ghostfox/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push sheeet
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Details
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Details
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Details
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Details
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Details
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
Details

Browse Source
This commit is contained in:
Dark Steveneq
2025-10-09 14:15:47 +02:00
commit 646b892680
49168 changed files with 5897842 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
pkgs/servers/http/angie/console-light.nix Normal file
View File

@@ -0,0 +1,51 @@
{
lib,
stdenv,
fetchurl,
brotli,
}:
stdenv.mkDerivation rec {
version = "1.8.1";
pname = "angie-console-light";
src = fetchurl {
url = "https://download.angie.software/files/${pname}/${pname}-${version}.tar.gz";
hash = "sha256-yKKwkvLsBFVNc0Uv9iDMhhinuXAukJI9k9ZG5Amhgfs=";
};
outputs = [
"out"
"doc"
];
nativeBuildInputs = [ brotli ];
dontConfigure = true;
dontBuild = true;
installPhase = ''
runHook preInstall
mkdir -p $out/share/angie-console-light
mv ./html $out/share/angie-console-light
mkdir -p $doc/share/doc/angie-console-light
mv ./LICENSE $doc/share/doc/angie-console-light
# Create static gzip and brotli files
find -L $out -type f -regextype posix-extended -iregex '.*\.(html|js|txt)' \
-exec gzip --best --keep --force {} ';' \
-exec brotli --best --keep --no-copy-stat {} ';'
runHook postInstall
'';
meta = {
description = "Console Light is a lightweight, real-time activity monitoring interface";
homepage = "https://angie.software/en/console/";
license = lib.licenses.asl20;
platforms = lib.platforms.all;
maintainers = with lib.maintainers; [ izorkin ];
};
}

52
pkgs/servers/http/angie/default.nix Normal file
View File

@@ -0,0 +1,52 @@
{
callPackage,
lib,
fetchurl,
nixosTests,
withAcme ? false,
withQuic ? false,
...
}@args:
callPackage ../nginx/generic.nix args rec {
version = "1.10.2";
pname = if withQuic then "angieQuic" else "angie";
src = fetchurl {
url = "https://download.angie.software/files/angie-${version}.tar.gz";
hash = "sha256-pcKrk33ySoDnhq9WOJIvRuqKc9FhQYPIyQKYrocwlLg=";
};
configureFlags =
lib.optionals withAcme [
"--with-http_acme_module"
"--http-acme-client-path=/var/lib/nginx/acme"
]
++ lib.optionals withQuic [
"--with-http_v3_module"
];
preInstall = ''
if [[ -e man/angie.8 ]]; then
installManPage man/angie.8
fi
'';
postInstall = ''
ln -s $out/bin/nginx $out/bin/angie
'';
passthru.tests = {
angie = nixosTests.nginx-variants.angie;
angie-api = nixosTests.angie-api;
angie-http3 = nixosTests.nginx-http3.angieQuic;
};
meta = {
description = "Angie is an efficient, powerful, and scalable web server that was forked from nginx";
homepage = "https://angie.software/en/";
license = lib.licenses.bsd2;
platforms = lib.platforms.all;
maintainers = with lib.maintainers; [ izorkin ];
};
}

167
pkgs/servers/http/apache-httpd/2.4.nix Normal file
View File

@@ -0,0 +1,167 @@
{
lib,
stdenv,
fetchurl,
fetchpatch2,
perl,
zlib,
apr,
aprutil,
pcre2,
libiconv,
lynx,
which,
libxcrypt,
buildPackages,
pkgsCross,
runCommand,
nixosTests,
proxySupport ? true,
sslSupport ? true,
openssl,
http2Support ? true,
nghttp2,
ldapSupport ? true,
openldap,
libxml2Support ? true,
libxml2,
brotliSupport ? true,
brotli,
luaSupport ? false,
lua5,
}:
stdenv.mkDerivation rec {
pname = "apache-httpd";
version = "2.4.65";
src = fetchurl {
url = "mirror://apache/httpd/httpd-${version}.tar.bz2";
hash = "sha256-WLi+l9mUDsF/dlbAxrn0G2GKrEaLiUtTQUjjKWxTuLM=";
};
patches = [
# Fix cross-compilation by using CC_FOR_BUILD for generator program
# https://issues.apache.org/bugzilla/show_bug.cgi?id=51257#c6
(fetchpatch2 {
name = "apache-httpd-cross-compile.patch";
url = "https://gitlab.com/buildroot.org/buildroot/-/raw/5dae8cddeecf16c791f3c138542ec51c4e627d75/package/apache/0001-cross-compile.patch";
hash = "sha256-KGnAa6euOt6dkZQwURyVITcfqTkDkSR8zpE97DywUUw=";
})
];
# FIXME: -dev depends on -doc
outputs = [
"out"
"dev"
"man"
"doc"
];
setOutputFlags = false; # it would move $out/modules, etc.
depsBuildBuild = [ buildPackages.stdenv.cc ];
nativeBuildInputs = [
perl
which
];
buildInputs = [
perl
libxcrypt
zlib
]
++ lib.optional brotliSupport brotli
++ lib.optional sslSupport openssl
++ lib.optional ldapSupport openldap
# there is no --with-ldap flag
++ lib.optional libxml2Support libxml2
++ lib.optional http2Support nghttp2
++ lib.optional stdenv.hostPlatform.isDarwin libiconv;
postPatch = ''
sed -i config.layout -e "s|installbuilddir:.*|installbuilddir: $dev/share/build|"
sed -i configure -e 's|perlbin=.*|perlbin="/usr/bin/env perl"|'
sed -i support/apachectl.in -e 's|@LYNX_PATH@|${lynx}/bin/lynx|'
'';
# Required for pthread_cancel.
NIX_LDFLAGS = lib.optionalString (!stdenv.hostPlatform.isDarwin) "-lgcc_s";
configureFlags = [
"--with-apr=${apr.dev}"
"--with-apr-util=${aprutil.dev}"
"--with-z=${zlib.dev}"
"--with-pcre=${pcre2.dev}/bin/pcre2-config"
"--disable-maintainer-mode"
"--disable-debugger-mode"
"--enable-mods-shared=all"
"--enable-mpms-shared=all"
"--enable-cern-meta"
"--enable-imagemap"
"--enable-cgi"
"--includedir=${placeholder "dev"}/include"
(lib.enableFeature proxySupport "proxy")
(lib.enableFeature sslSupport "ssl")
(lib.withFeatureAs libxml2Support "libxml2" "${libxml2.dev}/include/libxml2")
"--docdir=$(doc)/share/doc"
(lib.enableFeature brotliSupport "brotli")
(lib.withFeatureAs brotliSupport "brotli" brotli)
(lib.enableFeature http2Support "http2")
(lib.withFeature http2Support "nghttp2")
(lib.enableFeature luaSupport "lua")
(lib.withFeatureAs luaSupport "lua" lua5)
]
++ lib.optionals (!stdenv.buildPlatform.canExecute stdenv.hostPlatform) [
# skip bad config check when cross compiling
# https://gitlab.com/buildroot.org/buildroot/-/blob/5dae8cddeecf16c791f3c138542ec51c4e627d75/package/apache/apache.mk#L23
"ap_cv_void_ptr_lt_long=no"
];
enableParallelBuilding = true;
stripDebugList = [
"lib"
"modules"
"bin"
];
postInstall = ''
mkdir -p $doc/share/doc/httpd
mv $out/manual $doc/share/doc/httpd
mkdir -p $dev/bin
mv $out/bin/apxs $dev/bin/apxs
'';
passthru = {
inherit
apr
aprutil
sslSupport
proxySupport
ldapSupport
luaSupport
lua5
;
tests = {
acme-integration = nixosTests.acme.httpd;
proxy = nixosTests.proxy;
php = nixosTests.php.httpd;
cross = runCommand "apacheHttpd-test-cross" { } ''
${pkgsCross.aarch64-multiplatform.apacheHttpd.dev}/bin/apxs -q -n INCLUDE | grep CC=aarch64-unknown-linux-gnu-gcc > $out
head -n1 ${pkgsCross.aarch64-multiplatform.apacheHttpd}/bin/dbmmanage | grep '^#!${pkgsCross.aarch64-multiplatform.perl}/bin/perl$' >> $out
'';
};
};
meta = with lib; {
description = "Apache HTTPD, the world's most popular web server";
homepage = "https://httpd.apache.org/";
license = licenses.asl20;
platforms = platforms.linux ++ platforms.darwin;
maintainers = with maintainers; [ lovek323 ];
};
}

