diff options
author | Jaka Hudoklin <jakahudoklin@gmail.com> | 2015-09-23 20:28:44 +0200 |
---|---|---|
committer | Jaka Hudoklin <jakahudoklin@gmail.com> | 2015-09-23 20:35:28 +0200 |
commit | 46828582abbfa7d45edb4528953cf6197b36d7f8 (patch) | |
tree | bee8113a9b87d3d82a18fd1eb321bc4371e9d371 /pkgs/servers | |
parent | 56b1f7934c9b07243e1c12a80f9125c74f6ad23b (diff) | |
download | nixlib-46828582abbfa7d45edb4528953cf6197b36d7f8.tar nixlib-46828582abbfa7d45edb4528953cf6197b36d7f8.tar.gz nixlib-46828582abbfa7d45edb4528953cf6197b36d7f8.tar.bz2 nixlib-46828582abbfa7d45edb4528953cf6197b36d7f8.tar.lz nixlib-46828582abbfa7d45edb4528953cf6197b36d7f8.tar.xz nixlib-46828582abbfa7d45edb4528953cf6197b36d7f8.tar.zst nixlib-46828582abbfa7d45edb4528953cf6197b36d7f8.zip |
nginx: add support for modescurity
Diffstat (limited to 'pkgs/servers')
-rw-r--r-- | pkgs/servers/http/nginx/default.nix | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/pkgs/servers/http/nginx/default.nix b/pkgs/servers/http/nginx/default.nix index 7888a772e2a5..54f4e1599b8c 100644 --- a/pkgs/servers/http/nginx/default.nix +++ b/pkgs/servers/http/nginx/default.nix @@ -1,11 +1,13 @@ { stdenv, fetchurl, fetchFromGitHub, openssl, zlib, pcre, libxml2, libxslt, expat , gd, geoip, luajit +, curl, apr, aprutil, apacheHttpd, yajl, libcap, modsecurity_standalone , rtmp ? false , fullWebDAV ? false , syslog ? false , moreheaders ? false , echo ? false -, ngx_lua ? false +, modsecurity ? false +, ngx_lua ? modsecurity || false , set_misc ? false , fluent ? false , extraModules ? [] @@ -48,6 +50,8 @@ let sha256 = "01wkqhk8mk8jgmzi7jbzmg5kamffx3lmhj5yfwryvnvs6xqs74wn"; }; + modsecurity-ext = modsecurity_standalone.nginx; + echo-ext = fetchFromGitHub { owner = "openresty"; repo = "echo-nginx-module"; @@ -93,7 +97,8 @@ stdenv.mkDerivation rec { buildInputs = [ openssl zlib pcre libxml2 libxslt gd geoip ] ++ optional fullWebDAV expat - ++ optional ngx_lua luajit; + ++ optional ngx_lua luajit + ++ optionals modsecurity [ curl apr aprutil apacheHttpd yajl ]; LUAJIT_LIB = if ngx_lua then "${luajit}/lib" else ""; LUAJIT_INC = if ngx_lua then "${luajit}/include/luajit-2.0" else ""; @@ -132,14 +137,17 @@ stdenv.mkDerivation rec { ++ optional echo "--add-module=${echo-ext}" ++ optional ngx_lua "--add-module=${develkit-ext} --add-module=${lua-ext}" ++ optional set_misc "--add-module=${set-misc-ext}" - ++ optionals (elem stdenv.system (with platforms; linux ++ freebsd)) + ++ optionals (elem stdenv.system (with platforms; linux ++ freebsd)) [ "--with-file-aio" "--with-aio_module" ] ++ optional fluent "--add-module=${fluentd}" + ++ optional modsecurity "--add-module=${modsecurity-ext}/nginx/modsecurity" ++ (map (m: "--add-module=${m}") extraModules); additionalFlags = optionalString stdenv.isDarwin "-Wno-error=deprecated-declarations -Wno-error=conditional-uninitialized"; + NIX_CFLAGS_COMPILE = optionalString modsecurity "-I${aprutil}/include/apr-1 -I${apacheHttpd}/include -I${apr}/include/apr-1 -I${yajl}/include"; + preConfigure = '' export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${libxml2}/include/libxml2 $additionalFlags" ''; |