%global _hardened_build 1 %global nginx_user nginx %global real_name nginx %global nginx_home %{_localstatedir}/lib/nginx %global ssl_prefix /usr %global with_ktls 1 %undefine _strict_symbol_defs_build %if 0%{?rhel} %bcond_with mailcap_mimetypes %else %bcond_without mailcap_mimetypes %endif %bcond_without certmin_patches %bcond_without geoip2 %bcond_without lua %bcond_without brotli %bcond_without fancyindex %bcond_without vts %bcond_without echo %bcond_with http3 %if 0%{?rhel} >= 8 %bcond_with gperftools %else # gperftools exist only on selected arches %ifnarch s390 s390x ppc64 ppc64le %bcond_without gperftools %endif %endif %global _suffix -cp %if %{with http3} %global _suffix -h3 %endif # specific package versions %if %{with lua} %global luamod_ver 0.10.26 %global ndk_ver 0.3.1 %endif %global openssl_ver 3.0 %global fi_ver 0.5.2 %global hm_ver 0.34 %global geoip2_ver 3.4 %global vts_ver 0.2.2 %global echo_ver 0.63 Name: nginx%{_suffix} Epoch: 1 Version: 1.26.2 Release: 1%{?dist} Summary: A high performance web server and reverse proxy server Group: System Environment/Daemons # BSD License (two clause) # http://www.freebsd.org/copyright/freebsd-license.html License: BSD URL: http://nginx.org/ Source0: http://nginx.org/download/nginx-%{version}.tar.gz Source9: nginx.init Source10: nginx.service Source11: nginx.logrotate Source12: nginx.conf Source13: nginx-upgrade Source14: nginx-upgrade.8 Source100: index.html Source101: poweredby.png Source102: nginx-logo.png Source103: 404.html Source104: 50x.html Source200: README.dynamic Source301: https://github.com/openresty/headers-more-nginx-module/archive/v%{hm_ver}.tar.gz %if %{with lua} Source302: https://github.com/openresty/lua-nginx-module/archive/refs/tags/v%{luamod_ver}.tar.gz Source304: https://github.com/vision5/ngx_devel_kit/archive/refs/tags/v%{ndk_ver}.tar.gz %endif Source305: https://github.com/vkholodkov/nginx-eval-module/archive/refs/tags/1.0.4.tar.gz %if %{with fancyindex} Source306: https://github.com/aperezdc/ngx-fancyindex/releases/download/v%{fi_ver}/ngx-fancyindex-%{fi_ver}.tar.xz %endif %if %{with geoip2} Source310: https://github.com/leev/ngx_http_geoip2_module/archive/%{geoip2_ver}.tar.gz %endif %if %{with brotli} # https://github.com/google/ngx_brotli/archive/refs/heads/master.zip Source321: ngx_brotli-master.zip %endif %if %{with vts} Source322: https://github.com/vozlt/nginx-module-vts/archive/refs/tags/v%{vts_ver}.tar.gz#/nginx-module-vts-%{vts_ver}.tar.gz %endif %if %{with echo} Source323: https://github.com/openresty/echo-nginx-module/archive/refs/tags/v%{echo_ver}.tar.gz %endif # removes -Werror in upstream build scripts. -Werror conflicts with # -D_FORTIFY_SOURCE=2 causing warnings to turn into errors. Patch0: nginx-auto-cc-gcc.patch # Fix PIDFile race condition Patch1: 0002-fix-PIDFile-handling.patch %if %{with certmin_patches} # Dynamic TLS records patch Patch3: nginx_dynamic_tls_records.patch %endif %if %{with brotli} Patch4: ngx_brotli-config.patch %endif %if %{with lua} Patch5: nginx-1.24-lua-mod-lowering-luajit-alert-severity.patch %endif BuildRequires: make binutils BuildRequires: gcc >= 4.8 %if %{with gperftools} BuildRequires: gperftools-devel %endif %if %{with http3} BuildRequires: pkgconfig(openssl) >= 3.8 %else BuildRequires: pkgconfig(openssl) >= %{openssl_ver} BuildRequires: pkgconfig(openssl) < 3.5 %endif BuildRequires: pcre2-devel BuildRequires: zlib-devel BuildRequires: pkgconfig(gdlib) BuildRequires: libxslt-devel BuildRequires: redhat-rpm-config %if %{with geoip2} BuildRequires: libmaxminddb-devel Requires: libmaxminddb %else BuildRequires: GeoIP-devel %endif %if 0%{?rhel} <= 7 Requires: system-logos redhat-indexhtml %else Requires: system-logos-httpd %endif %if 0%{?rhel} >= 7 Requires: %{name}-filesystem = %{epoch}:%{version}-%{release} Requires(pre): %{name}-filesystem %endif %if %{with brotli} BuildRequires: brotli-devel Requires: brotli %endif Requires: gd BuildRequires: perl-devel %if 0%{?rhel} >= 7 BuildRequires: perl-generators %endif BuildRequires: perl(ExtUtils::Embed) BuildRequires: pkgconfig(libxslt) libxml2-devel %if %{with lua} %if 0%{?rhel} >= 7 BuildRequires: luajit2-devel lua-devel Requires: lua luajit2 %else BuildRequires: luajit-devel lua-devel Requires: lua luajit lua-socket %endif Requires: lua luajit2 lua-socket Requires: lua-resty-core >= 0.1.26 %endif Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) Requires: pcre2 %if %{with mailcap_mimetypes} Requires: nginx-mimetypes %else Conflicts: nginx-mimetypes %endif Provides: webserver %if 0%{rhel} == 8 Modularitylabel: %{name}:stable:%{version}:latest %endif Provides: nginx Provides: nginx%{_isa} = %{epoch}:%{version}-%{release} Provides: nginx(abi) = %{epoch}:%{version}-%{release} Provides: config(nginx) = %{epoch}:%{version}-%{release} Obsoletes: nginx <= %{epoch}:%{version}-%{release} %if %{with http3} Conflicts: nginx-cp %else Conflicts: nginx-h3 %endif %if 0%{?rhel} >= 7 BuildRequires: systemd Requires(post): systemd Requires(preun): systemd Requires(postun): systemd %else Requires(pre): shadow-utils Requires(post): chkconfig Requires(preun): chkconfig, initscripts Requires(postun): initscripts Provides: nginx-filesystem = %{version}-%{release} %endif # Provides section Provides: ngx_http_headers_more_filter_module = %{hm_ver} Provides: ngx_http_eval_module = 1.0.4 %if %{with lua} Provides: ngx_http_lua_module = %{luamod_ver} ngx_stream_lua_module %endif %if %{with fancyindex} Provides: ngx_http_fancyindex_module = %{fi_ver} %endif %if %{with geoip2} Provides: ngx_http_geoip2_module = %{geoip2_ver} %endif %if %{with brotli} Provides: ngx_http_brotli_filter_module = %{geoip2_ver} Provides: ngx_http_brotli_static_module = %{geoip2_ver} %endif %description Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. This package was designed for cPanel and contains several additional modules and features: - ngx_http_headers_more_filter_module - ngx_brotli* - ngx_http_eval_module - ngx_http_geoip2_module - ngx_http_fancyindex_module - ngx_http_lua_module includes dynamic-ssl-record-size patch from certminmod TFO support enabled %if 0%{?rhel} >= 7 %package filesystem Group: System Environment/Daemons Summary: The basic directory layout for the Nginx server BuildArch: noarch Requires(pre): shadow-utils Provides: nginx-filesystem = %{version}-%{release} %description filesystem The nginx-filesystem package contains the basic directory layout for the Nginx server including the correct permissions for the directories. %endif %if %{with echo} %package -n nginx-module-echo Summary: Brings "echo", "sleep", "time", "exec" and more shell-style goodies to Nginx config file. Requires: nginx(abi) = %{epoch}:%{version}-%{release} Obsoletes: nginx-cp-modile-echo <= %{epoch}:%{version}-%{release} Obsoletes: nginx-h3-modile-echo <= %{epoch}:%{version}-%{release} %description -n nginx-module-echo %{summary}. %endif %if %{with vts} %package -n nginx-module-vts Summary: Nginx virtual host traffic status module Requires: %{name} = %{epoch}:%{version}-%{release} Provides: ngx_http_vhost_traffic_status_module == %{vts_ver} Requires: nginx(abi) = %{epoch}:%{version}-%{release} Obsoletes: nginx-cp-modile-vts <= %{epoch}:%{version}-%{release} Obsoletes: nginx-h3-modile-vts <= %{epoch}:%{version}-%{release} %description -n nginx-module-vts This is an Nginx module that provides access to virtual host status information. It contains the current status such as servers, upstreams, caches. This is similar to the live activity monitoring of nginx plus. %endif %prep %setup -q -n %{real_name}-%{version} %patch0 -p0 %if %{with certmin_patches} %patch3 -p1 -b .cloudflare %endif cp %{SOURCE200} . tar -xf %{SOURCE301} %if %{with lua} tar -xf %{SOURCE302} tar -xf %{SOURCE304} %patch5 -p1 -b .luajit %endif tar -xf %{SOURCE305} %if %{with fancyindex} tar -xf %{SOURCE306} %endif %if %{with geoip2} tar -xf %{SOURCE310} %endif %if %{with brotli} unzip -qq %{SOURCE321} %endif %if %{with vts} tar -xf %{SOURCE322} %endif %if %{with echo} tar -xf %{SOURCE323} %endif %if 0%{?rhel} < 8 sed -i -e 's#KillMode=.*#KillMode=process#g' %{SOURCE10} sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' %{SOURCE12} %endif %if %{with lua} %if 0%{?fedora} >= 22 || 0%{?rhel} >= 7 sed -i '1 i\LUAJIT_INC=%{_includedir}/luajit2/' lua-nginx-module-%{luamod_ver}/config sed -i 's/-lluajit-5.1/-lluajit2-5.1/g' lua-nginx-module-%{luamod_ver}/config %else sed -i '1 i\LUAJIT_INC=%{_includedir}/luajit-2.0/' lua-nginx-module-%{luamod_ver}/config %endif sed -i '1 i\LUAJIT_LIB=%{_libdir}' lua-nginx-module-%{luamod_ver}/config %endif %build # nginx does not utilize a standard configure script. It has its own # and the standard configure options cause the nginx configure script # to error out. This is is also the reason for the DESTDIR environment # variable. ngx_ldflags="$RPM_LD_FLAGS -Wl,-E" ngx_cflags="%{optflags} $(pcre2-config --cflags) -DTCP_FASTOPEN=23 -fPIC" %if %{with