71
pkgs/servers/http/apache-modules/mod_auth_mellon/default.nix Normal file
View File

@@ -0,0 +1,71 @@
{
lib,
stdenv,
apacheHttpd,
autoconf,
automake,
autoreconfHook,
curl,
fetchFromGitHub,
glib,
lasso,
libtool,
libxml2,
libxslt,
openssl,
pkg-config,
xmlsec,
}:
stdenv.mkDerivation rec {
pname = "mod_auth_mellon";
version = "0.19.1";
src = fetchFromGitHub {
owner = "latchset";
repo = "mod_auth_mellon";
rev = "v${version}";
sha256 = "sha256-VcR+HZ5S7fLrGqT1SHCQLQw6v516G0x+wf8Wb5Sy4Gk=";
};
nativeBuildInputs = [
autoreconfHook
pkg-config
autoconf
automake
];
buildInputs = [
apacheHttpd
curl
glib
lasso
libtool
libxml2
libxslt
openssl
xmlsec
];
configureFlags = [
"--with-apxs2=${apacheHttpd.dev}/bin/apxs"
"--exec-prefix=$out"
];
installPhase = ''
mkdir -p $out/bin
cp ./mellon_create_metadata.sh $out/bin
mkdir -p $out/modules
cp ./.libs/mod_auth_mellon.so $out/modules
'';
meta = with lib; {
homepage = "https://github.com/latchset/mod_auth_mellon";
description = "Apache module with a simple SAML 2.0 service provider";
mainProgram = "mellon_create_metadata.sh";
license = licenses.gpl2Plus;
platforms = platforms.linux;
maintainers = with maintainers; [ womfoo ];
};
}

55
pkgs/servers/http/apache-modules/mod_ca/default.nix Normal file
View File

@@ -0,0 +1,55 @@
{
apacheHttpd,
apr,
aprutil,
directoryListingUpdater,
fetchurl,
lib,
openldap,
openssl,
pkg-config,
stdenv,
}:
stdenv.mkDerivation rec {
pname = "mod_ca";
version = "0.2.3";
src = fetchurl {
url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz";
hash = "sha256-HGnhypOO0WOgRw9i9oqO4da131zAwBXOdrc9dypFjyk=";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [
apacheHttpd
apr
aprutil
openldap
openssl
];
# Note that configureFlags and installFlags are inherited by
# the various submodules.
#
configureFlags = [ "--with-apxs=${apacheHttpd.dev}/bin/apxs" ];
installFlags = [
"INCLUDEDIR=${placeholder "out"}/include"
"LIBEXECDIR=${placeholder "out"}/modules"
];
passthru.updateScript = directoryListingUpdater {
url = "https://redwax.eu/dist/rs/";
};
meta = with lib; {
description = "RedWax CA service module";
homepage = "https://redwax.eu";
changelog = "https://source.redwax.eu/projects/RS/repos/mod_ca/browse/ChangeLog";
license = licenses.asl20;
platforms = platforms.unix;
maintainers = with maintainers; [ dirkx ];
};
}

43
pkgs/servers/http/apache-modules/mod_crl/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{
apr,
aprutil,
directoryListingUpdater,
fetchurl,
lib,
mod_ca,
pkg-config,
stdenv,
}:
stdenv.mkDerivation rec {
pname = "mod_crl";
version = "0.2.4";
src = fetchurl {
url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz";
hash = "sha256-w8YIhed9J1uo5uwhfOVe5LhNLUvFZCgUO4FrHm344Rg=";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [
apr
aprutil
mod_ca
];
inherit (mod_ca) configureFlags installFlags;
passthru.updateScript = directoryListingUpdater {
url = "https://redwax.eu/dist/rs/";
};
meta = with lib; {
description = "RedWax module for Certificate Revocation Lists";
homepage = "https://redwax.eu";
changelog = "https://source.redwax.eu/projects/RS/repos/mod_crl/browse/ChangeLog";
license = licenses.asl20;
platforms = platforms.unix;
maintainers = with maintainers; [ dirkx ];
};
}

39
pkgs/servers/http/apache-modules/mod_cspnonce/default.nix Normal file
View File

@@ -0,0 +1,39 @@
{
stdenv,
lib,
fetchFromGitHub,
apacheHttpd,
}:
stdenv.mkDerivation rec {
pname = "mod_cspnonce";
version = "1.4";
src = fetchFromGitHub {
owner = "wyattoday";
repo = "mod_cspnonce";
rev = version;
hash = "sha256-uUWRKUjS2LvHgT5xrK+LZLQRHc6wMaxGca2OsVxVlRs=";
};
buildInputs = [ apacheHttpd ];
buildPhase = ''
apxs -ca mod_cspnonce.c
'';
installPhase = ''
runHook preInstall
mkdir -p $out/modules
cp .libs/mod_cspnonce.so $out/modules
runHook postInstall
'';
meta = with lib; {
description = "Apache2 module that makes it dead simple to add nonce values to the CSP";
homepage = "https://github.com/wyattoday/mod_cspnonce";
license = licenses.asl20;
platforms = platforms.unix;
maintainers = with maintainers; [ dasj19 ];
};
}

43
pkgs/servers/http/apache-modules/mod_csr/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{
apr,
aprutil,
directoryListingUpdater,
fetchurl,
lib,
mod_ca,
pkg-config,
stdenv,
}:
stdenv.mkDerivation rec {
pname = "mod_csr";
version = "0.2.4";
src = fetchurl {
url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz";
hash = "sha256-JVd5N5UnAxDwq6AavEHA0HsY2TRa+9RmLLJeRZbj+4Q=";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [
apr
aprutil
mod_ca
];
inherit (mod_ca) configureFlags installFlags;
passthru.updateScript = directoryListingUpdater {
url = "https://redwax.eu/dist/rs/";
};
meta = with lib; {
description = "RedWax CA service module to handle Certificate Signing Requests";
homepage = "https://redwax.eu";
changelog = "https://source.redwax.eu/projects/RS/repos/mod_csr/browse/ChangeLog";
license = licenses.asl20;
platforms = platforms.unix;
maintainers = with maintainers; [ dirkx ];
};
}

62
pkgs/servers/http/apache-modules/mod_dnssd/default.nix Normal file
View File

@@ -0,0 +1,62 @@
{
lib,
stdenv,
fetchurl,
fetchpatch,
pkg-config,
apacheHttpd,
apr,
avahi,
}:
stdenv.mkDerivation rec {
pname = "mod_dnssd";
version = "0.6";
src = fetchurl {
url = "http://0pointer.de/lennart/projects/mod_dnssd/${pname}-${version}.tar.gz";
sha256 = "2cd171d76eba398f03c1d5bcc468a1756f4801cd8ed5bd065086e4374997c5aa";
};
configureFlags = [
"--disable-lynx"
"--with-apxs=${lib.getDev apacheHttpd}/bin"
];
nativeBuildInputs = [ pkg-config ];
buildInputs = [
apacheHttpd
avahi
apr
];
patches = [
(fetchpatch {
url = "https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/vivid/mod-dnssd/vivid/download/10/debian/patches/port-for-apache2.4.patch";
sha256 = "1hgcxwy1q8fsxfqyg95w8m45zbvxzskf1jxd87ljj57l7x1wwp4r";
})
];
installPhase = ''
runHook preInstall
mkdir -p $out/modules
cp src/.libs/mod_dnssd.so $out/modules
runHook postInstall
'';
preFixup = ''
# TODO: Packages in non-standard directories not stripped.
# https://github.com/NixOS/nixpkgs/issues/141554
stripDebugList=modules
'';
meta = with lib; {
homepage = "https://0pointer.de/lennart/projects/mod_dnssd";
description = "Provide Zeroconf support via DNS-SD using Avahi";
license = licenses.asl20;
platforms = platforms.linux;
maintainers = [ ];
};
}

