# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
# Contributor: Cameron Banta <cbanta@gmail.com>
# Contributor: Jeff Bilyk <jbilyk@gmail.com>
# Contributor: Bartłomiej Piotrowski <nospam@bpiotrowski.pl>

pkgname=nginx-naxsi
_pkgname=nginx
pkgver=1.11.10
pkgrel=1
pkgdesc="Lightweight HTTP and reverse proxy server with Naxsi WAF support, see also 'nxapi'"
url="http://www.nginx.org | https://github.com/nbs-system/naxsi"
arch="all"
license="custom"

# Modules
_ngx_naxsi_name=naxsi
_ngx_naxsi_ver=0.55.3
_ngx_naxsi_dir="$srcdir/$_ngx_naxsi_name-$_ngx_naxsi_ver/naxsi_src"

_ngx_cache_purge_name=ngx_cache_purge
_ngx_cache_purge_ver=2.3.0.1
_ngx_cache_purge_dir="$srcdir/$_ngx_cache_purge_name-$_ngx_cache_purge_ver"

_ngx_upstream_fair_name=nginx-upstream-fair
_ngx_upstream_fair_ver=0.1.1
_ngx_upstream_fair_dir="$srcdir/$_ngx_upstream_fair_name-$_ngx_upstream_fair_ver"

_ngx_http_sysguard_name=tengine-http-sysguard
_ngx_http_sysguard_ver=2.2.0
_ngx_http_sysguard_dir="$srcdir/$_ngx_http_sysguard_name-$_ngx_http_sysguard_ver"

depends="!nginx"
makedepends="linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev libressl-dev
	pcre-dev perl-dev pkgconf zlib-dev"
pkgusers="nginx"
_grp_ngx="nginx"
_grp_www="www-data"
pkggroups="$_grp_ngx $_grp_www"
install="$pkgname.pre-install $pkgname.pre-upgrade"
options="!check"
subpackages="$pkgname-doc"
source="http://nginx.org/download/$_pkgname-$pkgver.tar.gz
	naxsi-$_ngx_naxsi_ver.tar.gz::https://github.com/nbs-system/$_ngx_naxsi_name/archive/$_ngx_naxsi_ver.tar.gz
	ngx_cache_purge-$_ngx_cache_purge_ver.tar.gz::https://github.com/itoffshore/$_ngx_cache_purge_name/archive/v$_ngx_cache_purge_ver.tar.gz
	upstream-fair-$_ngx_upstream_fair_ver.tar.gz::https://github.com/itoffshore/$_ngx_upstream_fair_name/archive/v$_ngx_upstream_fair_ver.tar.gz
	sysguard-$_ngx_http_sysguard_ver.tar.gz::https://github.com/itoffshore/$_ngx_http_sysguard_name/archive/v$_ngx_http_sysguard_ver.tar.gz

	anonymise.patch
	ipv6.patch
	sysguard.patch

	nginx.initd
	nginx.logrotate
	nginx.conf
	default.conf
	"
builddir="$srcdir"/$_pkgname-$pkgver

_modules_dir="usr/lib/nginx/modules"
_modules="
	http-geoip
	http-image-filter
	http-perl
	http-xslt-filter
	mail
	stream
	http-naxsi
	http-cache-purge
	http-upstream-fair
	http-sysguard
	"

for _m in $_modules; do
	subpackages="$subpackages $pkgname-mod-$_m:_module"
done


build() {
	cd "$builddir"
	./configure \
		--prefix=/var/lib/$_pkgname \
		--sbin-path=/usr/sbin/$_pkgname \
		--modules-path=/$_modules_dir \
		--conf-path=/etc/$_pkgname/$_pkgname.conf \
		--pid-path=/run/$_pkgname/$_pkgname.pid \
		--lock-path=/run/$_pkgname/$_pkgname.lock \
		--error-log-path=/var/log/$_pkgname/error.log \
		--http-log-path=/var/log/$_pkgname/access.log \
		--http-client-body-temp-path=/var/lib/$_pkgname/tmp/client_body \
		--http-proxy-temp-path=/var/lib/$_pkgname/tmp/proxy \
		--http-fastcgi-temp-path=/var/lib/$_pkgname/tmp/fastcgi \
		--with-perl_modules_path=/usr/lib/perl5/vendor_perl \
		\
		--user=$pkgusers \
		--group=$_grp_ngx \
		--with-threads \
		--with-file-aio \
		--without-http_uwsgi_module \
		--without-http_scgi_module \
		\
		--with-http_ssl_module \
		--with-http_v2_module \
		--with-http_realip_module \
		--with-http_addition_module \
		--with-http_sub_module \
		--with-http_dav_module \
		--with-http_flv_module \
		--with-http_mp4_module \
		--with-http_gunzip_module \
		--with-http_gzip_static_module \
		--with-http_auth_request_module \
		--with-http_random_index_module \
		--with-http_secure_link_module \
		--with-http_slice_module \
		--with-http_stub_status_module \
		--with-http_xslt_module=dynamic \
		--with-http_image_filter_module=dynamic \
		--with-http_geoip_module=dynamic \
		--with-http_perl_module=dynamic \
		--with-mail=dynamic \
		--with-mail_ssl_module \
		--with-stream=dynamic \
		--with-stream_ssl_module \
		\
		--add-dynamic-module="$_ngx_naxsi_dir" \
		--add-dynamic-module="$_ngx_cache_purge_dir" \
		--add-dynamic-module="$_ngx_upstream_fair_dir" \
		--add-dynamic-module="$_ngx_http_sysguard_dir" \
		|| return 1
	make || return 1
}