http3} ngx_cflags="-I%{ssl_prefix}/include/libressl $ngx_cflags" %else %if 0%{?rhel} <= 8 ngx_cflags="-I%{ssl_prefix}/include/openssl3 $ngx_cflags" %endif %endif %if %{with lua} ngx_cflags="-DNGX_LUA_ABORT_AT_PANIC $ngx_cflags" %endif export DESTDIR=%{buildroot} ./configure \ --build="Custom build with TFO support" \ --prefix=%{_datadir}/nginx \ --sbin-path=%{_sbindir}/nginx \ --modules-path=%{_libdir}/nginx/modules \ --conf-path=%{_sysconfdir}/nginx/nginx.conf \ --error-log-path=%{_localstatedir}/log/nginx/error_log \ --http-log-path=%{_localstatedir}/log/nginx/access_log \ --http-client-body-temp-path=%{_localstatedir}/lib/nginx/tmp/client_body \ --http-proxy-temp-path=%{_localstatedir}/lib/nginx/tmp/proxy \ --http-fastcgi-temp-path=%{_localstatedir}/lib/nginx/tmp/fastcgi \ --http-uwsgi-temp-path=%{_localstatedir}/lib/nginx/tmp/uwsgi \ --http-scgi-temp-path=%{_localstatedir}/lib/nginx/tmp/scgi \ %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 --pid-path=/run/nginx.pid \ --lock-path=/run/lock/subsys/nginx \ %else --pid-path=%{_localstatedir}/run/nginx.pid \ --lock-path=%{_localstatedir}/lock/subsys/nginx \ %endif --user=%{nginx_user} \ --group=%{nginx_user} \ --with-file-aio \ --with-threads \ --with-http_ssl_module \ --with-http_v2_module \ %if %{with http3} --with-http_v3_module \ %endif --with-http_realip_module \ --with-http_addition_module \ --with-http_xslt_module=dynamic \ --with-http_image_filter_module=dynamic \ --with-http_sub_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_random_index_module \ --with-http_secure_link_module \ --with-http_degradation_module \ --with-http_slice_module \ --with-http_stub_status_module \ --with-http_perl_module=dynamic \ --with-mail=dynamic \ --with-mail_ssl_module \ --with-pcre \ --with-pcre-jit \ %if 0%{?with_ktls} --with-openssl-opt=enable-ktls \ %endif --with-stream=dynamic \ --with-stream_ssl_module \ --with-stream_ssl_preread_module \ --with-debug \ --with-compat \ --add-dynamic-module=nginx-eval-module-1.0.4 \ --add-dynamic-module=headers-more-nginx-module-%{hm_ver} \ %if %{with gperftools} --with-google_perftools_module \ %endif %if %{with geoip2} --add-dynamic-module=ngx_http_geoip2_module-%{geoip2_ver} \ %else --with-http_geoip_module=dynamic \ --with-stream_geoip_module=dynamic \ %endif %if %{with fancyindex} --add-dynamic-module=ngx-fancyindex-%{fi_ver} \ %endif %if %{with lua} --add-dynamic-module=ngx_devel_kit-%{ndk_ver} \ --add-dynamic-module=lua-nginx-module-%{luamod_ver} \ %endif %if %{with vts} --add-dynamic-module=nginx-module-vts-%{vts_ver} \ %endif %if %{with brotli} --add-dynamic-module=ngx_brotli-master \ %endif %if %{with echo} --add-dynamic-module=echo-nginx-module-%{echo_ver} \ %endif --with-ld-opt="$ngx_ldflags" \ --with-cc-opt="$ngx_cflags" make %{?_smp_mflags} %install make install DESTDIR=%{buildroot} INSTALLDIRS=vendor find %{buildroot} -type f -name .packlist -exec rm -f '{}' \; find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \; find %{buildroot} -type f -empty -exec rm -f '{}' \; find %{buildroot} -type f -iname '*.so' -exec chmod 0755 '{}' \; install -p -D -m 0644 %{SOURCE11} \ %{buildroot}%{_sysconfdir}/logrotate.d/nginx %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 install -p -D -m 0644 %{SOURCE10} \ %{buildroot}%{_unitdir}/nginx.service %else install -p -D -m 0755 %{SOURCE9} \ %{buildroot}%{_initrddir}/%{real_name} sed -i 's@cat /run/nginx@cat /var/run/nginx@g' \ %{buildroot}%{_sysconfdir}/logrotate.d/nginx %endif install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/conf.d install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/default.d install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/vhosts.d install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/includes install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/ssl install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/modules.d install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/users install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx/tmp install -p -d -m 0700 %{buildroot}%{_localstatedir}/log/nginx install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/html install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/modules install -p -d -m 0755 %{buildroot}%{_libdir}/nginx/modules install -p -m 0644 %{SOURCE12} \ %{buildroot}%{_sysconfdir}/nginx install -p -m 0644 %{SOURCE100} \ %{buildroot}%{_datadir}/nginx/html install -p -m 0644 %{SOURCE101} %{SOURCE102} \ %{buildroot}%{_datadir}/nginx/html install -p -m 0644 %{SOURCE103} %{SOURCE104} \ %{buildroot}%{_datadir}/nginx/html %if %{with mailcap_mimetypes} rm -f %{buildroot}%{_sysconfdir}/nginx/mime.types %endif install -p -D -m 0644 %{_builddir}/nginx-%{version}/man/nginx.8 \ %{buildroot}%{_mandir}/man8/nginx.8 install -p -D -m 0755 %{SOURCE13} %{buildroot}%{_bindir}/nginx-upgrade install -p -D -m 0644 %{SOURCE14} %{buildroot}%{_mandir}/man8/nginx-upgrade.8 for i in ftdetect indent syntax; do install -p -D -m644 contrib/vim/${i}/nginx.vim \ %{buildroot}%{_datadir}/vim/vimfiles/${i}/nginx.vim done %if %{with geoip2} echo 'load_module "%{_libdir}/nginx/modules/ngx_http_geoip2_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-http-geoip2.conf echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_geoip2_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-str-geoip2.conf %else echo 'load_module "%{_libdir}/nginx/modules/ngx_http_geoip_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-http-geoip.conf %endif echo 'load_module "%{_libdir}/nginx/modules/ngx_http_image_filter_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-http-image-filter.conf echo 'load_module "%{_libdir}/nginx/modules/ngx_http_perl_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-http-perl.conf echo 'load_module "%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-http-xslt-filter.conf echo 'load_module "%{_libdir}/nginx/modules/ngx_mail_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-mail.conf echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-stream.conf echo 'load_module "%{_libdir}/nginx/modules/ngx_http_headers_more_filter_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-http-headers-more-filter.conf %if %{with lua} echo 'load_module "%{_libdir}/nginx/modules/ngx_http_lua_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-http-lua.conf echo 'load_module "%{_libdir}/nginx/modules/ndk_http_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-http-ndk.conf %endif echo 'load_module "%{_libdir}/nginx/modules/ngx_http_eval_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-http-eval.conf %if %{with fancyindex} echo 'load_module "%{_libdir}/nginx/modules/ngx_http_fancyindex_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-http-fancyindex.conf %endif %if %{with brotli} echo -e 'load_module "%{_libdir}/nginx/modules/ngx_http_brotli_filter_module.so"; load_module "%{_libdir}/nginx/modules/ngx_http_brotli_static_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-http-brotli.conf %endif %if %{with vts} echo -e 'load_module "%{_libdir}/nginx/modules/ngx_http_vhost_traffic_status_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-http-vhost-traffic-status.conf %endif %if %{with echo} echo -e 'load_module "%{_libdir}/nginx/modules/ngx_http_echo_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-http-echo.conf %endif mv -f %{buildroot}%{_sysconfdir}/nginx/*.default %{buildroot}%{_sysconfdir}/nginx/default.d/ %if 0%{?fedora} < 19 || 0%{?rhel} < 7 sed -i 's@pid /run@pid /var/run@g' %{buildroot}%{_sysconfdir}/nginx/nginx.conf %endif %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 %pre filesystem getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user} getent passwd %{nginx_user} > /dev/null || \ useradd -r -d %{_localstatedir}/lib/nginx -g %{nginx_user} \ -s /sbin/nologin -c "Nginx web server" %{nginx_user} exit 0 %else %pre getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user} getent passwd %{nginx_user} > /dev/null || \ useradd -r -d %{_localstatedir}/lib/nginx -g %{nginx_user} \ -s /sbin/nologin -c "Nginx web server" %{nginx_user} exit 0 %endif %post %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 %systemd_post nginx.service %else if [ $1 == 1 ]; then /sbin/chkconfig --add %{real_name} fi %endif if [ $1 -eq 2 ]; then # Make sure these directories are not world readable. chmod 700 %{_localstatedir}/lib/nginx chmod 700 %{_localstatedir}/lib/nginx/tmp chmod 700 %{_localstatedir}/log/nginx fi if [ ! -f /etc/nginx/ssl/dh4096.pem ]; then echo 'Generating Diffie Hellman key...' openssl dhparam -dsaparam -out /etc/nginx/ssl/dh4096.pem 4096 fi %preun %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 %systemd_preun nginx.service %else if [ $1 = 0 ]; then /sbin/service %{real_name} stop >/dev/null 2>&1 /sbin/chkconfig --del %{real_name} fi %endif %postun %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 %systemd_postun nginx.service if [ $1 -ge 1 ]; then /usr/bin/nginx-upgrade >/dev/null 2>&1 || : fi %else if [ $1 == 2 ]; then /sbin/service %{real_name} upgrade || : fi %endif %files %{!?