From 37867dba74377988594b18657ae68e3bfef24755 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Mon, 21 Jan 2019 13:02:16 +0100 Subject: [PATCH] nginxModules.http_proxy_connect_module: init This adds the nginx module `ngx_http_proxy_connect_module` which allows to tunnel HTTPS through an nginx proxy[1]. As this module contained patches for several nginx version, some minor adjustments were needed: * Allowed each entry in `nginxModules` to provide patches. * Added an optional `supports` attribute to ensure that each module can determine if it supports the currently built nginx version (e.g. stable 1.14 ATM or mainline 1.15 ATM). [1] https://github.com/chobits/ngx_http_proxy_connect_module --- pkgs/servers/http/nginx/generic.nix | 15 +++++++++++++-- pkgs/servers/http/nginx/modules.nix | 25 +++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/http/nginx/generic.nix b/pkgs/servers/http/nginx/generic.nix index 691ca014257b..02bef43c184f 100644 --- a/pkgs/servers/http/nginx/generic.nix +++ b/pkgs/servers/http/nginx/generic.nix @@ -9,6 +9,17 @@ with stdenv.lib; +let + + mapModules = attrPath: flip concatMap modules + (mod: + let supports = mod.supports or (_: true); + in + if supports version then mod.${attrPath} or [] + else throw "Module at ${toString mod.src} does not support nginx version ${version}!"); + +in + stdenv.mkDerivation { name = "nginx-${version}"; @@ -18,7 +29,7 @@ stdenv.mkDerivation { }; buildInputs = [ openssl zlib pcre libxml2 libxslt gd geoip ] - ++ concatMap (mod: mod.inputs or []) modules; + ++ mapModules "inputs"; configureFlags = [ "--with-http_ssl_module" @@ -77,7 +88,7 @@ stdenv.mkDerivation { url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/103-sys_nerr.patch"; sha256 = "0s497x6mkz947aw29wdy073k8dyjq8j99lax1a1mzpikzr4rxlmd"; }) - ]; + ] ++ mapModules "patches"; hardeningEnable = optional (!stdenv.isDarwin) "pie"; diff --git a/pkgs/servers/http/nginx/modules.nix b/pkgs/servers/http/nginx/modules.nix index 57884bcfdb96..6a0114a6ba55 100644 --- a/pkgs/servers/http/nginx/modules.nix +++ b/pkgs/servers/http/nginx/modules.nix @@ -1,5 +1,22 @@ { fetchFromGitHub, lib, pkgs }: +let + + http_proxy_connect_module_generic = patchName: rec { + src = fetchFromGitHub { + owner = "chobits"; + repo = "ngx_http_proxy_connect_module"; + rev = "8201639082cba702211585b03d4cc7bc51c65167"; + sha256 = "0z71x3xnlczrr2kq43w3drxj9g14fkk4jz66x921v0yb8r9mnn5a"; + }; + + patches = [ + "${src}/patch/${patchName}.patch" + ]; + }; + +in + { brotli = { src = let gitsrc = pkgs.fetchFromGitHub { @@ -318,4 +335,12 @@ sha256 = "1jq2s9k7hah3b317hfn9y3g1q4g4x58k209psrfsqs718a9sw8c7"; }; }; + + http_proxy_connect_module_v15 = http_proxy_connect_module_generic "proxy_connect_rewrite_1015" // { + supports = with lib.versions; version: major version == "1" && minor version == "15"; + }; + + http_proxy_connect_module_v14 = http_proxy_connect_module_generic "proxy_connect_rewrite_1014" // { + supports = with lib.versions; version: major version == "1" && minor version == "14"; + }; }