Commit Graph

495 Commits

Author SHA1 Message Date
Izorkin
5cecafbc93
nginxMainline: 1.21.4 -> 1.21.5 2021-12-31 22:48:01 +03:00
7c6f434c
b0f154fd44
Merge pull request #147027 from Izorkin/update-nginx-ktls
nginxMainline: enable ktls support
2021-12-24 10:23:17 +00:00
Izorkin
921a58b8bc
nginxQuic: 6d1488b62dc5 -> 0ee56d2eac44 2021-12-09 14:23:11 +03:00
Janne Heß
b9811a5aeb
nginxModules.pam: 1.5.2 -> 1.5.3
This fixes deny statements:
https://github.com/sto/ngx_http_auth_pam_module/issues/25
2021-12-05 21:24:22 +01:00
Izorkin
532cd57bda
nginxMainline: enable ktls support 2021-11-27 09:39:56 +03:00
ajs124
1fc113f0df nginxStable: 1.20.1 -> 1.20.2 2021-11-16 17:17:12 +01:00
Thiago Kenji Okada
1950b7d6f0
Merge pull request #123881 from zaninime/ffmpeg-nginx-mod
nginxModules.video-thumbextractor: update to unstable and switch to ffmpeg_4
2021-11-13 21:54:33 -03:00
ajs124
ffa6cb97ff nginxMainline: use openssl_3_0 2021-11-05 13:11:23 +01:00
ajs124
16873acde8 nginxMainline: 1.21.3 -> 1.21.4 2021-11-05 13:11:23 +01:00
Maciej Krüger
99cdb84b4b
nginxQuic: 404de224517e -> 6d1488b62dc5 2021-10-26 23:08:32 +02:00
Bruno Bigras
69b01e3a22
Merge pull request #141408 from bbigras/openresty-lua
nixos/nginx: disable MemoryDenyWriteExecute for pkgs.openresty
2021-10-24 17:39:27 +00:00
wackbyte
2d78d99772
nginxModules.vod: update to 1.29 and switch ffmpeg_3 to ffmpeg (#142114)
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2021-10-18 21:24:27 +02:00
Maciej Krüger
d2e869a55e
nginxQuic: 5b0c229ba5fe -> 404de224517e 2021-10-18 14:41:31 +02:00
Bruno Bigras
feb47656e4 nixos/tests/openresty-lua: test openresty with lua
related to #140655
2021-10-14 07:01:56 -04:00
Naïm Favier
99805ce167
nginxModules.upload: init at 2.3.0 2021-10-09 12:51:19 +02:00
James Kay
c5d8765113
nginx: fix URLs by taking from a specific commit
I'm not sure this is the best way to get these patches, but it's better than `master` (at commit `e9617f553284b170a8b520d051ac1fc1b83cff30` on `nginx` these patches moved into a `nginx` subdirectory, breaking the build unless the patches are cached).
2021-09-21 00:14:35 +01:00
ajs124
2e8211af78 nginxMainline: 1.21.1 -> 1.21.3
- adds openssl 3 support
- disables support for export ciphers
and more
2021-09-10 16:40:04 +02:00
Mihai Fufezan
f5bbf7c66c
nginxModules: add auth-a2aclr 2021-09-02 12:07:27 +03:00
Mihai Fufezan
8e29eb27f5
nginxModules: format 2021-09-02 12:05:51 +03:00
Robert Hensing
fbafeb7ad5 treewide: runCommandNoCC -> runCommand
This has been synonymous for ~5y.
2021-08-15 17:36:41 +02:00
Sandro
87af92267a
Merge pull request #129694 from helsinki-systems/upd/nginx
nginxMainline: 1.21.0 -> 1.21.1
2021-07-09 12:43:37 +02:00
ajs124
95805c3240 nginxQuic: 1fec68e322d0 -> 5b0c229ba5fe 2021-07-08 23:44:27 +02:00
ajs124
b50102b719 nginxMainline: 1.21.0 -> 1.21.1 2021-07-08 23:41:30 +02:00
Alvar Penning
3690ae13a4 nginxModules.rtmp: 1.2.1 -> 1.2.2
This new release fixes segfaults,
https://github.com/arut/nginx-rtmp-module/compare/v1.2.1...v1.2.2
2021-06-21 20:04:10 +02:00
Maciej Krüger
07864c64aa
nginxQuic: 12f18e0bca09 -> 1fec68e322d0 2021-06-11 16:16:21 +02:00
