2022-05-08 21:36:26 +00:00
|
|
|
outer@{ lib, stdenv, fetchurl, fetchpatch, openssl, zlib, pcre, libxml2, libxslt
|
|
|
|
, nginx-doc
|
2021-03-25 12:17:32 +00:00
|
|
|
|
2019-11-29 12:25:24 +00:00
|
|
|
, nixosTests
|
2022-05-20 07:23:31 +00:00
|
|
|
, substituteAll, removeReferencesTo, gd, geoip, perl
|
2018-06-27 23:30:51 +00:00
|
|
|
, withDebug ? false
|
2021-11-22 17:50:12 +00:00
|
|
|
, withKTLS ? false
|
2017-08-19 21:38:17 +00:00
|
|
|
, withStream ? true
|
2017-08-19 21:36:37 +00:00
|
|
|
, withMail ? false
|
2020-06-20 02:22:34 +00:00
|
|
|
, withPerl ? true
|
2022-11-18 17:30:16 +00:00
|
|
|
, withSlice ? false
|
2015-10-19 08:48:43 +00:00
|
|
|
, modules ? []
|
2020-02-04 22:06:02 +00:00
|
|
|
, ...
|
|
|
|
}:
|
|
|
|
|
|
|
|
{ pname ? "nginx"
|
|
|
|
, version
|
|
|
|
, nginxVersion ? version
|
|
|
|
, src ? null # defaults to upstream nginx ${version}
|
|
|
|
, sha256 ? null # when not specifying src
|
|
|
|
, configureFlags ? []
|
2022-12-19 07:37:40 +00:00
|
|
|
, nativeBuildInputs ? []
|
2020-02-04 22:06:02 +00:00
|
|
|
, buildInputs ? []
|
2022-04-16 16:18:05 +00:00
|
|
|
, extraPatches ? []
|
2020-02-04 22:06:02 +00:00
|
|
|
, fixPatch ? p: p
|
2022-12-19 07:37:40 +00:00
|
|
|
, postPatch ? ""
|
2020-02-04 22:06:02 +00:00
|
|
|
, preConfigure ? ""
|
2022-05-22 08:35:48 +00:00
|
|
|
, postInstall ? ""
|
2020-02-04 22:06:02 +00:00
|
|
|
, meta ? null
|
2022-05-08 02:31:56 +00:00
|
|
|
, nginx-doc ? outer.nginx-doc
|
2021-10-07 03:36:02 +00:00
|
|
|
, passthru ? { tests = {}; }
|
2015-01-21 11:38:34 +00:00
|
|
|
}:
|
2014-06-03 13:59:08 +00:00
|
|
|
|
2019-01-21 12:02:16 +00:00
|
|
|
let
|
|
|
|
|
2022-12-14 11:36:30 +00:00
|
|
|
moduleNames = map (mod: mod.name or (throw "The nginx module with source ${toString mod.src} does not have a `name` attribute. This prevents duplicate module detection and is no longer supported."))