_licensedir:%global license %doc} %license LICENSE %doc CHANGES README README.dynamic %{_datadir}/nginx/html/* %{_bindir}/nginx-upgrade %{_sbindir}/nginx %{_datadir}/vim/vimfiles/ftdetect/nginx.vim %{_datadir}/vim/vimfiles/syntax/nginx.vim %{_datadir}/vim/vimfiles/indent/nginx.vim %{_mandir}/man3/nginx.3pm* %{_mandir}/man8/nginx.8* %{_mandir}/man8/nginx-upgrade.8* %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 %{_unitdir}/nginx.service %else %{_initrddir}/%{real_name} %endif %config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf %config(noreplace) %{_sysconfdir}/nginx/default.d/fastcgi.conf.default %config(noreplace) %{_sysconfdir}/nginx/fastcgi_params %config(noreplace) %{_sysconfdir}/nginx/default.d/fastcgi_params.default %config(noreplace) %{_sysconfdir}/nginx/koi-utf %config(noreplace) %{_sysconfdir}/nginx/koi-win %if %{without mailcap_mimetypes} %config(noreplace) %{_sysconfdir}/nginx/mime.types %endif %config(noreplace) %{_sysconfdir}/nginx/default.d/mime.types.default %config(noreplace) %{_sysconfdir}/nginx/nginx.conf %config(noreplace) %{_sysconfdir}/nginx/default.d/nginx.conf.default %config(noreplace) %{_sysconfdir}/nginx/scgi_params %config(noreplace) %{_sysconfdir}/nginx/default.d/scgi_params.default %config(noreplace) %{_sysconfdir}/nginx/uwsgi_params %config(noreplace) %{_sysconfdir}/nginx/default.d/uwsgi_params.default %config(noreplace) %{_sysconfdir}/nginx/win-utf %config(noreplace) %{_sysconfdir}/logrotate.d/nginx %attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/lib/nginx %attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/lib/nginx/tmp %attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/log/nginx %dir %{perl_vendorarch}/auto/nginx %{perl_vendorarch}/nginx.pm %{perl_vendorarch}/auto/nginx/nginx.so %dir %{_libdir}/nginx/modules %{_datadir}/nginx/modules/mod-* %{_libdir}/nginx/modules/*.so %if %{with lua} %doc lua-nginx-module-%{luamod_ver}/README.markdown ngx_devel_kit-%{ndk_ver}/README.md %endif %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 %files filesystem %endif %dir %{_datadir}/nginx %dir %{_datadir}/nginx/html %dir %{_sysconfdir}/nginx %dir %{_sysconfdir}/nginx/conf.d %dir %{_sysconfdir}/nginx/default.d %dir %{_sysconfdir}/nginx/vhosts.d %dir %{_sysconfdir}/nginx/includes %dir %{_sysconfdir}/nginx/users %dir %{_sysconfdir}/nginx/ssl %if %{with echo} %files -n nginx-module-echo %{_libdir}/nginx/modules/ngx_http_echo_module.so %{_datadir}/nginx/modules/mod-http-echo.conf %endif %if %{with vts} %files -n nginx-module-vts %{_libdir}/nginx/modules/ngx_http_vhost_traffic_status_module.so %{_datadir}/nginx/modules/mod-http-vhost-traffic-status.conf %endif %changelog * Thu Aug 15 2024 Raven - 1.26.2-1 - new stable version * Sat Jun 1 2024 Raven - 1.26.1-1 - new stable version * Tue May 14 2024 Raven - 1.26.0-2 - add conditional build of echo module * Wed Apr 24 2024 Raven - 1.26.0-1 - new stable version - get rid of http2 HPACK - add http3 build ability * Mon Apr 8 2024 Raven - 1.24.0-5 - upgrade lua-nginx-module to 0.10.26 * Mon Nov 20 2023 Raven - 1.24.0-4 - import lua module from master branch to build with PCRE2 support - use OS native gcc compiler * Wed Oct 25 2023 Raven - 1.24.0-3 - backported 284a0c7 and c93cb45 from 1.25.3 * Mon Oct 23 2023 Raven - 1.24.0-2 - CVE-2023-44487 patch included - add nginx-cp-module-vts subpackage * Wed Apr 12 2023 Raven - 1.24.0-1 - new stable version - upgrade lua-nginx-module to 0.10.24 - upgrade headers-more-nginx-module version to 0.34 * Mon Mar 27 2023 Raven - 1.22.1-3 - added fancyindex module - upgrade geoip2 to 3.4 * Fri Dec 23 2022 Raven - 1.22.1-2 - rebuilt for openssl3-devel - spec file cleanup * Thu Oct 20 2022 Raven - 1.22.1-1 - update to 1.22.1 (fix for CVE-2022-41741 and CVE-2022-41742) * Fri Oct 14 2022 Raven - 1.22.0-5 - disable modularity for el9 * Tue Jul 12 2022 Raven - 1.22.0-4 - rebuilt with luajit2 * Mon May 30 2022 Raven - 1.22.0-2 - rebuild with pcre instead of pcre2 as an ugly fix for this https://github.com/openresty/lua-nginx-module/issues/1984 * Wed May 25 2022 Raven - 1.22.0-1 - new stable version * Thu Mar 17 2022 Raven - 1.20.2-2 - rebuild el7 branch for rx-openssl upgrade * Thu Nov 18 2021 Raven - 1.20.2-1 - update to 1.20.2 * Wed May 26 2021 Raven - 1.20.1-1 - new release that fixes CVE-2021-23017 * Wed Apr 28 2021 Raven - 