43
pkgs/servers/http/apache-modules/mod_fastcgi/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{
lib,
stdenv,
fetchFromGitHub,
apacheHttpd,
}:
stdenv.mkDerivation rec {
pname = "mod_fastcgi";
version = "2.4.7.1";
src = fetchFromGitHub {
owner = "FastCGI-Archives";
repo = "mod_fastcgi";
rev = version;
hash = "sha256-ovir59kCjKkgbraX23nsmzlMzGdeNTyj3MQd8cgvLsg=";
};
buildInputs = [ apacheHttpd ];
preBuild = ''
cp Makefile.AP2 Makefile
makeFlags="top_dir=${apacheHttpd.dev}/share prefix=$out"
'';
meta = {
homepage = "https://github.com/FastCGI-Archives/mod_fastcgi";
description = "Provide support for the FastCGI protocol";
longDescription = ''
mod_fastcgi is a module for the Apache web server that enables
FastCGI - a standards based protocol for communicating with
applications that generate dynamic content for web pages. FastCGI
provides a superset of CGI functionality, but a subset of the
functionality of programming for a particular web server API.
Nonetheless, the feature set is rich enough for programming
virtually any type of web application, but the result is generally
more scalable.
'';
platforms = lib.platforms.linux;
};
}

45
pkgs/servers/http/apache-modules/mod_itk/default.nix Normal file
View File

@@ -0,0 +1,45 @@
{
lib,
stdenv,
fetchurl,
pkg-config,
mod_ca,
apr,
aprutil,
apacheHttpd,
}:
stdenv.mkDerivation rec {
pname = "mod_itk";
version = "2.4.7-04";
src = fetchurl {
url = "http://mpm-itk.sesse.net/mpm-itk-${version}.tar.gz";
sha256 = "sha256:1kzgd1332pgpxf489kr0vdwsaik0y8wp3q282d4wa5jlk7l877v0";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [
mod_ca
apr
aprutil
apacheHttpd
];
installPhase = ''
runHook preInstall
mkdir -p $out/modules
${apacheHttpd.dev}/bin/apxs -S LIBEXECDIR=$out/modules -i mpm_itk.la
runHook postInstall
'';
meta = with lib; {
description = "MPM (Multi-Processing Module) for the Apache web server";
maintainers = [ maintainers.zupo ];
homepage = "http://mpm-itk.sesse.net/";
license = licenses.asl20;
platforms = platforms.unix;
};
}

52
pkgs/servers/http/apache-modules/mod_jk/default.nix Normal file
View File

@@ -0,0 +1,52 @@
{
lib,
stdenv,
apacheHttpd,
autoreconfHook,
fetchFromGitHub,
jdk,
}:
stdenv.mkDerivation rec {
pname = "mod_jk";
version = "1.2.50";
src = fetchFromGitHub {
owner = "apache";
repo = "tomcat-connectors";
tag = "JK_${lib.replaceStrings [ "." ] [ "_" ] version}";
hash = "sha256-hlwlx7Sb4oeZIzHQYOC3e9xEZK9u6ZG8Q2U/XdKMe3U=";
};
sourceRoot = "${src.name}/native";
nativeBuildInputs = [ autoreconfHook ];
buildInputs = [
apacheHttpd
jdk
];
configureFlags = [
"--with-apxs=${apacheHttpd.dev}/bin/apxs"
"--with-java-home=${jdk}"
];
installPhase = ''
runHook preInstall
mkdir -p $out/modules
cp apache-2.0/mod_jk.so $out/modules
runHook postInstall
'';
meta = {
description = "Provides web server plugins to connect web servers with Tomcat";
homepage = "https://tomcat.apache.org/download-connectors.cgi";
changelog = "https://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [ anthonyroussel ];
platforms = lib.platforms.unix;
};
}

42
pkgs/servers/http/apache-modules/mod_mbtiles/default.nix Normal file
View File

@@ -0,0 +1,42 @@
{
lib,
stdenv,
fetchFromGitHub,
apacheHttpd,
sqlite,
}:
stdenv.mkDerivation rec {
pname = "mod_mbtiles";
version = "unstable-2022-05-25";
src = fetchFromGitHub {
owner = "systemed";
repo = pname;
rev = "f9d12a9581820630dd923c3c90aa8dcdcf65cb87";
sha256 = "sha256-wOoLSNLgh0YXHUFn7WfUkQXpyWsgCrVZlMg55rvi9q4=";
};
buildInputs = [
apacheHttpd
sqlite
];
buildPhase = ''
apxs -lsqlite3 -ca mod_mbtiles.c
'';
installPhase = ''
runHook preInstall
install -D .libs/mod_mbtiles.so -t $out/modules
runHook postInstall
'';
meta = with lib; {
homepage = "https://github.com/systemed/mod_mbtiles";
description = "Serve tiles with Apache directly from an .mbtiles file";
license = licenses.free;
maintainers = with maintainers; [ sikmir ];
platforms = platforms.unix;
};
}

43
pkgs/servers/http/apache-modules/mod_ocsp/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{
apr,
aprutil,
directoryListingUpdater,
fetchurl,
lib,
mod_ca,
pkg-config,
stdenv,
}:
stdenv.mkDerivation rec {
pname = "mod_ocsp";
version = "0.2.3";
src = fetchurl {
url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz";
hash = "sha256-G+m/KdJCCTlSMeJzUnCRJkBEQ8cOQ+rJhA3NPrwh1Us=";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [
apr
aprutil
mod_ca
];
inherit (mod_ca) configureFlags installFlags;
passthru.updateScript = directoryListingUpdater {
url = "https://redwax.eu/dist/rs/";
};
meta = with lib; {
description = "RedWax CA service modules of OCSP Online Certificate Validation";
homepage = "https://redwax.eu";
changelog = "https://source.redwax.eu/projects/RS/repos/mod_csr/browse/ChangeLog";
license = licenses.asl20;
platforms = platforms.unix;
maintainers = with maintainers; [ dirkx ];
};
}

58
pkgs/servers/http/apache-modules/mod_perl/default.nix Normal file
View File

@@ -0,0 +1,58 @@
{
apacheHttpd,
directoryListingUpdater,
fetchurl,
lib,
nixosTests,
perl,
stdenv,
}:
stdenv.mkDerivation rec {
pname = "mod_perl";
version = "2.0.13";
src = fetchurl {
url = "mirror://apache/perl/${pname}-${version}.tar.gz";
sha256 = "sha256-reO+McRHuESIaf7N/KziWNbVh7jGx3PF8ic19w2C1to=";
};
buildInputs = [
apacheHttpd
perl
];
buildPhase = ''
perl Makefile.PL \
MP_APXS=${apacheHttpd.dev}/bin/apxs
make
'';
installPhase = ''
mkdir -p $out
make install DESTDIR=$out
mv $out${apacheHttpd}/* $out
mv $out${apacheHttpd.dev}/* $out
mv $out${perl}/* $out
rm $out/nix -rf
'';
passthru = {
updateScript = directoryListingUpdater {
url = "https://archive.apache.org/dist/perl/";
};
tests = nixosTests.mod_perl;
};
__darwinAllowLocalNetworking = true;
meta = with lib; {
description = "Integration of perl with the Apache2 web server";
homepage = "https://perl.apache.org/download/index.html";
changelog = "https://github.com/apache/mod_perl/blob/trunk/Changes";
license = licenses.asl20;
mainProgram = "mp2bug";
maintainers = [ ];
platforms = platforms.unix;
};
}

43
pkgs/servers/http/apache-modules/mod_pkcs12/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{
apr,
aprutil,
directoryListingUpdater,
fetchurl,
lib,
mod_ca,
pkg-config,
stdenv,
}:
stdenv.mkDerivation rec {
pname = "mod_pkcs12";
version = "0.2.3";
src = fetchurl {
url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz";
hash = "sha256-k7BZ5d0WigyTmoUyFds7UCJ/tFBiUxd5pS4cVxmAI1g=";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [
apr
aprutil
mod_ca
];
inherit (mod_ca) configureFlags installFlags;
passthru.updateScript = directoryListingUpdater {
url = "https://redwax.eu/dist/rs/";
};
meta = with lib; {
description = "RedWax CA service modules for PKCS#12 format files";
homepage = "https://redwax.eu";
changelog = "https://source.redwax.eu/projects/RS/repos/mod_pkcs12/browse/ChangeLog";
license = licenses.asl20;
platforms = platforms.unix;
maintainers = with maintainers; [ dirkx ];
};
}