Izorkin
0a7feef809
nginxMainline: 1.20.0 -> 1.21.0 2021-05-25 19:54:05 +03:00
Izorkin
919dd5497a
nginxStable: 1.20.0 -> 1.20.1 2021-05-25 19:53:58 +03:00
Francesco Zanini
b1dc7e5fba
Update pkgs/servers/http/nginx/modules.nix
Co-authored-by: Robert Schütz <rschuetz17@gmail.com>
2021-05-21 12:53:52 +02:00
Francesco Zanini
79318225d1 nginxModules.video-thumbextractor: update to unstable and switch to ffmpeg_4 2021-05-21 11:30:25 +02:00
Léo Gaspard
f93396bf52 nginx: add link to acme nixos test 2021-05-08 21:42:04 +02:00
Maciej Krüger
98b372b860
nginxQuic: 47a43b011dec -> 12f18e0bca09 2021-04-28 08:37:51 +02:00
Izorkin
f4b6314e60
nginxStable: 1.18.0 -> 1.20.0 2021-04-21 00:10:28 +03:00
Izorkin
b36d55b67c
nginxMainline: 1.19.9 -> 1.20.0 2021-04-21 00:10:28 +03:00
Maciej Krüger
4a3bb18683
nginxQuic: init 2021-04-18 20:20:23 +02:00
talyz
1ef95a8c5f
nginx: Add all the nginx tests to passthru.tests 2021-04-14 16:39:35 +02:00
ajs124
7c44570870 nginxMainline: 1.19.8 -> 1.19.9 2021-03-30 17:25:52 +02:00
Milan Pässler
496873260a
nginx: make geoip dependency optional 2021-03-25 13:17:32 +01:00
ajs124
5faf394dc1 nginxMainline: 1.19.7 -> 1.19.8 2021-03-10 01:15:55 +01:00
ajs124
4756b3c35c nginxMainline: 1.19.6 -> 1.19.7 2021-02-17 01:48:23 +01:00
Benjamin Hipple
14b6a84804
Merge pull request #108406 from zaninime/nginx-kaltura
nginx: add VOD-related modules from Kaltura
2021-02-08 17:02:09 -05:00
Louis Blin
e7d7c51df3 nginxModules.spnego-http-auth-nginx-module: init at 16.04.2020 2021-02-08 14:07:40 +00:00
Ben Siraphob
872973d7d1 pkgs/servers: stdenv.lib -> lib 2021-01-15 14:24:03 +07:00
Dominik Xaver Hörl
25bef2d8f9 treewide: simplify pkgs.stdenv.lib -> pkgs.lib
The library does not depend on stdenv, that `stdenv` exposes `lib` is
an artifact of the ancient origins of nixpkgs.
2021-01-10 20:12:06 +01:00
Francesco Zanini
666cdb7dcc nginxModules.akamai-token-validate: init at 2020-06-26 2021-01-04 18:13:01 +01:00
Francesco Zanini
f98c8b3d04 nginxModules.secure-token: init at 2020-08-28 2021-01-04 18:12:33 +01:00
Francesco Zanini
4872487cf4 nginxModules.vod: init at 2020-12-31 2021-01-04 18:11:51 +01:00
ajs124
e2a3d3f559 nginx: add myself as maintainer 2020-12-17 19:58:07 +01:00
ajs124
fc3db0f443 nginx: 1.19.5 -> 1.19.6 2020-12-17 19:55:15 +01:00
ajs124
db17db5318 nginx: 1.19.4 -> 1.19.5 2020-11-25 00:21:44 +01:00
ajs124
91b55655ed nginxMainline: 1.19.3 -> 1.19.4 2020-10-27 20:05:34 +01:00
ajs124
3b8220c74c nginxMainline: 1.19.2 -> 1.19.3 2020-09-30 20:18:47 +02:00
Izorkin
79906c4908
nginxModules.aws-auth: fix warning message 2020-09-12 16:26:08 +03:00
Izorkin
96311ca1c3
nginxModules.shibboleth: 2020.08.12 -> 2020.09.04 2020-09-12 16:26:08 +03:00
Izorkin
6f32af17e9
nginxModules.opentracing: v0.9.0 -> v0.10.0 2020-09-12 16:26:08 +03:00
Izorkin
9092c6140f
nginxModules.naxsi: 2020.08.15 -> 2020.09.10 2020-09-12 16:26:07 +03:00
Izorkin
5c70c5eeaa nginxModules: renamed module ngx_aws_auth to aws-auth 2020-08-17 10:42:54 +03:00
Izorkin
772f5d5401 nginxModules: rename source to module name 2020-08-17 10:42:04 +03:00
Izorkin
