On Wed, Mar 13, 2013 at 11:24:28PM +0100, Landry Breuil wrote:
Hi,
here's a diff to add a naxsi flavor to both nginx ports, allowing it to
build naxsi as an internal module, like it's done for lua.
Naxsi is an open source, high performance, low rules maintenance, Web
Application Firewall module for Nginx. See
https://code.google.com/p/naxsi/ for more details.
Feedback of real-world uses welcome. Naxsi-ui is still to be ported.
WIth a diff, it's even better!
According to
https://code.google.com/p/naxsi/wiki/Howto#Installing_nginx_+_naxsi and
after discussion with upstream, --add-module needs to be first on the
configure line so that the naxsi module is used first, hence the
shuffling of stuff in Makefile.inc.
Landry
? nginx-naxsi.diff
Index: Makefile.inc
===
RCS file: /cvs/ports/www/nginx/Makefile.inc,v
retrieving revision 1.5
diff -u -r1.5 Makefile.inc
--- Makefile.inc11 Mar 2013 12:27:54 - 1.5
+++ Makefile.inc14 Mar 2013 00:31:18 -
@@ -7,6 +7,7 @@
MASTER_SITES= http://nginx.org/download/
MASTER_SITES0= http://dropbox.eait.uq.edu.au/uqdgwynn/distfiles/
+MASTER_SITES1 =http://naxsi.googlecode.com/files/
HOMEPAGE= http://nginx.org/
@@ -22,8 +23,19 @@
NGINX_DIR= /var/nginx
SUBST_VARS=NGINX_DIR
+FLAVORS= lua naxsi passenger
+FLAVOR?=
+
+# must be first option on configure line ?
+.if ${FLAVOR:L:Mnaxsi}
+DISTFILES += ${NAXSIDISTFILES}
+CONFIGURE_ARGS = --add-module=${WRKSRC}/../naxsi-core-0.49/naxsi_src/
+.else
+SUPDISTFILES+= ${NAXSIDISTFILES}
+.endif
+
CONFIGURE_STYLE= simple
-CONFIGURE_ARGS=--prefix=${SYSCONFDIR}/nginx \
+CONFIGURE_ARGS+= --prefix=${SYSCONFDIR}/nginx \
--conf-path=${SYSCONFDIR}/nginx/nginx.conf \
--sbin-path=${PREFIX}/sbin/nginx \
--pid-path=/var/run/nginx.pid \
@@ -47,13 +59,11 @@
--with-mail_ssl_module \
--with-ipv6
-FLAVORS= lua passenger
-FLAVOR?=
-
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
LUADISTFILES+= simpl-ngx_devel_kit-v0.2.17-0-gbc97eea.tar.gz:0
LUADISTFILES+= chaoslawful-lua-nginx-module-v0.6.1-0-ge282c1c.tar.gz:0
SUBSTFILES=conf/nginx.conf
+NAXSIDISTFILES += naxsi-core-0.49.tgz:1
.if ${FLAVOR:Mpassenger}
CONFIGURE_ARGS+=
--add-module=${LOCALBASE}/lib/phusion-passenger19/ext/nginx
Index: devel/Makefile
===
RCS file: /cvs/ports/www/nginx/devel/Makefile,v
retrieving revision 1.3
diff -u -r1.3 Makefile
--- devel/Makefile 26 Sep 2012 19:46:06 - 1.3
+++ devel/Makefile 14 Mar 2013 00:31:18 -
@@ -1,6 +1,6 @@
# $OpenBSD: Makefile,v 1.3 2012/09/26 19:46:06 sthen Exp $
VERSION= 1.3.5
-REVISION= 1
+REVISION= 2
.include bsd.port.mk
Index: devel/distinfo
===
RCS file: /cvs/ports/www/nginx/devel/distinfo,v
retrieving revision 1.1
diff -u -r1.1 distinfo
--- devel/distinfo 11 Sep 2012 16:01:45 - 1.1
+++ devel/distinfo 14 Mar 2013 00:31:18 -
@@ -1,6 +1,8 @@
SHA256 (chaoslawful-lua-nginx-module-v0.6.1-0-ge282c1c.tar.gz) =
kv3UMhu3W+CojXoukTAhQEbLNa+cJBSe89ZB33v5s0w=
+SHA256 (naxsi-core-0.49.tgz) = uwtjcT1alEZAHVrNHvCIK5wqD8UGUCu9iLxGY9Jz6cc=
SHA256 (nginx-1.3.5.tar.gz) = mwzZC3bbqGzMyPNEK2rd296EQfo/m2/7M58MhcL4q0Q=
SHA256 (simpl-ngx_devel_kit-v0.2.17-0-gbc97eea.tar.gz) =
v1VA120YZ7RBEJHxbGx4b9ZnWQmcWUg8dsaENAIP2wI=
SIZE (chaoslawful-lua-nginx-module-v0.6.1-0-ge282c1c.tar.gz) = 378941
+SIZE (naxsi-core-0.49.tgz) = 49852
SIZE (nginx-1.3.5.tar.gz) = 725169
SIZE (simpl-ngx_devel_kit-v0.2.17-0-gbc97eea.tar.gz) = 64964
Index: devel/pkg/DESCR
===
RCS file: /cvs/ports/www/nginx/devel/pkg/DESCR,v
retrieving revision 1.1
diff -u -r1.1 DESCR
--- devel/pkg/DESCR 11 Sep 2012 16:01:45 - 1.1
+++ devel/pkg/DESCR 14 Mar 2013 00:31:18 -
@@ -24,3 +24,6 @@
deployment of Ruby web applications, such as those built on the revolutionary
Ruby on Rails web framework, a breeze. It follows the usual Ruby on Rails
conventions, such as Don't-Repeat-Yourself.
+
+ naxsi - This Nginx module embeds Naxsi into nginx core. Naxsi is
+a high performance, low rules maintenance, Web Application Firewall module.
Index: stable/Makefile
===
RCS file: /cvs/ports/www/nginx/stable/Makefile,v
retrieving revision 1.3
diff -u -r1.3 Makefile
--- stable/Makefile 26 Sep 2012 19:46:06 - 1.3
+++ stable/Makefile 14 Mar 2013 00:31:18 -
@@ -1,6 +1,6 @@
# $OpenBSD: Makefile,v 1.3 2012/09/26 19:46:06 sthen Exp $
VERSION= 1.2.3
-REVISION= 1
+REVISION= 2