|
|
|
|
modules;
|
|
|
|
|
2023-02-07 16:25:15 +00:00
|
|
|
mapModules = attrPath: lib.flip lib.concatMap modules
|
2019-01-21 12:02:16 +00:00
|
|
|
(mod:
|
|
|
|
let supports = mod.supports or (_: true);
|
|
|
|
in
|
2020-02-04 22:06:02 +00:00
|
|
|
if supports nginxVersion then mod.${attrPath} or []
|
|
|
|
else throw "Module at ${toString mod.src} does not support nginx version ${nginxVersion}!");
|
2019-01-21 12:02:16 +00:00
|
|
|
|
|
|
|
in
|
|
|
|
|
2023-02-07 16:25:15 +00:00
|
|
|
assert lib.assertMsg (lib.unique moduleNames == moduleNames)
|
|
|
|
"nginx: duplicate modules: ${lib.concatStringsSep ", " moduleNames}. A common cause for this is that services.nginx.additionalModules adds a module which the nixos module itself already adds.";
|
2022-12-14 11:36:30 +00:00
|
|
|
|
2016-07-18 23:16:51 +00:00
|
|
|
stdenv.mkDerivation {
|
2022-12-19 07:37:40 +00:00
|
|
|
inherit pname version nginxVersion;
|
2016-05-06 08:34:37 +00:00
|
|
|
|
2022-05-08 02:31:56 +00:00
|
|
|
outputs = ["out" "doc"];
|
|
|
|
|
2020-02-04 22:06:02 +00:00
|
|
|
src = if src != null then src else fetchurl {
|
2018-06-28 18:43:35 +00:00
|
|
|
url = "https://nginx.org/download/nginx-${version}.tar.gz";
|
2016-07-18 23:16:51 +00:00
|
|
|
inherit sha256;
|
2013-11-25 06:58:34 +00:00
|
|
|
};
|
|
|
|
|
2022-12-19 07:37:40 +00:00
|
|
|
nativeBuildInputs = [ removeReferencesTo ]
|
|
|
|
++ nativeBuildInputs;
|
|
|
|
|
2019-11-27 17:08:56 +00:00
|
|
|
buildInputs = [ openssl zlib pcre libxml2 libxslt gd geoip perl ]
|
2020-02-04 22:06:02 +00:00
|
|
|
++ buildInputs
|
2019-01-21 12:02:16 +00:00
|
|
|
++ mapModules "inputs";
|
2013-10-10 00:38:47 +00:00
|
|
|
|
2008-11-30 09:06:53 +00:00
|
|
|
configureFlags = [
|
|
|
|
"--with-http_ssl_module"
|
2016-05-03 17:48:39 +00:00
|
|
|
"--with-http_v2_module"
|
2014-05-02 06:18:44 +00:00
|
|
|
"--with-http_realip_module"
|
|
|
|
"--with-http_addition_module"
|
2008-11-30 09:06:53 +00:00
|
|
|
"--with-http_xslt_module"
|
|
|
|
"--with-http_sub_module"
|
|
|
|
"--with-http_dav_module"
|
2014-05-02 06:18:44 +00:00
|
|
|
"--with-http_flv_module"
|
|
|
|
"--with-http_mp4_module"
|
|
|
|
"--with-http_gunzip_module"
|
2008-11-30 09:06:53 +00:00
|
|
|
"--with-http_gzip_static_module"
|
2014-05-02 06:18:44 +00:00
|
|
|
"--with-http_auth_request_module"
|
|
|
|
"--with-http_random_index_module"
|
2008-11-30 09:06:53 +00:00
|
|
|
"--with-http_secure_link_module"
|
2014-05-02 06:18:44 +00:00
|
|
|
"--with-http_degradation_module"
|
2014-05-02 05:42:40 +00:00
|
|
|
"--with-http_stub_status_module"
|
2017-08-19 21:34:19 +00:00
|
|
|
"--with-threads"
|
|
|
|
"--with-pcre-jit"
|
2020-04-25 14:02:23 +00:00
|
|
|
"--http-log-path=/var/log/nginx/access.log"
|
|
|
|
"--error-log-path=/var/log/nginx/error.log"
|
|
|
|
"--pid-path=/var/log/nginx/nginx.pid"
|
2022-10-28 15:58:48 +00:00
|
|
|
"--http-client-body-temp-path=/tmp/nginx_client_body"
|
|
|
|
"--http-proxy-temp-path=/tmp/nginx_proxy"
|
|
|
|