15b3330747 nginxModules.statsd: change mirror 2020-08-17 10:42:04 +03:00
Izorkin
b5c1848625 nginxModules.upstream-check: 2018.08.12 -> 2019.11.03 2020-08-17 10:42:04 +03:00
Izorkin
e40dd8d4b9 nginxModules.subsFilter: 2016.04.13 -> 2019.08.06 2020-08-17 10:42:04 +03:00
Izorkin
d3fdff5cbf nginxModules.shibboleth: 2017.04.06 -> 2020.08.12 2020-08-17 10:42:03 +03:00
Izorkin
fdc7f541cf nginxModules.push-stream: 0.5.4 -> 2020.05.03 2020-08-17 10:42:03 +03:00
Izorkin
a27273294f nginxModules.pam: v1.5.1 -> v1.5.2 2020-08-17 10:42:03 +03:00
Izorkin
cb62b1d1a8 nginxModules.opentracing: v0.7.0 -> v0.9.0 2020-08-17 10:42:03 +03:00
Izorkin
b590894e58 nginxModules.naxsi: 0.56 -> 2020.08.15 2020-08-17 10:42:03 +03:00
Izorkin
9c588fce29 nginxModules.modsecurity-nginx: v1.0.0 -> v1.0.1 2020-08-17 10:42:03 +03:00
Izorkin
4460a3700b nginxModules.http_proxy_connect_module: 2019.05.06 -> 2020.07.24 2020-08-17 10:42:03 +03:00
Izorkin
36c95f331d nginxModules.cache-purge: 2.5 -> 2.5.1 2020-08-17 10:42:01 +03:00
Izorkin
980d487480 nginxModules.echo: v0.61 -> v0.62 2020-08-16 12:03:59 +03:00
Izorkin
42cde0d357 nginxModules.develkit: v0.3.1rc1 -> v0.3.1 2020-08-16 12:03:59 +03:00
Izorkin
4bc560d205 nginxModules.brotli: 2019.09.09 -> 2020.04.23 2020-08-16 12:03:50 +03:00
Izorkin
c5d3a46c5f nginxMainline: 1.19.0 -> 1.19.2 2020-08-16 09:59:10 +03:00
Michael Raskin
132ace5fe6
Merge pull request #89344 from JJJollyjim/openresty-no-perl
openresty: disable perl module by default
2020-06-20 18:45:44 +00:00
Jamie McClymont
dca001e923 nginx: change how the perl module is configured
Previously, http_perl_module was disabled by overriding perl=null -- this means
it is impossible to disable http_perl_module in openresty, since openresty
requires perl for its configure scripts.
2020-06-20 14:22:34 +12:00
Doron Behar
01d4e2fe33 treewide: use ffmpeg_3 explicitly if not wanted otherwise
After making `ffmpeg` point to the latest `ffmpeg_4`, all packages that
used `ffmpeg` without requiring a specific version now use ffmpeg_3
explicitly so they shouldn't change.
2020-06-12 11:55:31 -07:00
Izorkin
70b11a0f50 nginxMainline: 1.18.0 -> 1.19.0 2020-05-31 09:46:48 +03:00
ajs124
deadc23034 nginxModules.fancyindex: 0.4.3 -> 0.4.4 2020-05-13 13:23:20 +02:00
Izorkin
aa12fb8adb nginxModules: add option allowMemoryWriteExecute
The allowMemoryWriteExecute option is required to checking enabled nginxModules
and disable the nginx sandbox mode MemoryDenyWriteExecute.
2020-05-12 20:03:29 +03:00
Izorkin
a19800fb48 nginx: change logs path 2020-05-04 16:36:38 +03:00
Izorkin
cbfe203da7 nginxMainline: 1.17.9 -> 1.18.0 2020-04-23 14:34:21 +03:00
Izorkin
2e6cd807d7 nginxStable: 1.16.1 -> 1.18.0 2020-04-23 14:34:13 +03:00
Milan
3847ec0e35
nginxMainline: 1.17.8 -> 1.17.9 (#84743) 2020-04-08 21:19:35 +02:00
aszlig
e1d63ada02
nginx: Fix ETag patch to ignore realpath(3) error
While our ETag patch works pretty fine if it comes to serving data off
store paths, it unfortunately broke something that might be a bit more
common, namely when using regexes to extract path components of
location directives for example.