62
pkgs/servers/http/apache-modules/mod_python/default.nix Normal file
View File

@@ -0,0 +1,62 @@
{
apacheHttpd,
ensureNewerSourcesForZipFilesHook,
fetchFromGitHub,
lib,
libintl,
nix-update-script,
python3,
stdenv,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "mod_python";
version = "3.5.0.4";
src = fetchFromGitHub {
owner = "grisha";
repo = "mod_python";
tag = finalAttrs.version;
hash = "sha256-bZ0w61+0If70KD3UW24JllY6vD0vQX2C7FssYG1YLPI=";
};
patches = [ ./install.patch ];
installFlags = [
"LIBEXECDIR=$(out)/modules"
"BINDIR=$(out)/bin"
];
nativeBuildInputs = [
ensureNewerSourcesForZipFilesHook
];
buildInputs = [
apacheHttpd
(python3.withPackages (
ps: with ps; [
distutils
packaging
setuptools
]
))
]
++ lib.optionals stdenv.hostPlatform.isDarwin [
libintl
];
passthru = {
inherit apacheHttpd;
updateScript = nix-update-script { };
};
meta = {
homepage = "https://modpython.org/";
changelog = "https://github.com/grisha/mod_python/blob/master/NEWS";
description = "Apache module that embeds the Python interpreter within the server";
mainProgram = "mod_python";
platforms = lib.platforms.unix;
maintainers = [ ];
broken = stdenv.hostPlatform.isDarwin;
};
})

12
pkgs/servers/http/apache-modules/mod_python/install.patch Normal file
View File

@@ -0,0 +1,12 @@
diff -ru -x '*~' mod_python-3.5.0-orig/dist/Makefile.in mod_python-3.5.0/dist/Makefile.in
--- mod_python-3.5.0-orig/dist/Makefile.in 2013-11-12 04:21:34.000000000 +0100
+++ mod_python-3.5.0/dist/Makefile.in 2014-11-07 11:28:24.466377733 +0100
@@ -34,7 +34,7 @@
install_py_lib: mod_python src
@cd src; $(MAKE) psp_parser.c
if test -z "$(DESTDIR)" ; then \
- $(PYTHON_BIN) setup.py install --optimize 2 --force ; \
+ $(PYTHON_BIN) setup.py install --optimize 2 --force --prefix $(out) ; \
else \
$(PYTHON_BIN) setup.py install --optimize 2 --force --root $(DESTDIR) ; \
fi

43
pkgs/servers/http/apache-modules/mod_scep/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{
apr,
aprutil,
directoryListingUpdater,
fetchurl,
lib,
mod_ca,
pkg-config,
stdenv,
}:
stdenv.mkDerivation rec {
pname = "mod_scep";
version = "0.2.4";
src = fetchurl {
url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz";
hash = "sha256-HFPQ1A3ULtT2MduIQZS1drdQvCdZqJqKpOsJLEw67sI=";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [
apr
aprutil
mod_ca
];
inherit (mod_ca) configureFlags installFlags;
passthru.updateScript = directoryListingUpdater {
url = "https://redwax.eu/dist/rs/";
};
meta = with lib; {
description = "RedWax CA service modules for SCEP (Automatic ceritifcate issue/renewal)";
homepage = "https://redwax.eu";
changelog = "https://source.redwax.eu/projects/RS/repos/mod_scep/browse/ChangeLog";
license = licenses.asl20;
platforms = platforms.unix;
maintainers = with maintainers; [ dirkx ];
};
}

43
pkgs/servers/http/apache-modules/mod_spkac/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{
apr,
aprutil,
directoryListingUpdater,
fetchurl,
lib,
mod_ca,
pkg-config,
stdenv,
}:
stdenv.mkDerivation rec {
pname = "mod_spkac";
version = "0.2.3";
src = fetchurl {
url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz";
hash = "sha256-J1pGz+/AD0IPwRPBA+wt9PgV9qnZEHX66VCBGqhf0b8=";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [
apr
aprutil
mod_ca
];
inherit (mod_ca) configureFlags installFlags;
passthru.updateScript = directoryListingUpdater {
url = "https://redwax.eu/dist/rs/";
};
meta = with lib; {
description = "RedWax CA service module for handling the Netscape keygen requests";
homepage = "https://redwax.eu";
changelog = "https://source.redwax.eu/projects/RS/repos/mod_spkac/browse/ChangeLog";
license = licenses.asl20;
platforms = platforms.unix;
maintainers = with maintainers; [ dirkx ];
};
}

80
pkgs/servers/http/apache-modules/mod_tile/default.nix Normal file
View File

@@ -0,0 +1,80 @@
{
fetchFromGitHub,
lib,
stdenv,
cmake,
pkg-config,
apacheHttpd,
apr,
aprutil,
boost,
cairo,
curl,
glib,
harfbuzz,
icu,
iniparser,
libmemcached,
mapnik,
nix-update-script,
}:
stdenv.mkDerivation rec {
pname = "mod_tile";
version = "0.7.2";
src = fetchFromGitHub {
owner = "openstreetmap";
repo = "mod_tile";
tag = "v${version}";
hash = "sha256-JC275LKsCeEo5DcIX0X7kcLoijQJqfJvBvw8xi2gwpk=";
};
nativeBuildInputs = [
cmake
pkg-config
];
buildInputs = [
apacheHttpd
apr
aprutil
boost
cairo
curl
glib
harfbuzz
icu
iniparser
libmemcached
mapnik
];
enableParallelBuilding = true;
# Explicitly specify directory paths
cmakeFlags = [
(lib.cmakeFeature "CMAKE_INSTALL_BINDIR" "bin")
(lib.cmakeFeature "CMAKE_INSTALL_MANDIR" "share/man")
(lib.cmakeFeature "CMAKE_INSTALL_MODULESDIR" "modules")
(lib.cmakeFeature "CMAKE_INSTALL_PREFIX" "")
(lib.cmakeBool "ENABLE_TESTS" doCheck)
];
# And use DESTDIR to define the install destination
installFlags = [ "DESTDIR=$(out)" ];
doCheck = true;
# Do not run tests in parallel
enableParallelChecking = false;
passthru.updateScript = nix-update-script { };
meta = with lib; {
homepage = "https://github.com/openstreetmap/mod_tile";
description = "Efficiently render and serve OpenStreetMap tiles using Apache and Mapnik";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ jglukasik ];
platforms = platforms.linux;
};
}

41
pkgs/servers/http/apache-modules/mod_timestamp/0001-DEFINE_STACK_OF-EVP_MD-seems-to-have-gone-recreate-i.patch Normal file
View File

@@ -0,0 +1,41 @@
From 5f9d4458f05c5d9f4b416de867fd9327aba865d5 Mon Sep 17 00:00:00 2001
From: Dirk-Willem van Gulik <dirkx@redwax.eu>
Date: Fri, 21 Jan 2022 21:53:49 +0100
Subject: [PATCH] DEFINE_STACK_OF(EVP_MD) seems to have gone; recreate it. And
quell a warning.
---
mod_timestamp.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/mod_timestamp.c b/mod_timestamp.c
index 289d50a..54af7c8 100644
--- a/mod_timestamp.c
+++ b/mod_timestamp.c
@@ -41,6 +41,14 @@
#include "mod_ca.h"
+#ifndef sk_EVP_MD_free
+/* Recent versions of OpenSSL seem to no longer define
+ * a stack of EVP_MD's.
+ */
+#include <openssl/safestack.h>
+DEFINE_STACK_OF(EVP_MD)
+#endif
+
#define DEFAULT_TIMESTAMP_SIZE 128*1024
module AP_MODULE_DECLARE_DATA timestamp_module;
@@ -360,7 +368,7 @@ static const char *add_timestamp_digest(cmd_parms *cmd, void *dconf,
return apr_psprintf(cmd->pool,
"'%s' could not be recognised as a valid digest.", arg);
}
- if (!sk_EVP_MD_push(conf->digests, digest)) {
+ if (!sk_EVP_MD_push(conf->digests, (EVP_MD *)digest)) {
return apr_psprintf(cmd->pool,
"'%s' could not be added as a valid digest.", arg);
}
--
2.49.0

53
pkgs/servers/http/apache-modules/mod_timestamp/default.nix Normal file
View File

