginx-sources"))) (invoke (string-append tar "/bin/tar") "xvf" nginx-srcs "--strip-components=1")) #t))) (replace 'install (lambda* (#:key outputs #:allow-other-keys) (let ((modules-dir (string-append (assoc-ref outputs "out") "/etc/nginx/modules"))) (install-file "objs/ngx_http_subs_filter_module.so" modules-dir) #t))) (delete 'fix-root-dirs) (delete 'install-man-page))))))) (define-public nginx-module-vts (package (inherit nginx) (name "nginx-module-vts") (version "v0.2.1") (source (origin (method url-fetch) (uri (list (string-append "https://github.com/vozlt/nginx-module-vts/archive/" version ".tar.gz"))) (sha256 (base32 "1x046w94n026f2aa4zmaf6yw1k86w3p6wqbslnriipz47a6xfqqs")))) (synopsis "Nginx virtual host traffic status module") (description "Nginx virtual host traffic status module.") (build-system gnu-build-system) (inputs `(("nginx-sources" ,(package-source nginx)) ,@(package-inputs nginx))) (arguments (substitute-keyword-arguments `(#:configure-flags '("--add-dynamic-module=.") #:make-flags '("modules") ,@(package-arguments nginx)) ((#:phases phases) `(modify-phases ,phases (add-after 'unpack 'unpack-nginx-sources (lambda* (#:key inputs native-inputs #:allow-other-keys) (begin (format #t "decompressing nginx source code~%") (let ((tar (assoc-ref inputs "tar")) (nginx-srcs (assoc-ref inputs "nginx-sources"))) (invoke (string-append tar "/bin/tar") "xvf" nginx-srcs "--strip-components=1")) #t))) (replace 'install (lambda* (#:key outputs #:allow-other-keys) (let ((modules-dir (string-append (assoc-ref outputs "out") "/etc/nginx/modules"))) (install-file "objs/ngx_http_vhost_traffic_status_module.so" modules-dir) #t))) (delete 'fix-root-dirs) (delete 'install-man-page)))))))