Recently, @devhell has reported a bug with a nginx location directive
like this:

  location ~^/\~([a-z0-9_]+)(/.*)?$" {
    alias /home/$1/public_html$2;
  }

While this might look harmless at first glance, it does however cause
issues with our ETag patch. The alias directive gets broken up by nginx
like this:

  *2 http script copy: "/home/"
  *2 http script capture: "foo"
  *2 http script copy: "/public_html/"
  *2 http script capture: "bar.txt"

In our patch however, we use realpath(3) to get the canonicalised path
from ngx_http_core_loc_conf_s.root, which returns the *configured* value
from the root or alias directive. So in the example above, realpath(3)
boils down to the following syscalls:

  lstat("/home", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  lstat("/home/$1", 0x7ffd08da6f60) = -1 ENOENT (No such file or directory)

During my review[1] of the initial patch, I didn't actually notice that
what we're doing here is returning NGX_ERROR if the realpath(3) call
fails, which in turn causes an HTTP 500 error.

Since our patch actually made the canonicalisation (and thus additional
syscalls) necessary, we really shouldn't introduce an additional error
so let's - at least for now - silently skip return value if realpath(3)
has failed.

However since we're using the unaltered root from the config we have
another issue, consider this root:

  /nix/store/...-abcde/$1

Calling realpath(3) on this path will fail (except if there's a file
called "$1" of course), so even this fix is not enough because it
results in the ETag not being set to the store path hash.

While this is very ugly and we should fix this very soon, it's not as
serious as getting HTTP 500 errors for serving static files.

I added a small NixOS VM test, which uses the example above as a
regression test.

It seems that my memory is failing these days, since apparently I *knew*
about this issue since digging for existing issues in nixpkgs, I found
this similar pull request which I even reviewed:

https://github.com/NixOS/nixpkgs/pull/66532

However, since the comments weren't addressed and the author hasn't
responded to the pull request, I decided to keep this very commit and do
a follow-up pull request.

[1]: https://github.com/NixOS/nixpkgs/pull/48337

Signed-off-by: aszlig <aszlig@nix.build>
Reported-by: @devhell
Acked-by: @7c6f434c
Acked-by: @yorickvP
Merges: https://github.com/NixOS/nixpkgs/pull/80671
Fixes: https://github.com/NixOS/nixpkgs/pull/66532
2020-03-28 02:57:21 +01:00
ajs124
0aec2cdd08 nginxModules.fastcgi-cache-purge: 2.3 -> 2.5
switch to a fork that seems sort of alive
2020-03-10 23:35:15 +01:00
Emily
6d046e1079 openresty: rebase on top of nginx package
The primary motivation of this change was to allow third-party modules
to be used with OpenResty, but it also results in a significant
reduction of code duplication.
2020-02-04 19:30:40 -06:00
Emily
db3182a65d nginxModules.brotli: v0.1.2 -> unstable
The fork was merged back upstream but has yet to see a formal release.
2020-02-04 19:30:40 -06:00
Will Dietz
92d29418b3
nginxMainline: 1.17.3 -> 1.17.8
http://nginx.org/en/CHANGES
2020-01-21 11:02:11 -06:00
Ryan Mulligan
6de8b8f144
Merge pull request #61722 from Izorkin/pinba-nginx
nginxModules.pinba: init at 13.05.2019
2020-01-04 07:58:18 -08:00
Frederik Rietdijk
7aa2b0215b Merge master into staging-next 2020-01-03 10:25:14 +01:00
Robin Gloster
6ca6ac796b
treewide: configureFlags is a flat list 2019-12-31 01:37:49 +01:00
Robin Gloster
5f2b92e3ec
treewide: NIX_*_COMPILE -> string 2019-12-31 00:13:29 +01:00
aszlig
ccf55bead1
nginx: Clear Last-Modified if ETag is from store
This is what I've suspected a while ago[1]:

> Heads-up everyone: After testing this in a few production instances,
> it seems that some browsers still get cache hits for new store paths
> (and changed contents) for some reason. I highly suspect that it might
> be due to the last-modified header (as mentioned in [2]).
>
> Going to test this with last-modified disabled for a little while and
> if this is the case I think we should improve that patch by disabling
> last-modified if serving from a store path.

Much earlier[2] when I reviewed the patch, I wrote this:

> Other than that, it looks good to me.
>
> However, I'm not sure what we should do with Last-Modified header.
> From RFC 2616, section 13.3.4:
>
> - If both an entity tag and a Last-Modified value have been
>   provided by the origin server, SHOULD use both validators in
>   cache-conditional requests. This allows both HTTP/1.0 and
>   HTTP/1.1 caches to respond appropriately.
>
> I'm a bit nervous about the SHOULD here, as user agents in the wild
> could possibly just use Last-Modified and use the cached content
> instead.

Unfortunately, I didn't pursue this any further back then because
@pbogdan noted[3] the following:

> Hmm, could they (assuming they are conforming):
>
>  * If an entity tag has been provided by the origin server, MUST
>    use that entity tag in any cache-conditional request (using If-
>    Match or If-None-Match).

Since running with this patch in some deployments, I found that both
Firefox and Chrome/Chromium do NOT re-validate against the ETag if the
Last-Modified header is still the same.

So I wrote a small NixOS VM test with Geckodriver to have a test case
which is closer to the real world and I indeed was able to reproduce
this.

Whether this is actually a bug in Chrome or Firefox is an entirely
different issue and even IF it is the fault of the browsers and it is
fixed at some point, we'd still need to handle this for older browser
versions.

Apart from clearing the header, I also recreated the patch by using a
plain "git diff" with a small description on top. This should make it
easier for future authors to work on that patch.