1.20.0-2 - remove Cloudflare patch for CHACHA reprioritizing (use ssl_conf_command instead) * Wed Apr 21 2021 Raven - 1.20.0-1 - new stable version * Sat Mar 27 2021 Raven - 1.18.1-6 - supress zlib-ng memory allocation alerts * Fri Jan 15 2021 Raven - 1.18.1-5 - fix modularity label for el8 * Fri May 1 2020 Raven - 1.18.1-3 - build with gcc8 * Wed Apr 22 2020 Raven - 1.18.1-2 - fix dependencies * Wed Apr 22 2020 Raven - 1.18.1-1 - update nginx to latest stable release * Wed Mar 25 2020 Raven - 1.16.1-2 - switch to rx-openssl-1.1.1c - use GeoIP2 instead of GeoIP * Tue Aug 20 2019 Raven - 1.16.1-1 - update to 1.16.1 * Thu Jul 25 2019 Raven - 1.16.0-6 - switch to brotli from epel * Thu May 16 2019 Raven - 1.16.0-1 - update to 1.16.0 - compile with gcc7 * Tue Dec 4 2018 Raven - 1.14.2-2 - update to 1.14.2 * Wed Nov 7 2018 Raven - 1.14.1-1 - update to 1.14.1 * Mon Oct 1 2018 Raven - 1.14.0-11 - bye bye SPDY * Wed Aug 15 2018 Raven - 1.14.0-9 - build with lua 5.3 for el7 * Tue Jul 03 2018 Raven - 1.14.0-6 - el6 compat * Tue Jul 03 2018 Raven - 1.14.0-5 - ld error fix * Tue Jul 03 2018 Raven - 1.14.0-4 - build with external OpenSSL 1.1.0h * Tue Jun 26 2018 Raven - 1.14.0-3 - add ngx_brotli module * Wed May 02 2018 Raven - 1.14.0-2 - update Cloudflare patches - update openresty modules - enable TLSv1.3 using builtin openssl-1.1.1 * Tue May 01 2018 Raven - 1.14.0-1 - update to nginx 1.14.0 * Thu Jan 25 2018 Raven - 1.12.2-1 - switch to common libressl - update to 1.12.2 * Thu Nov 30 2017 Raven - 1.12.1-3 - add openresty lua module - add eval module * Wed Nov 29 2017 Raven - 1.12.1-2 - return to system OpenSSL * Mon Sep 04 2017 Raven - 1.12.1-1 - update to version 1.12.1 - update OpenSSL to version 1.1.0f - add CloudFlare patch to set dynamic TCP window size * Wed May 10 2017 Raven - 1.12.0-3 - el6 adaptations * Tue Apr 18 2017 Raven - 1.12.0-2 - add CloudFlare patch to enable http/2 and SPDY both - add OpenResty headers-more module * Fri Apr 14 2017 Raven - 1.12.0-1 - update to nginx 1.12.0 - include openssl 1.0.2k into build - add TFO support - add threads - merge plugins into main package * Mon Oct 31 2016 Jamie Nguyen - 1.10.2-1 - update to upstream release 1.10.2 * Tue May 31 2016 Jamie Nguyen - 1.10.1-1 - update to upstream release 1.10.1 * Sun May 15 2016 Jitka Plesnikova - 1.10.0-4 - Perl 5.24 rebuild * Sun May 8 2016 Peter Robinson 1:1.10.0-3 - Enable AIO on aarch64 (rhbz 1258414) * Wed Apr 27 2016 Jamie Nguyen - 1.10.0-2 - only Require nginx-all-modules for EPEL and current Fedora releases * Wed Apr 27 2016 Jamie Nguyen - 1.10.0-1 - update to upstream release 1.10.0 - split dynamic modules into subpackages - spec file cleanup * Thu Feb 04 2016 Fedora Release Engineering - 1.8.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Tue Jan 26 2016 Jamie Nguyen - 1.8.1-1 - update to upstream release 1.8.1 - CVE-2016-0747: Insufficient limits of CNAME resolution in resolver - CVE-2016-0746: Use-after-free during CNAME response processing in resolver - CVE-2016-0742: Invalid pointer dereference in resolver * Sun Oct 04 2015 Jamie Nguyen - 1.8.0-14 - consistently use '%%global with_foo' style of logic - remove PID file before starting nginx (#1268621) * Fri Sep 25 2015 Ville Skyttä - 1.8.0-13 - Use nginx-mimetypes from mailcap (#1248736) - Mark LICENSE as %%license * Thu Sep 10 2015 Jamie Nguyen - 1.8.0-12 - also build with gperftools on aarch64 (#1258412) * Wed Aug 12 2015 Nikos Mavrogiannopoulos - 1.8.0-11 - nginx.conf: added commented-out SSL configuration directives (#1179232) * Fri Jul 03 2015 Jamie Nguyen - 1.8.0-10 - switch back to /bin/kill in logrotate script due to SELinux denials * Tue Jun 16 2015 Jamie Nguyen - 1.8.0-9 - fix path to png in error pages (#1232277) - optimize png images with optipng * Sun Jun 14 2015 Jamie Nguyen - 1.8.0-8 - replace /bin/kill with /usr/bin/systemctl kill in logrotate script (#1231543) - remove After=syslog.target in nginx.service (#1231543) - replace ExecStop with KillSignal=SIGQUIT in nginx.service (#1231543) * Wed Jun 03 2015 Jitka Plesnikova - 1.8.0-7 - Perl 5.22 rebuild * Sun May 10 2015 Jamie Nguyen - 1.8.0-6 - revert previous change * Sun May 10 2015 Jamie Nguyen - 1.8.0-5 - move default server to default.conf (#1220094) * Sun May 10 2015 Jamie Nguyen - 1.8.0-4 - add TimeoutStopSec=5 and KillMode=mixed to nginx.service - set worker_processes to auto - add some common options to the http block in nginx.conf - run nginx-upgrade on package update - remove some redundant scriptlet commands - listen on ipv6 for default server (#1217081) * Wed Apr 22 2015 Jamie Nguyen - 1.8.0-3 - improve nginx-upgrade script * Wed Apr 22 2015 Jamie Nguyen - 1.8.0-2 - add --with-pcre-jit * Wed Apr 22 2015 Jamie Nguyen - 1.8.0-1 - update to upstream release 1.8.0 * Thu Apr 09 2015 Jamie Nguyen - 1.7.12-1 - update to upstream release 1.7.12 * Sun Feb 15 2015 Jamie Nguyen - 1.7.10-1 - update to upstream release 1.7.10 - remove systemd conditionals * Wed Oct 22 2014 Jamie Nguyen - 1.6.2-4 - fix package ownership of directories * Wed Oct 22 2014 Jamie Nguyen - 1.6.2-3 - add vim files (#1142849) * Mon Sep 22 2014 Jamie Nguyen - 1.6.2-2 - create nginx-filesystem subpackage (patch from Remi Collet) - create /etc/nginx/default.d as a drop-in directory for configuration files for the default server block - clean up nginx.conf * Wed Sep 17 2014 Jamie Nguyen - 1.6.2-1 - update to upstream release 1.6.2 - CVE-2014-3616 nginx: virtual host confusion (#1142573) * Wed Aug 27 2014 Jitka Plesnikova - 1.6.1-4 - Perl 5.20 rebuild * Sun Aug 17 2014 Fedora Release Engineering - 1.6.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Tue Aug 05 2014 Jamie Nguyen - 1.6.1-2 - add logic for EPEL 7 * Tue Aug 05 2014 Jamie Nguyen - 1.6.1-1 - update to upstream release 1.6.1 - (#1126891) CVE-2014-3556: SMTP STARTTLS plaintext injection flaw * Wed Jul 02 2014 Yaakov Selkowitz - 1.6.0-3 - Fix FTBFS on aarch64 (#1115559) * Sat Jun 07 2014 Fedora Release Engineering - 1.6.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Apr 26 2014 Jamie Nguyen - 1.6.0-1 - update to upstream release 1.6.0 * Tue Mar 18 2014 Jamie Nguyen - 1.4.7-1 - update to upstream release 1.4.7 * Wed Mar 05 2014 Jamie Nguyen - 1.4.6-1 - update to upstream release 1.4.6 * Sun Feb 16 2014 Jamie Nguyen - 1.4.5-2 - avoid multiple index directives (#1065488) * Sun Feb 16 2014 Jamie Nguyen - 1.4.5-1 - update to upstream release 1.4.5 * Wed Nov 20 2013 Peter Borsa - 1.4.4-1 - Update to upstream release 1.4.4 - Security fix BZ 1032267 * Sun Nov 03 2013 Jamie Nguyen - 1.4.3-1 - update to upstream release 1.4.3 * Fri Aug 09 2013 Jonathan Steffan - 1.4.2-3 - Add in conditionals to build for non-systemd targets * Sat Aug 03 2013 Petr Pisar - 1.4.2-2 - Perl 5.18 rebuild * Fri Jul 19 2013 Jamie Nguyen - 1.4.2-1 - update to upstream release 1.4.2 * Wed Jul 17 2013 Petr Pisar - 1.4.1-3 - Perl 5.18 rebuild * Tue Jun 11 2013 Remi Collet - 1.4.1-2 - rebuild for new GD 2.1.0 * Tue May 07 2013 Jamie Nguyen - 1.4.1-1 - update to upstream release 1.4.1 (#960605, #960606): CVE-2013-2028 stack-based buffer overflow when handling certain chunked transfer encoding requests * Sun Apr 28 2013 Dan Horák - 1.4.0-2 - gperftools exist only on selected arches * Fri Apr 26 2013 Jamie Nguyen - 1.4.0-1 - update to upstream release 1.4.0 - enable SPDY module (new in this version) - enable http gunzip module (new in this version) - enable google perftools module and add gperftools-devel to BR - enable debugging (#956845) - trim changelog * Tue Apr 02 2013 Jamie Nguyen - 1.2.8-1 - update to upstream release 1.2.8 * Fri Feb 22 2013 Jamie Nguyen - 1.2.7-2 - make sure nginx directories are not world readable (#913724, #913735) * Sat Feb 16 2013 Jamie Nguyen - 1.2.7-1 - update to upstream release 1.2.7 - add .asc file * Tue Feb 05 2013 Jamie Nguyen - 1.2.6-6 - use 'kill' instead of 'systemctl' when rotating log files to workaround SELinux issue (#889151) * Wed Jan 23 2013 Jamie Nguyen - 1.2.6-5 - uncomment "include /etc/nginx/conf.d/*.conf by default but leave the conf.d directory empty (#903065) * Wed Jan 23 2013 Jamie Nguyen - 1.2.6-4 - add comment in nginx.conf regarding "include /etc/nginf/conf.d/*.conf" (#903065) * Wed Dec 19 2012 Jamie Nguyen - 1.2.6-3 - use correct file ownership when rotating log files * Tue Dec 18 2012 Jamie Nguyen - 1.2.6-2 - send correct kill signal and use correct file permissions when rotating log files (#888225) - send correct kill signal in nginx-upgrade * Tue Dec 11 2012 Jamie Nguyen - 1.2.6-1 - update to upstream release 1.2.6 * Sat Nov 17 2012 Jamie Nguyen - 1.2.5-1 - update to upstream release 1.2.5 * Sun Oct 28 2012 Jamie Nguyen - 1.2.4-1 - update to upstream release 1.2.4 - introduce new systemd-rpm macros (#850228) - link to official documentation not the community wiki (#870733) - do not run systemctl try-restart after package upgrade to allow the administrator to run nginx-upgrade and avoid downtime - add nginx man page (#870738) - add nginx-upgrade man page and remove README.fedora - remove chkconfig from Requires(post/preun) - remove initscripts from Requires(preun/postun) - remove separate configuration files in "/etc/nginx/conf.d" directory and revert to upstream default of a centralized nginx.conf file (#803635) (#842738) * Fri Sep 21 2012 Jamie Nguyen - 1.2.3-1 - update to upstream release 1.2.3 * Fri Jul 20 2012 Fedora Release Engineering - 1.2.