package() {
	cd "$builddir"

	make DESTDIR="$pkgdir" install

	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
	install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README

	cd "$pkgdir"

	install -Dm644 "$srcdir"/nginx.conf ./etc/$_pkgname/nginx.conf
	install -Dm644 "$srcdir"/default.conf ./etc/$_pkgname/conf.d/default.conf
	install -m755 -D "$srcdir"/$_pkgname.initd ./etc/init.d/$_pkgname
	install -m644 -D "$srcdir"/$_pkgname.logrotate ./etc/logrotate.d/$_pkgname
	install -m644 -D "$srcdir"/naxsi-$_ngx_naxsi_ver/naxsi_config/naxsi_core.rules ./etc/nginx/naxsi_core.rules

	install -dm755 ./etc/$_pkgname/modules
	install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname
	install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname/tmp

	ln -sf /$_modules_dir ./var/lib/$_pkgname/modules
	ln -sf /var/log/$_pkgname ./var/lib/$_pkgname/logs
	ln -sf /run/$_pkgname ./var/lib/$_pkgname/run

	rm -rf ./run ./etc/$_pkgname/*.default
	# scgi & uwsgi servers are disabled
	rm ./etc/$_pkgname/scgi_params ./etc/$_pkgname/uwsgi_params
}

_module() {
	local name="${subpkgname#$pkgname-mod-}"
	name="${name//-/_}"
	soname="ngx_${name}_module.so"

	pkgdesc="$pkgdesc (module $name)"
	depends="!nginx-mod-$name"
	provides="$name"

	mkdir -p "$subpkgdir"/$_modules_dir
	cd "$subpkgdir"

	mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname || return 1
	mkdir -p "$subpkgdir"/etc/nginx/modules
	echo "load_module \"modules/$soname\";" > ./etc/nginx/modules/$name.conf
}

sha512sums="b6437d8305547a834a0f3ad076ac591b90189eb922f48759094efaa9618e39fc249600ab13650113fe841fc9af0b736acc61a9b9baba7bacd35224c34df1bbc9  nginx-1.11.10.tar.gz
9e8f41a5cd1342cc9b8aa334a603842d14a256aab1f4a21205bb1278aecbb0c49e39c889d8113a5b41aad2efeaa2ed9f11cba6929173f50add91f54c4c59c8a0  naxsi-0.55.3.tar.gz
c49c81dbdb8bd507fccf31295e603cea8f0a964867c27eff0436dcea3b4a547c8ae2f11ecf49c4d82c693cf8138c17ebbed395738539d0d61254951e5f0db7e3  ngx_cache_purge-2.3.0.1.tar.gz
fd305b859c868ef55171b05f64071a2836c12073bcd89d6197af4946a3d1177f77c6708d4d589d460c84967273dee87ca9de97ab0f0d47e6d65f86b465d70316  upstream-fair-0.1.1.tar.gz
2743d9aea60bd4984b650213e571cf27e6ff5b3db708242ccb53b8fc669d1cc82ee224ba79aee2f6969b6e13821cfdd3df7b412541e1fdbb867ecc95326e07e1  sysguard-2.2.0.tar.gz
1117ca5887822e002d9995c041435fda53890614fd7309ea011a59bfb0df3261fc7ba8670e93aaee9116cda16b9806921a85f52c9959b093f2e5ac5df4d9b0fb  anonymise.patch
cae9f842c3d1188730d4355440476ad2338b19c027c4b329efe88d4487e90d96bf60dea6feb4be6a6f96d4b356fc154345e32c2bb643d70f68e428df26330a49  ipv6.patch
2dca2ac74fb92e330fde7b6b6120b2fd2565c377a629c9536cf77beebe41aa4b092d4229d5b487b0fb02be4f2cc5b897c429c87bbbbc7b0d31e1cbb94231ddce  sysguard.patch
e0784764d509589a9626e20bd800787583573314293caf0ebc135bbfc50346f86847d4a93b91cb01d7b8f6e1b00285569ae8088e35ed9bc3ae8278cad3ba320e  nginx.initd
01b77cff16f6e8bfd7fa1d4d20f625bbcddd08f0509173452d060c342c93dc315a7b0560f4734323a5d29ea294de0491f2e3f32e5337574e1a28ebc005eceea8  nginx.logrotate
a1a1d9dbd65955b458d17918138fc65bf8990c46909ef43940b1633458c8f119eb485939179b6a9a3dac0c3b58c1eb0c5aec44e7b25ea7a34969c4a0807d4788  nginx.conf
9bd5145762a5040a6b5494d31f216d1db7c52921142275f26eed67aff746270526caad8e34eae65ec6390975ce603b35f6add05eb857f1670bf28ab5049b97d8  default.conf"