[1]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-495072764
[2]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-451644084
[3]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-451646135

Signed-off-by: aszlig <aszlig@nix.build>
2019-12-30 14:30:36 +01:00
Izorkin
edddf0ac47 nginxModules.pinba: init at 13.05.2019 2019-12-11 10:06:55 +03:00
Jörg Thalheim
571ed9d22e
nginx: reference tests 2019-11-29 12:27:55 +00:00
tekeri
a5f26644d4 Add nginx perl modules (#73198)
* nginx: enable perl_module if perl is given

* nginx: move `perl = null` to toplevel
2019-11-27 17:08:56 +00:00
Franz Pletz
de85797565
Merge remote-tracking branch 'origin/master' into gcc-8 2019-09-03 22:15:07 +02:00
Robin Gloster
616b8343c4
Merge remote-tracking branch 'upstream/master' into gcc-8 2019-08-25 18:55:46 +02:00
Vladimír Čunát
2e6bf42a22
Merge branch 'master' into staging-next
There ver very many conflicts, basically all due to
name -> pname+version.  Fortunately, almost everything was auto-resolved
by kdiff3, and for now I just fixed up a couple evaluation problems,
as verified by the tarball job.  There might be some fallback to these
conflicts, but I believe it should be minimal.

Hydra nixpkgs: ?compare=1538299
2019-08-24 08:55:37 +02:00
Robin Gloster
4e60b0efae
treewide: update globin's maintained drvs 2019-08-20 19:36:05 +02:00
volth
c814d72b51 treewide: name -> pname 2019-08-17 10:54:38 +00:00
Izorkin
83381bec9c nginxMainline: 1.17.2 -> 1.17.3 2019-08-13 21:31:57 +03:00
Izorkin
aec55db737 nginxStable: 1.16.0 -> 1.16.1 2019-08-13 21:30:08 +03:00
Izorkin
293e5d8365 nginxMainline: 1.16.0 -> 1.17.2 2019-07-24 21:09:22 +03:00
Franz Pletz
c051374da2
nginx: fix build with gcc8 2019-06-17 07:06:02 +02:00
Izorkin
872f056bb4 nginxModules.lua: 0.10.14 -> 0.10.15 2019-05-13 12:37:14 +03:00
Izorkin
fa3f68edab nginxModules.http_proxy_connect_module: 16.04.2019 -> 06.05.2019 2019-05-13 12:37:10 +03:00
Jörg Thalheim
0816c69173
nginxModules: update and add nginx modules (#59949)
nginxModules: update and add nginx modules
2019-05-13 10:15:09 +01:00
Izorkin
619aa5c97f nginxMainline: 1.15.12 -> 1.16.0 2019-04-30 07:56:29 +03:00
Izorkin
65a736064a nginxStable: 1.14.2 -> 1.16.0 2019-04-30 07:56:23 +03:00
Yurii Izorkin
5ba8811758 nginxMainline: 1.15.10 -> 1.15.12 (#59950) 2019-04-22 00:08:08 +02:00
Izorkin
452cf0b3e2 nginxModules.naxsi: init at 0.56 2019-04-21 11:10:49 +03:00
Izorkin
6600d00ed1 nginxModules.video-thumbextractor: init at 0.9.0 2019-04-21 10:32:46 +03:00
Izorkin
f6525448a5 nginxModules.sorted-querystring: init at 0.3 2019-04-21 10:30:29 +03:00
Izorkin
b329187524 nginxModules.limit-speed: init at 21.05.2014 2019-04-21 10:27:31 +03:00
Izorkin
13c938ac1e nginxModules.subsFilter: 0.6.4 -> 13.04.2016 2019-04-21 10:21:44 +03:00
Izorkin
d1dff5a9ec nginxModules.upstream-tarantool: 2.7 -> 2.7.1 2019-04-20 23:11:08 +03:00
Izorkin
6a154d00c3 nginxModules.upstream-check: 10.11.2017 -> 12.08.2018 2019-04-20 23:08:55 +03:00
Izorkin
d66b94da62 nginxModules.coolkit: init at 0.2 2019-04-20 22:35:55 +03:00
Izorkin
80666e68b2 nginxModules.slowfs-cache: init at 1.10 2019-04-20 22:29:29 +03:00
Izorkin
8c1131ef28 nginxModules.lua: 0.10.13 -> 0.10.14 2019-04-20 22:29:29 +03:00
Izorkin
89a73423ab nginxModules.mpeg-ts: init at 0.1.1 2019-04-20 22:29:24 +03:00
Izorkin
c940a7caa0 nginxModules.live: init at 18.11.2018 2019-04-20 21:46:45 +03:00
Izorkin
b0dc2d6106 nginxModules.dav: 0.1.0 -> 3.0.0 2019-04-20 21:40:09 +03:00
Izorkin
7a5d938067 nginxModules.http_proxy_connect_module: 05.09.2018 -> 16.04.2019 2019-04-20 21:33:18 +03:00
aszlig
1f24685d93
nginx/etag-patch: Use Nix store dir from build env
So far, the Nix store directory was hardcoded and if someone uses a
different Nix store directory the patch won't work. Of course, this is
pretty uncommon, but by not only substituting the store directory but
also the length of it we also save a few calls to ngx_strlen(), which
should save us a few cycles.