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Thu Jun 28 2012 Petr Pisar - 1.2.1-2 - Perl 5.16 rebuild * Sun Jun 10 2012 Jamie Nguyen - 1.2.1-1 - update to upstream release 1.2.1 * Fri Jun 08 2012 Petr Pisar - 1.2.0-2 - Perl 5.16 rebuild * Wed May 16 2012 Jamie Nguyen - 1.2.0-1 - update to upstream release 1.2.0 * Wed May 16 2012 Jamie Nguyen - 1.0.15-4 - add nginx-upgrade to replace functionality from the nginx initscript that was lost after migration to systemd - add README.fedora to describe usage of nginx-upgrade - nginx.logrotate: use built-in systemd kill command in postrotate script - nginx.service: start after syslog.target and network.target - nginx.service: remove unnecessary references to config file location - nginx.service: use /bin/kill instead of "/usr/sbin/nginx -s" following advice from nginx-devel - nginx.service: use private /tmp * Mon May 14 2012 Jamie Nguyen - 1.0.15-3 - fix incorrect postrotate script in nginx.logrotate * Thu Apr 19 2012 Jamie Nguyen - 1.0.15-2 - renable auto-cc-gcc patch due to warnings on rawhide * Sat Apr 14 2012 Jamie Nguyen - 1.0.15-1 - update to upstream release 1.0.15 - no need to apply auto-cc-gcc patch - add %%global _hardened_build 1 * Thu Mar 15 2012 Jamie Nguyen - 1.0.14-1 - update to upstream release 1.0.14 - amend some %%changelog formatting * Tue Mar 06 2012 Jamie Nguyen - 1.0.13-1 - update to upstream release 1.0.13 - amend --pid-path and --log-path * Sun Mar 04 2012 Jamie Nguyen - 1.0.12-5 - change pid path in nginx.conf to match systemd service file * Sun Mar 04 2012 Jamie Nguyen - 1.0.12-3 - fix %%pre scriptlet * Mon Feb 20 2012 Jamie Nguyen - 1.0.12-2 - update upstream URL - replace %%define with %%global - remove obsolete BuildRoot tag, %%clean section and %%defattr - remove various unnecessary commands - add systemd service file and update scriptlets - add Epoch to accommodate %%triggerun as part of systemd migration * Sun Feb 19 2012 Jeremy Hinegardner - 1.0.12-1 - Update to 1.0.12 * Thu Nov 17 2011 Keiran "Affix" Smith - 1.0.10-1 - Bugfix: a segmentation fault might occur in a worker process if resolver got a big DNS response. Thanks to Ben Hawkes. - Bugfix: in cache key calculation if internal MD5 implementation wasused; the bug had appeared in 1.0.4. - Bugfix: the module ngx_http_mp4_module sent incorrect "Content-Length" response header line if the "start" argument was used. Thanks to Piotr Sikora. * Thu Oct 27 2011 Keiran "Affix" Smith - 1.0.8-1 - Update to new 1.0.8 stable release * Fri Aug 26 2011 Keiran "Affix" Smith - 1.0.5-1 - Update nginx to Latest Stable Release * Fri Jun 17 2011 Marcela Mašláňová - 1.0.0-3 - Perl mass rebuild * Thu Jun 09 2011 Marcela Mašláňová - 1.0.0-2 - Perl 5.14 mass rebuild * Wed Apr 27 2011 Jeremy Hinegardner - 1.0.0-1 - Update to 1.0.0 * Tue Feb 08 2011 Fedora Release Engineering - 0.8.53-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Sun Dec 12 2010 Jeremy Hinegardner - 0.8.53.5 - Extract out default config into its own file (bug #635776) * Sun Dec 12 2010 Jeremy Hinegardner - 0.8.53-4 - Revert ownership of log dir * Sun Dec 12 2010 Jeremy Hinegardner - 0.8.53-3 - Change ownership of /var/log/nginx to be 0700 nginx:nginx - update init script to use killproc -p - add reopen_logs command to init script - update init script to use nginx -q option * Sun Oct 31 2010 Jeremy Hinegardner - 0.8.53-2 - Fix linking of perl module * Sun Oct 31 2010 Jeremy Hinegardner - 0.8.53-1 - Update to new stable 0.8.53 * Sat Jul 31 2010 Jeremy Hinegardner - 0.7.67-2 - add Provides: webserver (bug #619693) * Sun Jun 20 2010 Jeremy Hinegardner - 0.7.67-1 - Update to new stable 0.7.67 - fix bugzilla #591543 * Tue Jun 01 2010 Marcela Maslanova - 0.7.65-2 - Mass rebuild with perl-5.12.0 * Mon Feb 15 2010 Jeremy Hinegardner - 0.7.65-1 - Update to new stable 0.7.65 - change ownership of logdir to root:root - add support for ipv6 (bug #561248) - add random_index_module - add secure_link_module * Fri Dec 04 2009 Jeremy Hinegardner - 0.7.64-1 - Update to new stable 0.7.64