@@ -0,0 +1,53 @@
{
apr,
aprutil,
directoryListingUpdater,
fetchurl,
lib,
mod_ca,
pkg-config,
stdenv,
}:
stdenv.mkDerivation rec {
pname = "mod_timestamp";
version = "0.2.3";
src = fetchurl {
url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz";
hash = "sha256-X49gJ1wQtwQT3GOZkluxdMIY2ZRpM9Y7DZln6Ag9DvM=";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [
apr
aprutil
mod_ca
];
# FIXME: remove after next release after 0.2.3
patches = [ ./0001-DEFINE_STACK_OF-EVP_MD-seems-to-have-gone-recreate-i.patch ];
env.NIX_CFLAGS_COMPILE = toString (
lib.optionals stdenv.cc.isClang [
"-Wno-error=int-conversion"
"-Wno-error=implicit-function-declaration"
]
);
inherit (mod_ca) configureFlags installFlags;
passthru.updateScript = directoryListingUpdater {
url = "https://redwax.eu/dist/rs/";
};
meta = with lib; {
description = "RedWax CA service module for issuing signed timestamps";
homepage = "https://redwax.eu";
changelog = "https://source.redwax.eu/projects/RS/repos/mod_timestamp/browse/ChangeLog";
license = licenses.asl20;
platforms = platforms.unix;
maintainers = with maintainers; [ dirkx ];
};
}

41
pkgs/servers/http/apache-modules/mod_wsgi/default.nix Normal file
View File

@@ -0,0 +1,41 @@
{
lib,
stdenv,
fetchFromGitHub,
apacheHttpd,
python3,
ncurses,
}:
stdenv.mkDerivation rec {
pname = "mod_wsgi";
version = "5.0.2";
src = fetchFromGitHub {
owner = "GrahamDumpleton";
repo = "mod_wsgi";
rev = version;
hash = "sha256-FhOSU8/4QoWa73bNi/qkgKm3CeEEdboh2MgxgQxcYzE=";
};
buildInputs = [
apacheHttpd
python3
ncurses
];
postPatch = ''
substituteInPlace configure --replace '/usr/bin/lipo' 'lipo'
'';
makeFlags = [
"LIBEXECDIR=$(out)/modules"
];
meta = {
homepage = "https://github.com/GrahamDumpleton/mod_wsgi";
description = "Host Python applications in Apache through the WSGI interface";
license = lib.licenses.asl20;
platforms = lib.platforms.unix;
};
}

70
pkgs/servers/http/couchdb/3.nix Normal file
View File

@@ -0,0 +1,70 @@
{
lib,
stdenv,
fetchurl,
erlang,
icu,
openssl,
python3,
nixosTests,
}:
stdenv.mkDerivation rec {
pname = "couchdb";
version = "3.5.0";
src = fetchurl {
url = "mirror://apache/couchdb/source/${version}/apache-${pname}-${version}.tar.gz";
hash = "sha256-api5CpqYC77yw1tJlqjnGi8a5SJ1RshfBMQ2EBvfeL8=";
};
postPatch = ''
patchShebangs bin/rebar
''
+ lib.optionalString stdenv.hostPlatform.isDarwin ''
# LTO with Clang produces LLVM bitcode, which causes linking to fail quietly.
# (There are warnings, but no hard errors, and it produces an empty dylib.)
substituteInPlace src/jiffy/rebar.config.script --replace '"-flto"' '""'
'';
nativeBuildInputs = [
erlang
];
buildInputs = [
icu
openssl
(python3.withPackages (ps: with ps; [ requests ]))
];
dontAddPrefix = "True";
configureFlags = [
"--js-engine=quickjs"
"--disable-spidermonkey"
];
buildFlags = [
"release"
];
installPhase = ''
runHook preInstall
mkdir -p $out
cp -r rel/couchdb/* $out
runHook postInstall
'';
passthru.tests = {
inherit (nixosTests) couchdb;
};
meta = with lib; {
description = "Database that uses JSON for documents, JavaScript for MapReduce queries, and regular HTTP for an API";
homepage = "https://couchdb.apache.org";
license = licenses.asl20;
platforms = platforms.all;
maintainers = with maintainers; [ lostnet ];
broken = stdenv.isDarwin && stdenv.isAarch64;
};
}

63
pkgs/servers/http/jetty/default.nix Normal file
View File

@@ -0,0 +1,63 @@
{
lib,
stdenvNoCC,
fetchurl,
gitUpdater,
}:
let
common =
{ version, hash }:
stdenvNoCC.mkDerivation rec {
pname = "jetty";
inherit version;
src = fetchurl {
url = "mirror://maven/org/eclipse/jetty/jetty-home/${version}/jetty-home-${version}.tar.gz";
inherit hash;
};
dontBuild = true;
installPhase = ''
mkdir -p $out
mv etc lib modules start.jar $out
'';
passthru.updateScript = gitUpdater {
url = "https://github.com/jetty/jetty.project.git";
allowedVersions = "^${lib.versions.major version}\\.";
ignoredVersions = "(alpha|beta).*";
rev-prefix = "jetty-";
};
meta = with lib; {
changelog = "https://github.com/jetty/jetty.project/releases/tag/jetty-${version}";
description = "Web server and javax.servlet container";
homepage = "https://jetty.org/";
platforms = platforms.all;
sourceProvenance = with sourceTypes; [ binaryBytecode ];
license = with licenses; [
asl20
epl10
];
maintainers = with maintainers; [
emmanuelrosa
anthonyroussel
];
};
};
in
{
jetty_11 = common {
version = "11.0.26";
hash = "sha256-uJgh/+/uGjchTgtoF38f7jIvbdrwdToAsqqVOlYtMIM=";
};
jetty_12 = common {
version = "12.1.1";
hash = "sha256-VHmPhVEqq4eoOwo9O7sbdv6bJB9dCFkN+64jTlnFarM=";
};
}