Signed-off-by: aszlig <aszlig@nix.build>
2019-04-18 10:07:55 +02:00
aszlig
af5a3ce474
nginx: Fix memleak in nix-etag patch
The original patch introduced a new "real" variable which gets populated
(and allocated) via ngx_realpath(). It's properly freed in error
conditions but it won't be freed if ngx_http_set_etag returns
successfully.

Adding another ngx_free() just before returning fixes that memory leak.

I also fixed a small indentation issue along the way.

Signed-off-by: aszlig <aszlig@nix.build>
2019-04-18 09:40:13 +02:00
Yegor Timoshenko
1da8eec00f
nginx: handle impure symlinks in ETag patch 2019-04-18 09:40:11 +02:00
Yegor Timoshenko
f03302b636
nginx: check for realpath() == NULL in ETag patch
Thanks to Gabriel Ebner!
2019-04-18 09:40:09 +02:00
Yegor Timoshenko
135d54f535
nginx: if root is in Nix store, use path's hash as ETag
Resolves #25485. Usage example:

$ realpath /var/www
/nix/store/wnrhnnpdj3x50j5xz38zp1qxs1ygwccw-site
$ curl --head localhost
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Sep 2018 06:09:25 GMT
Content-Type: text/html
Content-Length: 50
Last-Modified: Thu, 01 Jan 1970 00:00:01 GMT
Connection: keep-alive
ETag: "wnrhnnpdj3x50j5xz38zp1qxs1ygwccw"
Accept-Ranges: bytes
2019-04-18 09:40:06 +02:00
Franz Pletz
4c0d1ae7be
nginxMainline: 1.15.9 -> 1.15.10 2019-04-02 12:02:39 +02:00
Maximilian Bosch
37867dba74
nginxModules.http_proxy_connect_module: init
This adds the nginx module `ngx_http_proxy_connect_module` which allows
to tunnel HTTPS through an nginx proxy[1].

As this module contained patches for several nginx version, some minor
adjustments were needed:

* Allowed each entry in `nginxModules` to provide patches.

* Added an optional `supports` attribute to ensure that each module can
  determine if it supports the currently built nginx version (e.g. stable
  1.14 ATM or mainline 1.15 ATM).

[1] https://github.com/chobits/ngx_http_proxy_connect_module
2019-03-29 23:53:09 +01:00
Benjamin Smith
f4d24273e5 nginx: add http subs filter module (#56546) 2019-03-13 02:16:40 +02:00
Alyssa Ross
2576d09716 nginxMainline: 1.15.8 -> 1.15.9 (#56416) 2019-02-28 22:13:35 +01:00
Vincent Bernat
33802e9ed8 nginx: expose list of additional modules (#53897)
Currently, it seems there is no easy way to override package to add
modules. For example, if we want to add the `ipscrub` module, we can
do:

    pkgs.nginxStable.override {
      modules = [ pkgs.nginxModules.ipscrub ];
    };

But, then, we loose `rtmp`, `dav` and `moreheaders` which are defined
in `all-packages.nix`. With this modification, we can now do:

    pkgs.nginxStable.override {
      modules = pkg.nginxStable.passthru.modules ++ [ pkgs.nginxModules.ipscrub ];
    };
2019-01-31 02:15:14 +02:00
Franz Pletz
9ea5b2c052
nginxMainline: 1.15.7 -> 1.15.8 2019-01-11 07:55:25 +01:00
Jörg Thalheim
8871ffccff nginx: fix cross-build 2018-12-11 18:13:21 +01:00
Alyssa Ross
703827f36c nginx: 1.14.1 -> 1.14.2 2018-12-05 10:56:06 -06:00
Alyssa Ross
dcae76862b nginxMainline: 1.15.6 -> 1.15.7 2018-11-27 21:28:49 +00:00
Alyssa Ross
de9026de6e
nginxMainline: 1.15.5 -> 1.15.6
CVE-2018-16843, CVE-2018-16844

https://nginx.org/en/security_advisories.html
2018-11-15 17:52:05 +00:00
Alyssa Ross
1908322d10
nginxStable: 1.14.0 -> 1.14.1
CVE-2018-16843, CVE-2018-16844

