tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom

Merge pull request #10023 from offlinehacker/pkgs/modsecurity/add

modsecurity: add modsecurity, and create nginx plugin

Jaka Hudoklin ea4850ca 8e9fca18

+58 -3
unified split
+11 -3
pkgs/servers/http/nginx/default.nix
··· 1 1 { stdenv, fetchurl, fetchFromGitHub, openssl, zlib, pcre, libxml2, libxslt, expat 2 2 , gd, geoip, luajit 3 + , curl, apr, aprutil, apacheHttpd, yajl, libcap, modsecurity_standalone 3 4 , rtmp ? false 4 5 , fullWebDAV ? false 5 6 , syslog ? false 6 7 , moreheaders ? false 7 8 , echo ? false 8 - , ngx_lua ? false 9 + , modsecurity ? false 10 + , ngx_lua ? modsecurity || false 9 11 , set_misc ? false 10 12 , fluent ? false 11 13 , extraModules ? [] ··· 48 50 sha256 = "01wkqhk8mk8jgmzi7jbzmg5kamffx3lmhj5yfwryvnvs6xqs74wn"; 49 51 }; 50 52 53 + modsecurity-ext = modsecurity_standalone.nginx; 54 + 51 55 echo-ext = fetchFromGitHub { 52 56 owner = "openresty"; 53 57 repo = "echo-nginx-module"; ··· 93 97 buildInputs = 94 98 [ openssl zlib pcre libxml2 libxslt gd geoip 95 99 ] ++ optional fullWebDAV expat 96 - ++ optional ngx_lua luajit; 100 + ++ optional ngx_lua luajit 101 + ++ optionals modsecurity [ curl apr aprutil apacheHttpd yajl ]; 97 102 98 103 LUAJIT_LIB = if ngx_lua then "${luajit}/lib" else ""; 99 104 LUAJIT_INC = if ngx_lua then "${luajit}/include/luajit-2.0" else ""; ··· 132 137 ++ optional echo "--add-module=${echo-ext}" 133 138 ++ optional ngx_lua "--add-module=${develkit-ext} --add-module=${lua-ext}" 134 139 ++ optional set_misc "--add-module=${set-misc-ext}" 135 - ++ optionals (elem stdenv.system (with platforms; linux ++ freebsd)) 140 + ++ optionals (elem stdenv.system (with platforms; linux ++ freebsd)) 136 141 [ "--with-file-aio" "--with-aio_module" ] 137 142 ++ optional fluent "--add-module=${fluentd}" 143 + ++ optional modsecurity "--add-module=${modsecurity-ext}/nginx/modsecurity" 138 144 ++ (map (m: "--add-module=${m}") extraModules); 139 145 140 146 141 147 additionalFlags = optionalString stdenv.isDarwin "-Wno-error=deprecated-declarations -Wno-error=conditional-uninitialized"; 148 + 149 + NIX_CFLAGS_COMPILE = optionalString modsecurity "-I${aprutil}/include/apr-1 -I${apacheHttpd}/include -I${apr}/include/apr-1 -I${yajl}/include"; 142 150 143 151 preConfigure = '' 144 152 export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${libxml2}/include/libxml2 $additionalFlags"
+45
pkgs/tools/security/modsecurity/default.nix
··· 1 + { stdenv, lib, fetchurl 2 + , curl, apacheHttpd, pcre, apr, aprutil, libxml2 }: 3 + 4 + with lib; 5 + 6 + stdenv.mkDerivation rec { 7 + name = "modsecurity-${version}"; 8 + version = "2.9.0"; 9 + 10 + src = fetchurl { 11 + url = "https://www.modsecurity.org/tarball/${version}/${name}.tar.gz"; 12 + sha256 = "e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434"; 13 + }; 14 + 15 + buildInputs = [ curl apacheHttpd pcre apr aprutil libxml2 ]; 16 + configureFlags = [ 17 + "--enable-standalone-module" 18 + "--enable-static" 19 + "--with-curl=${curl}" 20 + "--with-apxs=${apacheHttpd}/bin/apxs" 21 + "--with-pcre=${pcre}" 22 + "--with-apr=${apr}" 23 + "--with-apu=${aprutil}/bin/apu-1-config" 24 + "--with-libxml=${libxml2}" 25 + ]; 26 + 27 + outputs = ["out" "nginx"]; 28 + 29 + preBuild = '' 30 + substituteInPlace apache2/Makefile.in --replace "install -D " "# install -D" 31 + ''; 32 + 33 + postInstall = '' 34 + mkdir -p $nginx 35 + cp -R * $nginx 36 + ''; 37 + 38 + meta = { 39 + description = "Open source, cross-platform web application firewall (WAF)"; 40 + license = licenses.asl20; 41 + homepage = https://www.modsecurity.org/; 42 + maintainers = with maintainers; [offline]; 43 + platforms = with platforms; linux; 44 + }; 45 + }
+2
pkgs/top-level/all-packages.nix
··· 2227 2227 2228 2228 modemmanager = callPackage ../tools/networking/modemmanager {}; 2229 2229 2230 + modsecurity_standalone = callPackage ../tools/security/modsecurity { }; 2231 + 2230 2232 monit = callPackage ../tools/system/monit { }; 2231 2233 2232 2234 moreutils = callPackage ../tools/misc/moreutils {