326
pkgs/servers/http/nginx/generic.nix Normal file
View File

@@ -0,0 +1,326 @@
outer@{
lib,
stdenv,
fetchurl,
fetchpatch,
openssl,
zlib-ng,
pcre2,
libxml2,
libxslt,
nginx-doc,
nixosTests,
installShellFiles,
replaceVars,
removeReferencesTo,
gd,
geoip,
perl,
withDebug ? false,
withGeoIP ? false,
withImageFilter ? false,
withKTLS ? true,
withStream ? true,
withMail ? false,
withPerl ? true,
withSlice ? false,
modules ? [ ],
...
}:
{
pname ? "nginx",
version,
nginxVersion ? version,
src ? null, # defaults to upstream nginx ${version}
hash ? null, # when not specifying src
configureFlags ? [ ],
nativeBuildInputs ? [ ],
buildInputs ? [ ],
extraPatches ? [ ],
fixPatch ? p: p,
postPatch ? null,
preConfigure ? "",
preInstall ? "",
postInstall ? "",
meta ? null,
nginx-doc ? outer.nginx-doc,
passthru ? {
tests = { };
},
}:
let
moduleNames = map (
mod:
mod.name
or (throw "The nginx module with source ${toString mod.src} does not have a `name` attribute. This prevents duplicate module detection and is no longer supported.")
) modules;
mapModules =
attrPath:
lib.flip lib.concatMap modules (
mod:
let
supports = mod.supports or (_: true);
in
if supports nginxVersion then
mod.${attrPath} or [ ]
else
throw "Module at ${toString mod.src} does not support nginx version ${nginxVersion}!"
);
in
assert lib.assertMsg (lib.unique moduleNames == moduleNames)
"nginx: duplicate modules: ${lib.concatStringsSep ", " moduleNames}. A common cause for this is that services.nginx.additionalModules adds a module which the nixos module itself already adds.";
stdenv.mkDerivation {
inherit pname version nginxVersion;
outputs = [
"out"
"doc"
];
src =
if src != null then
src
else
fetchurl {
url = "https://nginx.org/download/nginx-${version}.tar.gz";
inherit hash;
};
nativeBuildInputs = [
installShellFiles
removeReferencesTo
]
++ nativeBuildInputs;
buildInputs = [
openssl
zlib-ng
pcre2
libxml2
libxslt
perl
]
++ buildInputs
++ mapModules "inputs"
++ lib.optional withGeoIP geoip
++ lib.optional withImageFilter gd;
configureFlags = [
"--sbin-path=bin/nginx"
"--with-http_ssl_module"
"--with-http_v2_module"
"--with-http_realip_module"
"--with-http_addition_module"
"--with-http_xslt_module"
"--with-http_sub_module"
"--with-http_dav_module"
"--with-http_flv_module"
"--with-http_mp4_module"
"--with-http_gunzip_module"
"--with-http_gzip_static_module"
"--with-http_auth_request_module"
"--with-http_random_index_module"
"--with-http_secure_link_module"
"--with-http_degradation_module"
"--with-http_stub_status_module"
"--with-threads"
"--with-pcre-jit"
"--http-log-path=/var/log/nginx/access.log"
"--error-log-path=/var/log/nginx/error.log"
"--pid-path=/var/log/nginx/nginx.pid"
"--http-client-body-temp-path=/tmp/nginx_client_body"
"--http-proxy-temp-path=/tmp/nginx_proxy"
"--http-fastcgi-temp-path=/tmp/nginx_fastcgi"
"--http-uwsgi-temp-path=/tmp/nginx_uwsgi"
"--http-scgi-temp-path=/tmp/nginx_scgi"
]
++ lib.optionals withDebug [
"--with-debug"
]
++ lib.optionals withKTLS [
"--with-openssl-opt=enable-ktls"
]
++ lib.optionals withStream [
"--with-stream"
"--with-stream_realip_module"
"--with-stream_ssl_module"
"--with-stream_ssl_preread_module"
]
++ lib.optionals withMail [
"--with-mail"
"--with-mail_ssl_module"
]
++ lib.optionals withPerl [
"--with-http_perl_module"
"--with-perl=${perl}/bin/perl"
"--with-perl_modules_path=lib/perl5"
]
++ lib.optional withImageFilter "--with-http_image_filter_module"
++ lib.optional withSlice "--with-http_slice_module"
++ lib.optionals withGeoIP (
[ "--with-http_geoip_module" ] ++ lib.optional withStream "--with-stream_geoip_module"
)
++ lib.optional (with stdenv.hostPlatform; isLinux || isFreeBSD) "--with-file-aio"
++ lib.optional (
stdenv.buildPlatform != stdenv.hostPlatform
) "--crossbuild=${stdenv.hostPlatform.uname.system}::${stdenv.hostPlatform.uname.processor}"
++ configureFlags
++ map (mod: "--add-module=${mod.src}") modules;
env = {
NIX_CFLAGS_COMPILE = toString (
[
"-I${libxml2.dev}/include/libxml2"
"-Wno-error=implicit-fallthrough"
(
# zlig-ng patch needs this
if stdenv.cc.isGNU then
"-Wno-error=discarded-qualifiers"
else
"-Wno-error=incompatible-pointer-types-discards-qualifiers"
)
]
++ lib.optionals (stdenv.cc.isGNU && lib.versionAtLeast stdenv.cc.version "11") [
# fix build vts module on gcc11
"-Wno-error=stringop-overread"
]
++ lib.optionals stdenv.cc.isClang [
"-Wno-error=deprecated-declarations"
"-Wno-error=gnu-folding-constant"
"-Wno-error=unused-but-set-variable"
]
++ lib.optionals stdenv.hostPlatform.isMusl [
# fix sys/cdefs.h is deprecated
"-Wno-error=cpp"
]
);
}
// lib.optionalAttrs (stdenv.buildPlatform != stdenv.hostPlatform) {
CONFIG_BIG_ENDIAN = if stdenv.hostPlatform.isBigEndian then "y" else "n";
};
configurePlatforms = [ ];
# Disable _multioutConfig hook which adds --bindir=$out/bin into configureFlags,
# which breaks build, since nginx does not actually use autoconf.
preConfigure = ''
setOutputFlags=
''
+ preConfigure
+ lib.concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules;
patches =
map fixPatch (
[
./nix-etag-1.15.4.patch
./nix-skip-check-logs-path.patch
]
# Upstream may be against cross-compilation patches.
# https://trac.nginx.org/nginx/ticket/2240 https://trac.nginx.org/nginx/ticket/1928#comment:6
# That dev quit the project in 2024 so the stance could be different now.
++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
(fetchpatch {
url = "https://raw.githubusercontent.com/openwrt/packages/c057dfb09c7027287c7862afab965a4cd95293a3/net/nginx/patches/102-sizeof_test_fix.patch";
sha256 = "0i2k30ac8d7inj9l6bl0684kjglam2f68z8lf3xggcc2i5wzhh8a";
})
(fetchpatch {
url = "https://raw.githubusercontent.com/openwrt/packages/c057dfb09c7027287c7862afab965a4cd95293a3/net/nginx/patches/101-feature_test_fix.patch";
sha256 = "0v6890a85aqmw60pgj3mm7g8nkaphgq65dj4v9c6h58wdsrc6f0y";
})
(fetchpatch {
url = "https://raw.githubusercontent.com/openwrt/packages/c057dfb09c7027287c7862afab965a4cd95293a3/net/nginx/patches/103-sys_nerr.patch";
sha256 = "0s497x6mkz947aw29wdy073k8dyjq8j99lax1a1mzpikzr4rxlmd";
})
(fetchpatch {
url = "https://raw.githubusercontent.com/openwrt/packages/c057dfb09c7027287c7862afab965a4cd95293a3/net/nginx/patches/104-endianness_fix.patch";
sha256 = "sha256-M7V3ZJfKImur2OoqXcoL+CbgFj/huWnfZ4xMCmvkqfc=";
})
]
++ mapModules "patches"
)
++ extraPatches;
postPatch = lib.defaultTo ''
substituteInPlace src/http/ngx_http_core_module.c \
--replace-fail '@nixStoreDir@' "$NIX_STORE" \
--replace-fail '@nixStoreDirLen@' "''${#NIX_STORE}"
'' postPatch;
hardeningEnable = lib.optional (!stdenv.hostPlatform.isDarwin) "pie";
enableParallelBuilding = true;
preInstall = ''
mkdir -p $doc
cp -r ${nginx-doc}/* $doc
# TODO: make it unconditional when `openresty` and `nginx` are not
# sharing this code.
if [[ -e man/nginx.8 ]]; then
installManPage man/nginx.8
fi
''
+ preInstall;
disallowedReferences = map (m: m.src) modules;
postInstall =
let
noSourceRefs = lib.concatMapStrings (
m: "remove-references-to -t ${m.src} $(readlink -fn $out/bin/nginx)\n"
) modules;
in
postInstall + noSourceRefs;
passthru = {
inherit modules;
tests = {
inherit (nixosTests)
nginx
nginx-auth
nginx-etag
nginx-etag-compression
nginx-globalredirect
nginx-http3
nginx-proxyprotocol
nginx-pubhtml
nginx-sso
nginx-status-page
nginx-unix-socket
;
variants = lib.recurseIntoAttrs nixosTests.nginx-variants;
acme-integration = nixosTests.acme.nginx;
}
// passthru.tests;
};
meta =
if meta != null then
meta
else
with lib;
{
description = "Reverse proxy and lightweight webserver";
mainProgram = "nginx";
homepage = "http://nginx.org";
license = [ licenses.bsd2 ] ++ concatMap (m: m.meta.license) modules;
broken = lib.any (m: m.meta.broken or false) modules;
platforms = platforms.all;
maintainers = with maintainers; [
fpletz
raitobezarius
];
teams = with teams; [
helsinki-systems
stridtech
];
};
}

6
pkgs/servers/http/nginx/mainline.nix Normal file
View File

@@ -0,0 +1,6 @@
{ callPackage, ... }@args:
callPackage ./generic.nix args {
version = "1.29.1";
hash = "sha256-xYn35+2AHdvZBK+/PeJq4k6wzOJ8dxei6U33+xLWrSc=";
}