https://nginx.org/en/security_advisories.html
2018-11-15 17:51:51 +00:00
Daiderd Jordan
6d71316410
nginx: init ngx_aws_auth at 2.1.1 2018-11-08 20:02:44 +01:00
Rob Vermaas
75167083e5 nginx-opentracing: init at 0.7.0
(cherry picked from commit 9d6184f1bc)
2018-10-23 18:08:01 +02:00
Thilo Uttendorfer
205b3d94e1 nginxMainline: 1.15.3 -> 1.15.5 (#48127) 2018-10-10 00:18:54 +02:00
Franz Pletz
647b5b1a29
nginxMainline: 1.15.2 -> 1.15.3 2018-08-31 14:42:14 +02:00
xeji
176891c0ad
Merge pull request #44467 from Izorkin/nginx-modules
Nginx modules
2018-08-05 22:20:05 +02:00
Johannes Frankenau
c481117673 nginxMainline: 1.15.1 -> 1.15.2 (#44431) 2018-08-04 21:06:35 +02:00
Izorkin
e0de8354b9 nginxModules.lua-upstream: init at v0.07 2018-08-04 20:54:36 +03:00
Izorkin
29b3e11541 nginxModules.url: init at rev 9299816 2018-08-04 20:54:36 +03:00
Izorkin
a5674cebb9 nginxModules.sysguard: init at rev e512897 2018-08-04 20:54:35 +03:00
Izorkin
9100091f3f nginxModules.stream-sts: init at v0.1.1 2018-08-04 20:54:35 +03:00
Izorkin
9958868dfd nginxModules.sts: init at v0.1.1 2018-08-04 20:54:35 +03:00
Izorkin
07e7966d3b nginxModules.upstream-tarantool: init at v2.7 2018-07-29 14:54:55 +03:00
Izorkin
ca37481d25 nginxModules.push-stream: init at v0.5.4 2018-07-29 14:54:47 +03:00
Izorkin
aa68f56c0a nginxModules.vts: init at v0.1.18 2018-07-29 14:54:08 +03:00
volth
52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
Izorkin
e76f382c75 nginxModules: sorting of modules alphabetically 2018-07-16 03:44:32 +00:00
Franz Pletz
0a5186a7cb
Merge pull request #43580 from Izorkin/nginx-modules
Update nginx modules
2018-07-15 21:56:09 +00:00
Izorkin
3a5d104a33 nginxModules.develkit: update to v0.3.1rc1 2018-07-16 00:25:36 +03:00
Izorkin
75b2940145 nginxModules.upstream-check: update to rev 9aecf15 2018-07-16 00:25:20 +03:00
Izorkin
c96d49733a nginxModules.statsd: update to rev b970e40 2018-07-16 00:25:01 +03:00
Izorkin
04eb0731fb nginxModules.pam: update to v1.5.1 2018-07-16 00:24:45 +03:00
Izorkin
eff0def7dc nginxModules.set-misc: update to v0.32 2018-07-16 00:24:27 +03:00
Izorkin
ea52907348 nginxModules.lua: update to v0.10.13 2018-07-16 00:24:14 +03:00
Izorkin
8584845aa1 nginxModules.moreheaders: update to v0.33 2018-07-16 00:23:41 +03:00
Izorkin
a16eee878f nginxModules.ipscrub: update to v1.0.1 2018-07-16 00:22:54 +03:00
Izorkin
11653f8e6b nginxModules.sla: init at 7778f01 2018-07-15 20:29:57 +00:00
Franz Pletz
3239ef84ea
nginxMainline: 1.13.12 -> 1.15.1 2018-07-15 21:41:45 +02:00
Izorkin
bfb393f55e nginx-fancyindex: init at 0.4.3 2018-07-15 20:07:34 +03:00
Matthew Bauer
af56538c89
Merge pull request #42687 from nh2/nginx-debug-build
nginx: Flag to build with debugging and parallel builds
2018-07-05 22:11:51 -04:00
Silvan Mosberger
57bccb3cb8 treewide: http -> https sources (#42676)
* treewide: http -> https sources

This updates the source urls of all top-level packages from http to
https where possible.

* buildtorrent: fix url and tab -> spaces
2018-06-28 20:43:35 +02:00
Niklas Hambüchen
c834fb39c3 nginx: Enable parallel building 2018-06-28 01:35:41 +02:00
Niklas Hambüchen
94d97fe290 nginx: Add withDebug argument 2018-06-28 01:35:41 +02:00
Will Dietz
516c5f54ed ngx_brotli: 0.1.1 -> 0.1.2
Fixes socket closing issues
(only happened in some circumstances AFAICT).
2018-06-18 10:41:24 -05:00
Johannes Frankenau
db5ab167df nginxModules.ipscrub: init at 99230f6 2018-05-13 17:31:54 +02:00
Michael Raskin
36f9b216eb nginxStable: 1.12.2 -> 1.14.0 2018-05-02 02:46:52 +02:00
Michael Raskin
18d73458c8 nginxMainline: 1.13.9 -> 1.13.12 2018-05-02 02:46:52 +02:00
Will Dietz
bec9726946 ngx_brotli: -> 0.1.1 2018-04-24 12:55:16 -05:00
Will Dietz
0fdc4cb94b ngx_brotli: update for fixes, zero copy. 2018-03-21 15:15:50 -05:00
Tuomas Tynkkynen
2fec9c6e29 Merge remote-tracking branch 'upstream/master' into staging
Conflicts:
	pkgs/development/tools/build-managers/conan/default.nix
2018-03-13 23:04:18 +02:00
John Ericson
eeb8419c6a ceph: Fix --with-file-aio logic for new meta.platforms and cross 2018-03-12 18:55:41 -04:00
Jan Malakhovski
7079e744d4 Merge branch 'master' into staging
Resolved the following conflicts (by carefully applying patches from the both
branches since the fork point):