"--http-fastcgi-temp-path=/tmp/nginx_fastcgi"
|
|
|
|
"--http-uwsgi-temp-path=/tmp/nginx_uwsgi"
|
|
|
|
"--http-scgi-temp-path=/tmp/nginx_scgi"
|
2023-02-07 16:25:15 +00:00
|
|
|
] ++ lib.optionals withDebug [
|
2018-06-27 23:30:51 +00:00
|
|
|
"--with-debug"
|
2023-02-07 16:25:15 +00:00
|
|
|
] ++ lib.optionals withKTLS [
|
2021-11-22 17:50:12 +00:00
|
|
|
"--with-openssl-opt=enable-ktls"
|
2023-02-07 16:25:15 +00:00
|
|
|
] ++ lib.optionals withStream [
|
2017-08-19 21:35:24 +00:00
|
|
|
"--with-stream"
|
|
|
|
"--with-stream_realip_module"
|
|
|
|
"--with-stream_ssl_module"
|
|
|
|
"--with-stream_ssl_preread_module"
|
2023-02-07 16:25:15 +00:00
|
|
|
] ++ lib.optionals withMail [
|
2017-08-19 21:36:37 +00:00
|
|
|
"--with-mail"
|
|
|
|
"--with-mail_ssl_module"
|
2023-02-07 16:25:15 +00:00
|
|
|
] ++ lib.optionals withPerl [
|
2019-11-27 17:08:56 +00:00
|
|
|
"--with-http_perl_module"
|
|
|
|
"--with-perl=${perl}/bin/perl"
|
|
|
|
"--with-perl_modules_path=lib/perl5"
|
2023-02-07 16:25:15 +00:00
|
|
|
] ++ lib.optional withSlice "--with-http_slice_module"
|
|
|
|
++ lib.optional (gd != null) "--with-http_image_filter_module"
|
|
|
|
++ lib.optional (geoip != null) "--with-http_geoip_module"
|
|
|
|
++ lib.optional (withStream && geoip != null) "--with-stream_geoip_module"
|
|
|
|
++ lib.optional (with stdenv.hostPlatform; isLinux || isFreeBSD) "--with-file-aio"
|
2020-02-04 22:06:02 +00:00
|
|
|
++ configureFlags
|
2015-10-19 08:48:43 +00:00
|
|
|
++ map (mod: "--add-module=${mod.src}") modules;
|
2014-05-05 07:18:47 +00:00
|
|
|
|
2019-10-30 01:29:30 +00:00
|
|
|
NIX_CFLAGS_COMPILE = toString ([
|
2019-01-11 06:40:25 +00:00
|
|
|
"-I${libxml2.dev}/include/libxml2"
|
|
|
|
"-Wno-error=implicit-fallthrough"
|
2023-02-07 16:25:15 +00:00
|
|
|
] ++ lib.optionals (stdenv.cc.isGNU && lib.versionAtLeast stdenv.cc.version "11") [
|
2022-04-24 15:13:13 +00:00
|
|
|
# fix build vts module on gcc11
|
|
|
|
"-Wno-error=stringop-overread"
|
2023-02-07 16:25:15 +00:00
|
|
|
] ++ lib.optional stdenv.isDarwin "-Wno-error=deprecated-declarations");
|
2015-09-23 18:28:44 +00:00
|
|
|
|
2018-12-11 01:01:30 +00:00
|
|
|
configurePlatforms = [];
|
|
|
|
|
2022-05-08 02:31:56 +00:00
|
|
|
# Disable _multioutConfig hook which adds --bindir=$out/bin into configureFlags,
|
|
|
|
# which breaks build, since nginx does not actually use autoconf.
|
|
|
|
preConfigure = ''
|
|
|
|
setOutputFlags=
|
|
|
|
'' + preConfigure
|
2023-02-07 16:25:15 +00:00
|
|
|
+ lib.concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules;
|
2020-02-04 22:06:02 +00:00
|
|
|
|
2020-04-25 14:02:23 +00:00
|
|
|
patches = map fixPatch ([
|
|
|
|
(substituteAll {
|
2020-02-04 22:06:02 +00:00
|
|
|
src = ./nix-etag-1.15.4.patch;
|
|
|
|
preInstall = ''
|
|
|
|
export nixStoreDir="$NIX_STORE" nixStoreDirLen="''${#NIX_STORE}"
|
|
|
|
'';
|
2020-04-25 14:02:23 +00:00
|
|
|
})
|
|
|
|
./nix-skip-check-logs-path.patch
|
2023-02-07 16:25:15 +00:00
|
|
|
] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
|
2020-04-25 14:02:23 +00:00
|
|
|
(fetchpatch {
|
2021-09-20 23:14:35 +00:00
|
|
|
url = "https://raw.githubusercontent.com/openwrt/packages/c057dfb09c7027287c7862afab965a4cd95293a3/net/nginx/patches/102-sizeof_test_fix.patch";
|
2020-04-25 14:02:23 +00:00
|
|
|
sha256 = "0i2k30ac8d7inj9l6bl0684kjglam2f68z8lf3xggcc2i5wzhh8a";
|
|
|
|
})
|
|
|
|
(fetchpatch {
|
2021-09-20 23:14:35 +00:00
|
|
|
url = "https://raw.githubusercontent.com/openwrt/packages/c057dfb09c7027287c7862afab965a4cd95293a3/net/nginx/patches/101-feature_test_fix.patch";
|
2020-04-25 14:02:23 +00:00
|
|
|
sha256 = "0v6890a85aqmw60pgj3mm7g8nkaphgq65dj4v9c6h58wdsrc6f0y";
|
|
|
|
})
|
|
|
|
(fetchpatch {
|
2021-09-20 23:14:35 +00:00
|
|
|
url = "https://raw.githubusercontent.com/openwrt/packages/c057dfb09c7027287c7862afab965a4cd95293a3/net/nginx/patches/103-sys_nerr.patch";
|
2020-04-25 14:02:23 +00:00
|
|
|
sha256 = "0s497x6mkz947aw29wdy073k8dyjq8j99lax1a1mzpikzr4rxlmd";
|
|
|
|
})
|
2022-04-16 16:18:05 +00:00
|
|
|
] ++ mapModules "patches")
|
|
|
|
++ extraPatches;
|
2018-12-11 01:01:30 +00:00
|
|
|
|
2022-12-19 07:37:40 +00:00
|
|
|
inherit postPatch;
|
|
|
|
|
2023-02-07 16:25:15 +00:00
|
|
|
hardeningEnable = lib.optional (!stdenv.isDarwin) "pie";
|
2016-02-26 16:38:26 +00:00
|
|
|
|
2018-06-27 23:31:31 +00:00
|
|
|
enableParallelBuilding = true;
|
|
|
|
|
2022-05-08 02:31:56 +00:00
|
|
|
preInstall = ''
|
|
|
|
mkdir -p $doc
|
2022-05-08 21:36:26 +00:00
|
|
|
cp -r ${nginx-doc}/* $doc
|
2022-05-08 02:31:56 +00:00
|
|
|
'';
|
|
|
|
|
2022-05-20 07:23:31 +00:00
|
|
|
disallowedReferences = map (m: m.src) modules;
|
|
|
|
|
|
|
|
postInstall =
|
|
|
|
let
|
|
|
|
noSourceRefs = lib.concatMapStrings (m: "remove-references-to -t ${m.src} $out/sbin/nginx\n") modules;
|
2022-05-22 08:35:48 +00:00
|
|
|
in noSourceRefs + postInstall;
|
2016-05-03 17:48:39 +00:00
|
|
|
|
2019-11-29 12:25:24 +00:00
|
|
|
passthru = {
|
|
|
|
modules = modules;
|
2021-04-14 14:39:35 +00:00
|
|
|
tests = {
|
2022-12-03 17:58:33 +00:00
|
|
|
inherit (nixosTests) nginx nginx-auth nginx-etag nginx-globalredirect nginx-http3 nginx-pubhtml nginx-sandbox nginx-sso;
|
2021-04-14 14:39:35 +00:00
|
|
|
variants = lib.recurseIntoAttrs nixosTests.nginx-variants;
|
2021-04-03 22:33:31 +00:00
|
|
|
acme-integration = nixosTests.acme;
|
2021-10-07 03:36:02 +00:00
|
|
|
} // passthru.tests;
|
2019-11-29 12:25:24 +00:00
|
|
|
};
|
2019-01-31 00:15:14 +00:00
|
|
|
|
2023-02-07 16:25:15 +00:00
|
|
|
meta = if meta != null then meta else with lib; {
|
2012-10-09 18:20:44 +00:00
|
|
|
description = "A reverse proxy and lightweight webserver";
|
2020-04-08 19:19:35 +00:00
|
|
|
homepage = "http://nginx.org";
|
2014-06-03 13:59:08 +00:00
|
|
|
license = licenses.bsd2;
|
|
|
|
platforms = platforms.all;
|
2020-12-17 18:58:07 +00:00
|
|
|
maintainers = with maintainers; [ thoughtpolice raskin fpletz globin ajs124 ];
|
2008-11-30 09:06:53 +00:00
|
|
|
};
|
|
|
|
}
|