Merge master into staging

4 files changed, 144 insertions, 4 deletions

diff --git a/pkgs/servers/http/h2o/default.nix b/pkgs/servers/http/h2o/default.nix
index e05624fa46c8..ceffd3e0260d 100644
--- a/pkgs/servers/http/h2o/default.nix
+++ b/pkgs/servers/http/h2o/default.nix
@@ -1,6 +1,6 @@
 { stdenv, fetchFromGitHub
 , pkgconfig, cmake
-, libressl_2_6, libuv, zlib
+, libressl, libuv, zlib
 }:
 
 with builtins;
@@ -16,8 +16,17 @@ stdenv.mkDerivation rec {
     sha256 = "0jyvbp6cjiirj44nxqa2fi5y473gnc8awfn8zv82hb1y9rlxqfyv";
   };
 
+  # We have to fix up some function prototypes, because despite upstream h2o
+  # issue #1705 (https://github.com/h2o/h2o/issues/1706), libressl 2.7+ doesn't
+  # seem to work
+  patchPhase = ''
+    substituteInPlace ./deps/neverbleed/neverbleed.c \
+      --replace 'static void RSA_' 'void RSA_' \
+      --replace 'static int RSA_'  'int RSA_'
+  '';
+
   nativeBuildInputs = [ pkgconfig cmake ];
-  buildInputs = [ libressl_2_6 libuv zlib ];
+  buildInputs = [ libressl libuv zlib ];
   enableParallelBuilding = true;
 
   meta = {
diff --git a/pkgs/servers/http/nginx/mainline.nix b/pkgs/servers/http/nginx/mainline.nix
index 5afd73c88686..ecde2430f522 100644
--- a/pkgs/servers/http/nginx/mainline.nix
+++ b/pkgs/servers/http/nginx/mainline.nix
@@ -1,6 +1,6 @@
 { callPackage, ... }@args:
 
 callPackage ./generic.nix (args // {
-  version = "1.15.1";
-  sha256 = "0q2lkpnfqf74p22vrcldx0gcnss3is7rnp54fgpvhcpqsxc6h867";
+  version = "1.15.2";
+  sha256 = "145dcypq8dqc5as03iy1ycwifwynq9p4i8m56fn7g0myryp0kfpf";
 })
diff --git a/pkgs/servers/http/nginx/modules.nix b/pkgs/servers/http/nginx/modules.nix
index 9f2cd319f0e7..0501bcc9e58b 100644
--- a/pkgs/servers/http/nginx/modules.nix
+++ b/pkgs/servers/http/nginx/modules.nix
@@ -94,6 +94,16 @@
     '';
   };
 
+  lua-upstream = {
+    src = fetchFromGitHub {
+      owner = "openresty";
+      repo = "lua-upstream-nginx-module";
+      rev = "v0.07";
+      sha256 = "1gqccg8airli3i9103zv1zfwbjm27h235qjabfbfqk503rjamkpk";
+    };
+    inputs = [ pkgs.luajit ];
+  };
+
   modsecurity = {
     src = "${pkgs.modsecurity_standalone.nginx}/nginx/modsecurity";
     inputs = [ pkgs.curl pkgs.apr pkgs.aprutil pkgs.apacheHttpd pkgs.yajl ];
@@ -215,6 +225,33 @@
     };
   };
 
+  stream-sts = {
+    src = fetchFromGitHub {
+      owner = "vozlt";
+      repo = "nginx-module-stream-sts";
+      rev = "v0.1.1";
+      sha256 = "1jdj1kik6l3rl9nyx61xkqk7hmqbncy0rrqjz3dmjqsz92y8zaya";
+    };
+  };
+
+  sts = {
+    src = fetchFromGitHub {
+      owner = "vozlt";
+      repo = "nginx-module-sts";
+      rev = "v0.1.1";
+      sha256 = "0nvb29641x1i7mdbydcny4qwlvdpws38xscxirajd2x7nnfdflrk";
+    };
+  };
+
+  sysguard = {
+    src = fetchFromGitHub {
+      owner = "vozlt";
+      repo = "nginx-module-sysguard";
+      rev = "e512897f5aba4f79ccaeeebb51138f1704a58608";
+      sha256 = "19c6w6wscbq9phnx7vzbdf4ay6p2ys0g7kp2rmc9d4fb53phrhfx";
+    };
+  };
+
   upstream-check = {
     src = fetchFromGitHub {
       owner = "yaoweibin";
@@ -234,6 +271,15 @@
     inputs = [ pkgs.msgpuck.dev pkgs.yajl ];
   };
 