   pkgs/development/libraries/epoxy/default.nix
   pkgs/development/libraries/gtk+/3.x.nix
   pkgs/development/python-modules/asgiref/default.nix
   pkgs/development/python-modules/daphne/default.nix
   pkgs/os-specific/linux/systemd/default.nix
2018-03-10 20:38:13 +00:00
Franz Pletz
94db63f5d4
nginxMainline: 1.13.8 -> 1.13.9 2018-03-05 15:49:07 +01:00
Will Dietz
40b14109d3 nginx/modules: brotli: no-op bump to latest that uses 1.0.2 as submodule
We have it use our system copy regardless, but might as well.

(yes, hash does not change, since we don't fetch submodule here)
2018-02-20 14:08:22 -06:00
Will Dietz
df9ebaf8c7 nginx/modules: use eustas' brotli module, google one is abandoned
This fork is also used by FreeBSD as of Dec 2017:
https://svnweb.freebsd.org/ports?view=revision&revision=455560

See also:
https://github.com/google/ngx_brotli/issues/62
2018-02-20 14:01:18 -06:00
Will Dietz
06e50006d4 nginxModules.pagespeed: be consistent about rev
Yes hash doesn't change, stable is copy of beta used previously.
2018-02-13 15:17:21 -06:00
Will Dietz
75068a6770 psol, ngx_pagespeed: 1.13.35.1 -> 1.13.35.2 2018-01-31 05:46:52 +09:00
adisbladis
67906744ec
Merge pull request #33658 from dtzWill/update/ngx_pagespeed
ngx_pagespeed, psol: 1.11.33.4 -> 1.13.35.1
2018-01-10 20:04:59 +08:00
Will Dietz
be2e01f8a0 ngx_pagespeed, psol: 1.11.33.4 -> 1.13.35.1
Fixes build when used with nginxMainline.

(FWIW, 1.11.33.4 is from 2016-09-15)
2018-01-09 10:57:17 -06:00
Will Dietz
0bbcfb0d6d nginxMainline: 1.13.6 -> 1.13.8
See http://nginx.org/en/CHANGES
2018-01-09 10:55:52 -06:00
Izorkin
37d66db7f9 modsecurity-nginx: 2017-08-23 -> 1.0.0 Stable 2017-12-21 23:41:38 +03:00
Jörg Thalheim
bc97af0b31
Merge pull request #32449 from Izorkin/ModSecurity-nginx
nginxModules.ModSecurity-beta: 2017-06-17 -> 2017-08-23
2017-12-16 23:21:12 -08:00
Izorkin
2c7912ce49 ModSecurity-nginx: update revision 2017-12-09 23:03:12 +03:00
Andreas Rammhold
a004f9f806
nginxModules.rtmp: v1.1.11 -> v1.2.1
adds support for gcc-7 and fixes nginx for #31747
2017-12-04 16:52:39 +01:00
Orivej Desh
6de0380378 nginxModules.brotli: 2015-11-18 -> 2016-12-02
This version bundles brotli.
2017-11-29 00:59:46 +00:00
Izorkin
cf6e90c104 nginx: add ModSecurity Nginx Connector (#28545)
nginx: add ModSecurity Nginx Connector
2017-11-26 07:57:19 -05:00
Vladimír Čunát
f90c468ea5
nginxModules.moreheaders: fix source hash
An amended git tag, apparently.  There are only changes in documentation
and whitespace changes in code.  Sigh.  Uncovered by c3255fe8ec.
2017-10-31 23:03:34 +01:00
Franz Pletz
0f0fcf84ce
nginx: 1.12.1 -> 1.12.2 2017-10-24 16:06:51 +02:00
Franz Pletz
0f01f8b882
nginxMainline: 1.13.5 -> 1.13.6 2017-10-14 20:07:27 +02:00
Franz Pletz
f03462eda8
nginxMainline: 1.13.4 -> 1.13.5 2017-10-02 20:24:48 +02:00
Vaibhav Sagar
dea2affe6c nginxModules.echo: 0.57 -> 0.61
This fixes #29555.
2017-09-21 11:01:35 +00:00