1118
pkgs/servers/http/nginx/modules.nix Normal file
View File

File diff suppressed because it is too large Load Diff

106
pkgs/servers/http/nginx/nix-etag-1.15.4.patch Normal file
View File

@@ -0,0 +1,106 @@
This patch makes it possible to serve static content from Nix store paths, by
using the hash of the store path for the ETag header.
diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c
index 97a91aee2..2d07d71e6 100644
--- a/src/http/ngx_http_core_module.c
+++ b/src/http/ngx_http_core_module.c
@@ -1676,6 +1676,8 @@ ngx_http_set_etag(ngx_http_request_t *r)
{
ngx_table_elt_t *etag;
ngx_http_core_loc_conf_t *clcf;
+ u_char *real, *ptr1, *ptr2;
+ ngx_err_t err;
clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
@@ -1692,16 +1694,82 @@ ngx_http_set_etag(ngx_http_request_t *r)
etag->next = NULL;
ngx_str_set(&etag->key, "ETag");
- etag->value.data = ngx_pnalloc(r->pool, NGX_OFF_T_LEN + NGX_TIME_T_LEN + 3);
- if (etag->value.data == NULL) {
- etag->hash = 0;
- return NGX_ERROR;
+ // Upstream nginx uses file mod timestamp and content-length for Etag, but
+ // files in the Nix store have their timestamps reset, so that doesn't work.
+ // Instead, when serving from the Nix store, we use the hash from the store
+ // path and content-length.
+ //
+ // Every file in under the given store path will share the same store path
+ // hash. It is fine to serve different resources with the same Etag, but
+ // different representations of the same resource (eg the same file, but
+ // gzip-compressed) should have different Etags. Thus, we also append
+ // content-length, which should be different when the response is compressed
+
+ err = ngx_errno;
+ real = ngx_realpath(clcf->root.data, NULL);
+ ngx_set_errno(err);
+
+ #define NIX_STORE_DIR "@nixStoreDir@"
+ #define NIX_STORE_LEN @nixStoreDirLen@
+
+ if (r->headers_out.last_modified_time == 1
+ && real != NULL
+ && !ngx_strncmp(real, NIX_STORE_DIR, NIX_STORE_LEN)
+ && real[NIX_STORE_LEN] == '/'
+ && real[NIX_STORE_LEN + 1] != '\0')
+ {
+ // extract the hash from a path formatted like
+ // /nix/store/hashhere1234-pname-1.0.0
+ // +1 to skip the leading /
+ ptr1 = real + NIX_STORE_LEN + 1;
+
+ ptr2 = (u_char *) ngx_strchr(ptr1, '-');
+
+ if (ptr2 == NULL) {
+ ngx_free(real);
+ etag->hash = 0;
+ return NGX_ERROR;
+ }
+
+ *ptr2 = '\0';
+
+ // hash + content-length + quotes and hyphen. Note that the
+ // content-length part of the string can vary in length.
+ etag->value.data = ngx_pnalloc(r->pool, ngx_strlen(ptr1) + NGX_OFF_T_LEN + 3);
+
+ if (etag->value.data == NULL) {
+ ngx_free(real);
+ etag->hash = 0;
+ return NGX_ERROR;
+ }
+
+
+ // set value.data content to "{hash}-{content-length}" (including quote
+ // marks), and set value.len to the length of the resulting string
+ etag->value.len = ngx_sprintf(etag->value.data, "\"\%s-%xO\"",
+ ptr1,
+ r->headers_out.content_length_n)
+ - etag->value.data;
+
+ ngx_http_clear_last_modified(r);
+ } else {
+ // outside of Nix store, use the upstream Nginx logic for etags
+
+ etag->value.data = ngx_pnalloc(r->pool, NGX_OFF_T_LEN + NGX_TIME_T_LEN + 3);
+
+ if (etag->value.data == NULL) {
+ ngx_free(real);
+ etag->hash = 0;
+ return NGX_ERROR;
+ }
+
+ etag->value.len = ngx_sprintf(etag->value.data, "\"%xT-%xO\"",
+ r->headers_out.last_modified_time,
+ r->headers_out.content_length_n)
+ - etag->value.data;
}
- etag->value.len = ngx_sprintf(etag->value.data, "\"%xT-%xO\"",
- r->headers_out.last_modified_time,
- r->headers_out.content_length_n)
- - etag->value.data;
+ ngx_free(real);
r->headers_out.etag = etag;

27
pkgs/servers/http/nginx/nix-skip-check-logs-path.patch Normal file
View File

@@ -0,0 +1,27 @@
diff --git a/auto/install b/auto/install
index d884487..dccc411 100644
--- a/auto/install
+++ b/auto/install
@@ -148,12 +148,6 @@ install: build $NGX_INSTALL_PERL_MODULES
|| cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PATH'
cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PREFIX/nginx.conf.default'
- test -d '\$(DESTDIR)`dirname "$NGX_PID_PATH"`' \\
- || mkdir -p '\$(DESTDIR)`dirname "$NGX_PID_PATH"`'
-
- test -d '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' \\
- || mkdir -p '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`'
-
test -d '\$(DESTDIR)$NGX_PREFIX/html' \\
|| cp -R $NGX_HTML '\$(DESTDIR)$NGX_PREFIX'
END
@@ -161,9 +155,6 @@ END
if test -n "$NGX_ERROR_LOG_PATH"; then
cat << END >> $NGX_MAKEFILE
-
- test -d '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`' \\
- || mkdir -p '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`'
END
fi

15
pkgs/servers/http/nginx/quic.nix Normal file
View File

@@ -0,0 +1,15 @@
{
callPackage,
nginxMainline,
...
}@args:
callPackage ./generic.nix args {
pname = "nginxQuic";
inherit (nginxMainline) src version;
configureFlags = [
"--with-http_v3_module"
];
}

13
pkgs/servers/http/nginx/stable.nix Normal file
View File

@@ -0,0 +1,13 @@
{ callPackage, fetchpatch, ... }@args:
callPackage ./generic.nix args {
version = "1.28.0";
hash = "sha256-xrXGsIbA3508o/9eCEwdDvkJ5gOCecccHD6YX1dv92o=";
extraPatches = [
(fetchpatch {
name = "CVE-2025-53859.patch";
url = "https://nginx.org/download/patch.2025.smtp.txt";
hash = "sha256-v49sLskFNMoKuG8HQISw8ST7ga6DS+ngJiL0D3sUyGk=";
})
];
}

76
pkgs/servers/http/openresty/default.nix Normal file
View File

@@ -0,0 +1,76 @@
{
callPackage,
runCommand,
lib,
fetchurl,
perl,
libpq,
nixosTests,
withPostgres ? true,
...
}@args:
callPackage ../nginx/generic.nix args rec {
pname = "openresty";
nginxVersion = "1.27.1";
version = "${nginxVersion}.2";
src = fetchurl {
url = "https://openresty.org/download/openresty-${version}.tar.gz";
sha256 = "sha256-dPB29+NksqmabF+btTHCdhDHiYWr6Va0QrGSoilfdUg=";
};
# generic.nix applies fixPatch on top of every patch defined there.
# This allows updating the patch destination, as openresty has
# nginx source code in a different folder.
fixPatch =
patch:
let
name = patch.name or (baseNameOf patch);
in
runCommand "openresty-${name}" { src = patch; } ''
substitute $src $out \
--replace "a/" "a/bundle/nginx-${nginxVersion}/" \
--replace "b/" "b/bundle/nginx-${nginxVersion}/"
'';
nativeBuildInputs = [
libpq.pg_config
perl
];
buildInputs = [ libpq ];
postPatch = ''
substituteInPlace bundle/nginx-${nginxVersion}/src/http/ngx_http_core_module.c \
--replace-fail '@nixStoreDir@' "$NIX_STORE" \
--replace-fail '@nixStoreDirLen@' "''${#NIX_STORE}"
patchShebangs configure bundle/
'';
configureFlags = lib.optional withPostgres [ "--with-http_postgres_module" ];
postInstall = ''
ln -s $out/luajit/bin/luajit-2.1.ROLLING $out/bin/luajit-openresty
ln -sf $out/nginx/bin/nginx $out/bin/openresty
ln -s $out/nginx/bin/nginx $out/bin/nginx
ln -s $out/nginx/conf $out/conf
ln -s $out/nginx/html $out/html
'';
passthru.tests = {
inherit (nixosTests) openresty-lua;
};
meta = {
description = "Fast web application server built on Nginx";
homepage = "https://openresty.org";
license = lib.licenses.bsd2;
platforms = lib.platforms.all;
maintainers = with lib.maintainers; [
thoughtpolice
lblasc
];
};
}