+  url = {
+    src = fetchFromGitHub {
+      owner = "vozlt";
+      repo = "nginx-module-url";
+      rev = "9299816ca6bc395625c3683fbd2aa7b916bfe91e";
+      sha256 = "0mk1gjmfnry6hgdsnlavww9bn7223idw50jlkhh5k00q5509w4ip";
+    };
+  };
+
   vts = {
     src = fetchFromGitHub {
       owner = "vozlt";
diff --git a/pkgs/servers/http/tengine/default.nix b/pkgs/servers/http/tengine/default.nix
new file mode 100644
index 000000000000..36f326d5590b
--- /dev/null
+++ b/pkgs/servers/http/tengine/default.nix
@@ -0,0 +1,85 @@
+{ stdenv, fetchurl, openssl, zlib, pcre, libxml2, libxslt
+, gd, geoip
+, withDebug ? false
+, withMail ? false
+, withIPv6 ? true
+, modules ? []
+, ...
+}:
+
+with stdenv.lib;
+
+stdenv.mkDerivation rec {
+  version = "2.2.2";
+  name = "tengine-${version}";
+
+  src = fetchurl {
+    url = "https://github.com/alibaba/tengine/archive/${name}.tar.gz";
+    sha256 = "1vq73wsldvj7rc61ag85pvnaacrrq9rs0pfqv71z5iyvb5r3bxc2";
+  };
+
+  buildInputs =
+    [ openssl zlib pcre libxml2 libxslt gd geoip ]
+    ++ concatMap (mod: mod.inputs or []) modules;
+
+  configureFlags = [
+    "--with-http_ssl_module"
+    "--with-http_v2_module"
+    "--with-http_realip_module"
+    "--with-http_addition_module"
+    "--with-http_xslt_module"
+    "--with-http_geoip_module"
+    "--with-http_sub_module"
+    "--with-http_dav_module"
+    "--with-http_flv_module"
+    "--with-http_mp4_module"
+    "--with-http_gunzip_module"
+    "--with-http_gzip_static_module"
+    "--with-http_auth_request_module"
+    "--with-http_concat_module"
+    "--with-http_random_index_module"
+    "--with-http_secure_link_module"
+    "--with-http_degradation_module"
+    "--with-http_stub_status_module"
+    "--with-http_sysguard_module"
+    "--with-threads"
+    "--with-pcre-jit"
+    "--with-http_slice_module"
+  ] ++ optional withDebug [
+    "--with-debug"
+  ] ++ optional withMail [
+    "--with-mail"
+    "--with-mail_ssl_module"
+  ] ++ optional (withMail != true) [
+    "--without-mail_pop3_module"
+    "--without-mail_imap_module"
+    "--without-mail_smtp_module"
+  ] ++ optional withIPv6 [
+    "--with-ipv6"
+  ] ++ optional (gd != null) "--with-http_image_filter_module"
+    ++ optional (with stdenv.hostPlatform; isLinux || isFreeBSD) "--with-file-aio"
+    ++ map (mod: "--add-module=${mod.src}") modules;
+
+  NIX_CFLAGS_COMPILE = [
+    "-I${libxml2.dev}/include/libxml2"
+    "-Wno-error=implicit-fallthrough"
+  ] ++ optional stdenv.isDarwin "-Wno-error=deprecated-declarations";
+
+  preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules);
+
+  hardeningEnable = optional (!stdenv.isDarwin) "pie";
+
+  enableParallelBuilding = true;
+
+  postInstall = ''
+    mv $out/sbin $out/bin
+  '';
+
+  meta = {
+    description = "A web server based on Nginx and has many advanced features, originated by Taobao.";
+    homepage    = https://tengine.taobao.org;
+    license     = licenses.bsd2;
+    platforms   = platforms.all;
+    maintainers = with maintainers; [ izorkin ];
+  };
+}