12
pkgs/servers/http/tengine/check-resolv-conf.patch Normal file
View File

@@ -0,0 +1,12 @@
diff --git a/auto/unix b/auto/unix
index a38c12dc..025a4899 100644
--- a/auto/unix
+++ b/auto/unix
@@ -1072,7 +1072,5 @@ ngx_feature_test='int fd;
# Tengine: auto read nameserver from /etc/resolv.conf.
- if [ -f "/etc/resolv.conf" ]; then
have=NGX_RESOLVER_FILE value="\"/etc/resolv.conf\"" . auto/define
-fi

161
pkgs/servers/http/tengine/default.nix Normal file
View File

@@ -0,0 +1,161 @@
{
lib,
stdenv,
fetchFromGitHub,
openssl,
zlib,
pcre,
libxcrypt,
libxml2,
libxslt,
replaceVars,
gd,
geoip,
gperftools,
jemalloc,
nixosTests,
withDebug ? false,
withMail ? false,
withStream ? false,
modules ? [ ],
...
}:
let
inherit (lib) optional optionals optionalString;
in
stdenv.mkDerivation rec {
version = "3.1.0";
pname = "tengine";
src = fetchFromGitHub {
owner = "alibaba";
repo = pname;
rev = version;
hash = "sha256-cClSNBlresMHqJrqSFWvUo589TlwJ2tL5FWJG9QBuis=";
};
buildInputs = [
openssl
zlib
pcre
libxcrypt
libxml2
libxslt
gd
geoip
gperftools
jemalloc
]
++ lib.concatMap (mod: mod.inputs or [ ]) modules;
patches = [
../nginx/nix-etag-1.15.4.patch
./check-resolv-conf.patch
../nginx/nix-skip-check-logs-path.patch
];
postPatch = ''
substituteInPlace src/http/ngx_http_core_module.c \
--replace-fail '@nixStoreDir@' "$NIX_STORE" \
--replace-fail '@nixStoreDirLen@' "''${#NIX_STORE}"
'';
configureFlags = [
"--with-http_ssl_module"
"--with-http_v2_module"
"--with-http_realip_module"
"--with-http_addition_module"
"--with-http_xslt_module"
"--with-http_geoip_module"
"--with-http_sub_module"
"--with-http_dav_module"
"--with-http_flv_module"
"--with-http_mp4_module"
"--with-http_gunzip_module"
"--with-http_gzip_static_module"
"--with-http_auth_request_module"
"--with-http_random_index_module"
"--with-http_secure_link_module"
"--with-http_degradation_module"
"--with-http_stub_status_module"
"--with-threads"
"--with-pcre-jit"
"--with-http_slice_module"
"--with-select_module"
"--with-poll_module"
"--with-google_perftools_module"
"--with-jemalloc"
"--http-log-path=/var/log/nginx/access.log"
"--error-log-path=/var/log/nginx/error.log"
"--pid-path=/var/log/nginx/nginx.pid"
"--http-client-body-temp-path=/var/cache/nginx/client_body"
"--http-proxy-temp-path=/var/cache/nginx/proxy"
"--http-fastcgi-temp-path=/var/cache/nginx/fastcgi"
"--http-uwsgi-temp-path=/var/cache/nginx/uwsgi"
"--http-scgi-temp-path=/var/cache/nginx/scgi"
]
++ optionals withDebug [
"--with-debug"
]
++ optionals withMail [
"--with-mail"
"--with-mail_ssl_module"
]
++ optionals (!withMail) [
"--without-mail_pop3_module"
"--without-mail_imap_module"
"--without-mail_smtp_module"
]
++ optionals withStream [
"--with-stream"
"--with-stream_ssl_module"
"--with-stream_realip_module"
"--with-stream_geoip_module"
"--with-stream_ssl_preread_module"
"--with-stream_sni"
]
++ optionals (!withStream) [
"--without-stream_limit_conn_module"
"--without-stream_access_module"
"--without-stream_geo_module"
"--without-stream_map_module"
"--without-stream_split_clients_module"
"--without-stream_return_module"
"--without-stream_upstream_hash_module"
"--without-stream_upstream_least_conn_module"
"--without-stream_upstream_random_module"
"--without-stream_upstream_zone_module"
]
++ optional (gd != null) "--with-http_image_filter_module"
++ optional (with stdenv.hostPlatform; isLinux || isFreeBSD) "--with-file-aio"
++ map (mod: "--add-module=${mod.src}") modules;
env.NIX_CFLAGS_COMPILE =
"-I${libxml2.dev}/include/libxml2 -Wno-error=implicit-fallthrough"
+ optionalString stdenv.hostPlatform.isDarwin " -Wno-error=deprecated-declarations";
preConfigure = (lib.concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules);
hardeningEnable = optional (!stdenv.hostPlatform.isDarwin) "pie";
enableParallelBuilding = true;
postInstall = ''
mv $out/sbin $out/bin
'';
passthru = {
inherit modules;
tests = nixosTests.nginx-variants.tengine;
};
meta = with lib; {
description = "Web server based on Nginx and has many advanced features, originated by Taobao";
mainProgram = "nginx";
homepage = "https://tengine.taobao.org";
license = licenses.bsd2;
platforms = platforms.all;
maintainers = with maintainers; [ izorkin ];
};
}

76
pkgs/servers/http/tomcat/default.nix Normal file
View File

@@ -0,0 +1,76 @@
{
fetchurl,
gitUpdater,
jre,
lib,
nixosTests,
stdenvNoCC,
testers,
}:
let
common =
{ version, hash }:
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "apache-tomcat";
inherit version;
src = fetchurl {
url = "mirror://apache/tomcat/tomcat-${lib.versions.major version}/v${version}/bin/apache-tomcat-${version}.tar.gz";
inherit hash;
};
outputs = [
"out"
"webapps"
];
installPhase = ''
mkdir $out
mv * $out
mkdir -p $webapps/webapps
mv $out/webapps $webapps/
'';
passthru = {
updateScript = gitUpdater {
url = "https://github.com/apache/tomcat.git";
allowedVersions = "^${lib.versions.major version}\\.";
ignoredVersions = "-M.*";
};
tests = {
inherit (nixosTests) tomcat;
version = testers.testVersion {
package = finalAttrs.finalPackage;
command = "JAVA_HOME=${jre} ${finalAttrs.finalPackage}/bin/version.sh";
};
};
};
meta = {
homepage = "https://tomcat.apache.org/";
description = "Implementation of the Java Servlet and JavaServer Pages technologies";
platforms = jre.meta.platforms;
maintainers = with lib.maintainers; [ anthonyroussel ];
license = lib.licenses.asl20;
sourceProvenance = with lib.sourceTypes; [ binaryBytecode ];
};
});
in
{
tomcat9 = common {
version = "9.0.109";
hash = "sha256-/masqdxAAgA4VwluYMSCsfAFr1RXx2fKnFgE9zLePMI=";
};
tomcat10 = common {
version = "10.1.46";
hash = "sha256-RenV71YatGt0x19AwzuD9J4T556Z9zbf+OiUhVfpaNo=";
};
tomcat11 = common {
version = "11.0.11";
hash = "sha256-KpG4DB6n279K8Fux+Aq7l15d5BXAyAPep0XlqhEm4IE=";
};
}

40
pkgs/servers/http/tomcat/tomcat-native.nix Normal file
View File

@@ -0,0 +1,40 @@
{
lib,
stdenv,
fetchurl,
apr,
jdk,
openssl,
}:
stdenv.mkDerivation rec {
pname = "tomcat-native";
version = "2.0.9";
src = fetchurl {
url = "mirror://apache/tomcat/tomcat-connectors/native/${version}/source/${pname}-${version}-src.tar.gz";
hash = "sha256-iu0N70FNf0m2iOgmeXUT6VGC7L17b4tvAl5Se4UGXAI=";
};
sourceRoot = "${pname}-${version}-src/native";
buildInputs = [
apr
jdk
openssl
];
configureFlags = [
"--with-apr=${apr.dev}"
"--with-java-home=${jdk}"
"--with-ssl=${openssl.dev}"
];
meta = with lib; {
description = "Optional component for use with Apache Tomcat that allows Tomcat to use certain native resources for performance, compatibility, etc";
homepage = "https://tomcat.apache.org/native-doc/";
license = licenses.asl20;
platforms = platforms.unix;
maintainers = with maintainers; [ aanderse ];
};
}