Changes - j0ke.net Open Build Service

Changes of Revision 12

[-] [+]	Added	nginx.changes
@@ -0,0 +1,75 @@ +------------------------------------------------------------------- +Wed Aug 14 12:08:47 UTC 2019 - Local OBS User <cs@linux-administrator.com> + +- security update 1.16.1 + +------------------------------------------------------------------- +Tue Mar 12 06:58:53 UTC 2019 - Local OBS User <cs@linux-administrator.com> + +- update to nginx 1.14.2 +- update openssl to 1.1.1b + +------------------------------------------------------------------- +Tue Jun 5 13:27:07 UTC 2018 - cs@linux-administrator.com + +- update to nginx 1.14.0 + +------------------------------------------------------------------- +Tue Jun 5 13:00:11 UTC 2018 - cs@linux-administrator.com + +- update to nginx 1.13.12 +- update openssl to 1.1.0h + +------------------------------------------------------------------- +Mon Mar 5 06:35:03 UTC 2018 - cs@linux-administrator.com + +- downgrade to 1.13.8 because of startup segfault + +------------------------------------------------------------------- +Wed Feb 28 06:49:49 UTC 2018 - cs@linux-administrator.com + +- update to nginx 1.13.9 + +------------------------------------------------------------------- +Wed Jan 17 08:34:43 UTC 2018 - cs@linux-administrator.com + +- update to nginx 1.13.8 + +------------------------------------------------------------------- +Tue Dec 12 11:37:50 UTC 2017 - cs@linux-administrator.com + +- update to nginx 1.13.7 + +------------------------------------------------------------------- +Wed Apr 5 10:58:26 UTC 2017 - cs@linux-administrator.com + +- update to nginx 1.11.13 + +------------------------------------------------------------------- +Wed Dec 28 20:00:08 UTC 2016 - cs@linux-administrator.com + +- update to nginx 1.11.8 + +------------------------------------------------------------------- +Wed Dec 14 11:07:19 UTC 2016 - cs@linux-administrator.com + +- update to nginx 1.11.7 + +------------------------------------------------------------------- +Mon Nov 28 07:21:41 UTC 2016 - cs@linux-administrator.com + +- update to nginx 1.11.6 +- update nginx rtmp module to 1.1.10 + +------------------------------------------------------------------- +Wed Oct 12 21:29:31 UTC 2016 - cs@linux-administrator.com + +- update to nginx 1.11.5 + +------------------------------------------------------------------- +Wed Sep 28 18:04:31 UTC 2016 - cs@linux-administrator.com + +- update to nginx 1.11.4 +- update openssl to 1.0.2j +- update nginx rtmp module to 1.1.9 +
[-] [+]	Added	nginx.spec ^
@@ -0,0 +1,328 @@ +%define nginx_user nginx +%define nginx_group %{nginx_user} +%define nginx_home %{_localstatedir}/lib/nginx +%define nginx_home_tmp %{nginx_home}/tmp +%define nginx_logdir %{_localstatedir}/log/nginx +%define nginx_confdir %{_sysconfdir}/nginx +%define nginx_datadir %{_datadir}/nginx +%define nginx_webroot %{nginx_datadir}/html + +%define rtmp_ext nginx-rtmp-module +%define rtmp_ext_version 1.1.15 +%define rtmp %{rtmp_ext}-%{rtmp_ext_version} +%define rtmp_nover %{rtmp_ext} +%define with_rtmp_ext 0 + +%define nps_version latest-testing +%define psol_version 1.12.34.2-x64 +%define slowfs_version 1.5 +#%define waf_version 2.8.0 +%define openssl_version 1.1.1b +%define ngxpurge_version 2.3 +%define ajpmodule_version 0.3 +%define with_ldap_auth 0 +%define with_ajp_module 1 +%define with_pagespeed 0 + +Name: nginx +Version: 1.16.1 +Release: 1 +Summary: Robust, small and high performance http and reverse proxy server +Group: System Environment/Daemons + +License: BSD +URL: http://nginx.net/ +BuildRoot: %{_tmppath}/%{name}-%{version}-root + + +Provides: webserver + + +BuildRequires: pcre-devel +BuildRequires: zlib-devel +BuildRequires: openssl-devel +BuildRequires: perl(ExtUtils::Embed) +BuildRequires: libxml2-devel +BuildRequires: libxslt-devel +BuildRequires: gd-devel +BuildRequires: GeoIP-devel +BuildRequires: libatomic_ops-devel +%if 0%{?with_ldap_auth} == 1 +BuildRequires: openldap-devel +%endif + +Requires: pcre +Requires: zlib +Requires: openssl +Requires: libxml2 +Requires: libxslt +Requires: gd +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +Requires: GeoIP + +Requires(pre): shadow-utils +Requires(post): chkconfig +Requires(preun): chkconfig, initscripts +Requires(postun): initscripts + +Source0: http://sysoev.ru/nginx/nginx-%{version}.tar.gz +Source1: %{name}.init +Source2: %{name}.logrotate +Source3: virtual.conf +Source4: ssl.conf +Source5: nginx-upstream-fair.tgz +Source6: upstream-fair.conf +Source7: %{name}.sysconfig +Source8: ngx_slowfs_cache-%{slowfs_version}.tar.gz +Source9: Nginx-limit-traffic-rate-module.tar.gz +Source10: %{rtmp}.tar.gz +Source11: nginx_upstream_check_module-master.tar.gz +Source12: openssl-%{openssl_version}.tar.gz +Source13: nginx-munin.tar.gz +%if 0%{?with_pagespeed} == 1 +Source14: ngx_pagespeed-%{nps_version}.zip +Source15: %{psol_version}.tar.gz +%endif +Source16: ngx_cache_purge-%{ngxpurge_version}.tar.gz +Source17: naxsi-git.tar.gz +Source18: changelog +Source19: nginx-auth-ldap.tar.gz +Source20: nginx-ajp-module-%{ajpmodule_version}.tar.gz +Source100: index.html +Source101: poweredby.png +Source102: nginx-logo.png +Source103: 50x.html +Source104: 404.html +Source105: ssl-ciphersample +%if 0%{?with_pagespeed} == 1 +Source106: pagespeed.conf +%endif +Source108: blockips.conf + +Patch0: nginx-auto-cc-gcc.patch +Patch1: nginx-conf-0.7.x.patch +#Patch2: check_1.7.5+.patch +Patch3: openssl-rc4tilt.patch +#Patch4: openssl__chacha20_poly1305_draft_and_rfc_ossl102g.patch + +%description +Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 +proxy server written by Igor Sysoev. + +Several 3rd Party Extensions added + +%prep +%setup -q + +%patch0 -p0 +%patch1 -p0 +#%patch2 -p1 +%{__tar} zxvf %{SOURCE5} +%{__tar} zxvf %{SOURCE9} +%{__tar} zxvf %{SOURCE10} +#%{__tar} zxvf %{SOURCE11} +%{__tar} zxvf %{SOURCE12} +%{__tar} zxvf %{SOURCE13} +%{__tar} zxvf %{SOURCE16} +%{__tar} zxvf %{SOURCE17} +%{__tar} zxvf %{SOURCE19} +%{__tar} zxvf %{SOURCE20} + +cd openssl-%{openssl_version} +#%patch4 -p1 +./config + +%if 0%{?rhel_version} == 700 \|\| 0%{?centos_version} == 700 +%if 0%{?with_pagespeed} == 1 +cd %{_builddir}/nginx-%{version}/ +%{__unzip} -o %{SOURCE14} +if [ $? -ne 0 ]; then + exit $? +fi + +%{__tar} xzf %{SOURCE15} +if [ $? -ne 0 ]; then + exit $? +fi +%endif +chmod -Rf a+rX,u+w,g-w,o-w . + +%endif + + +%build +export DESTDIR=%{buildroot} +./configure \ + --user=%{nginx_user} \ + --group=%{nginx_group} \ + --prefix=%{nginx_datadir} \ + --sbin-path=%{_sbindir}/%{name} \ + --conf-path=%{nginx_confdir}/%{name}.conf \ + --error-log-path=%{nginx_logdir}/error.log \ + --http-log-path=%{nginx_logdir}/access.log \ + --http-client-body-temp-path=%{nginx_home_tmp}/client_body \ + --http-proxy-temp-path=%{nginx_home_tmp}/proxy \ + --http-fastcgi-temp-path=%{nginx_home_tmp}/fastcgi \ + --pid-path=%{_localstatedir}/run/%{name}.pid \ + --lock-path=%{_localstatedir}/lock/subsys/%{name} \ + --with-poll_module \ + --with-http_ssl_module \ + --with-http_v2_module \ + --with-http_realip_module \ + --with-http_addition_module \ + --with-http_sub_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_mp4_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_auth_request_module \ + --with-http_random_index_module \ + --with-http_secure_link_module \ + --with-http_degradation_module \ + --with-http_stub_status_module \ + --with-http_xslt_module \ + --with-http_image_filter_module \ + --with-http_geoip_module \ + --with-http_perl_module \ + --with-stream \ + --with-stream_ssl_module \ + --with-stream_realip_module \ + --with-stream_geoip_module \ + --with-stream_ssl_preread_module \ + --with-threads \ + --with-libatomic \ + --with-pcre-jit \ + --with-pcre \ + --with-ipv6 \ + --with-http_slice_module \ + --with-stream_ssl_preread_module \
[-] [+]	Added	2bc1dac6fb3ed263529decb211ec784824132bf4.patch ^
@@ -0,0 +1,38 @@ +From 2bc1dac6fb3ed263529decb211ec784824132bf4 Mon Sep 17 00:00:00 2001 +From: Chris Lea <chris.lea@gmail.com> +Date: Tue, 15 Nov 2016 22:26:35 -0800 +Subject: [PATCH] default_port was removed in 1.11.6. + +--- + ngx_http_upstream_fair_module.c \| 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/ngx_http_upstream_fair_module.c b/ngx_http_upstream_fair_module.c +index a4419ca..66144e9 100644 +--- a/ngx_http_upstream_fair_module.c ++++ b/ngx_http_upstream_fair_module.c +@@ -540,7 +540,11 @@ ngx_http_upstream_init_fair_rr(ngx_conf_t cf, ngx_http_upstream_srv_conf_t us) + + /* an upstream implicitly defined by proxy_pass, etc. / + ++#if nginx_version < 1011006 + if (us->port == 0 && us->default_port == 0) { ++#else ++ if (us->port == 0) { ++#endif + ngx_log_error(NGX_LOG_EMERG, cf->log, 0, + "no port in upstream \"%V\" in %s:%ui", + &us->host, us->file_name, us->line); +@@ -550,8 +554,11 @@ ngx_http_upstream_init_fair_rr(ngx_conf_t cf, ngx_http_upstream_srv_conf_t *us) + ngx_memzero(&u, sizeof(ngx_url_t)); + + u.host = us->host; ++#if nginx_version < 1011006 + u.port = (in_port_t) (us->port ? us->port : us->default_port); +- ++#else ++ u.port = (in_port_t) us->port; ++#endif + if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) { + if (u.err) { + ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
[-] [+]	Added	check_1.7.5+.patch ^
@@ -0,0 +1,195 @@ +diff --git a/src/http/modules/ngx_http_upstream_ip_hash_module.c b/src/http/modules/ngx_http_upstream_ip_hash_module.c +index 148d73a..913e395 100644 +--- a/src/http/modules/ngx_http_upstream_ip_hash_module.c ++++ b/src/http/modules/ngx_http_upstream_ip_hash_module.c +@@ -9,6 +9,9 @@ + #include <ngx_core.h> + #include <ngx_http.h> + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++#include "ngx_http_upstream_check_module.h" ++#endif + + typedef struct { + /* the round robin data must be first / +@@ -212,6 +215,15 @@ ngx_http_upstream_get_ip_hash_peer(ngx_peer_connection_t pc, void data) + goto next_try; + } + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, ++ "get ip_hash peer, check_index: %ui", ++ peer->check_index); ++ if (ngx_http_upstream_check_peer_down(peer->check_index)) { ++ goto next_try; ++ } ++#endif ++ + if (peer->max_fails + && peer->fails >= peer->max_fails + && now - peer->checked <= peer->fail_timeout) +diff --git a/src/http/modules/ngx_http_upstream_least_conn_module.c b/src/http/modules/ngx_http_upstream_least_conn_module.c +index 623bc9b..a223839 100644 +--- a/src/http/modules/ngx_http_upstream_least_conn_module.c ++++ b/src/http/modules/ngx_http_upstream_least_conn_module.c +@@ -9,6 +9,9 @@ + #include <ngx_core.h> + #include <ngx_http.h> + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++#include "ngx_http_upstream_check_module.h" ++#endif + + typedef struct { + ngx_uint_t conns; +@@ -203,6 +206,16 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t pc, void data) + continue; + } + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, ++ "get least_conn peer, check_index: %ui", ++ peer->check_index); ++ ++ if (ngx_http_upstream_check_peer_down(peer->check_index)) { ++ continue; ++ } ++#endif ++ + if (peer->max_fails + && peer->fails >= peer->max_fails + && now - peer->checked <= peer->fail_timeout) +@@ -256,6 +269,16 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t pc, void data) + continue; + } + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, ++ "get least_conn peer, check_index: %ui", ++ peer->check_index); ++ ++ if (ngx_http_upstream_check_peer_down(peer->check_index)) { ++ continue; ++ } ++#endif ++ + if (lcp->conns[i] * best->weight != lcp->conns[p] * peer->weight) { + continue; + } +diff --git a/src/http/ngx_http_upstream_round_robin.c b/src/http/ngx_http_upstream_round_robin.c +index 2d0649b..b9789eb 100644 +--- a/src/http/ngx_http_upstream_round_robin.c ++++ b/src/http/ngx_http_upstream_round_robin.c +@@ -9,6 +9,9 @@ + #include <ngx_core.h> + #include <ngx_http.h> + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++#include "ngx_http_upstream_check_module.h" ++#endif + + #define ngx_http_upstream_tries(p) ((p)->number \ + + ((p)->next ? (p)->next->number : 0)) +@@ -92,6 +95,14 @@ ngx_http_upstream_init_round_robin(ngx_conf_t cf, + peer[n].fail_timeout = server[i].fail_timeout; + peer[n].down = server[i].down; + peer[n].server = server[i].name; ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ if (!server[i].down) { ++ peers->peer[n].check_index = ++ ngx_http_upstream_check_add_peer(cf, us, &server[i].addrs[j]); ++ } else { ++ peers->peer[n].check_index = (ngx_uint_t) NGX_ERROR; ++ } ++#endif + n++; + } + } +@@ -148,6 +159,15 @@ ngx_http_upstream_init_round_robin(ngx_conf_t cf, + peer[n].fail_timeout = server[i].fail_timeout; + peer[n].down = server[i].down; + peer[n].server = server[i].name; ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ if (!server[i].down) { ++ backup->peer[n].check_index = ++ ngx_http_upstream_check_add_peer(cf, us, &server[i].addrs[j]); ++ } ++ else { ++ backup->peer[n].check_index = (ngx_uint_t) NGX_ERROR; ++ } ++#endif + n++; + } + } +@@ -207,6 +227,9 @@ ngx_http_upstream_init_round_robin(ngx_conf_t cf, + peer[i].current_weight = 0; + peer[i].max_fails = 1; + peer[i].fail_timeout = 10; ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ peers->peer[i].check_index = (ngx_uint_t) NGX_ERROR; ++#endif + } + + us->peer.data = peers; +@@ -316,7 +339,9 @@ ngx_http_upstream_create_round_robin_peer(ngx_http_request_t r, + peer[0].current_weight = 0; + peer[0].max_fails = 1; + peer[0].fail_timeout = 10; +- ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ peers->peer[0].check_index = (ngx_uint_t) NGX_ERROR; ++#endif + } else { + + for (i = 0; i < ur->naddrs; i++) { +@@ -356,6 +381,9 @@ ngx_http_upstream_create_round_robin_peer(ngx_http_request_t r, + peer[i].current_weight = 0; + peer[i].max_fails = 1; + peer[i].fail_timeout = 10; ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ peers->peer[i].check_index = (ngx_uint_t) NGX_ERROR; ++#endif + } + } + +@@ -415,6 +443,12 @@ ngx_http_upstream_get_round_robin_peer(ngx_peer_connection_t pc, void data) + goto failed; + } + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ if (ngx_http_upstream_check_peer_down(peer->check_index)) { ++ goto failed; ++ } ++#endif ++ + } else { + + / there are several peers / +@@ -507,6 +541,12 @@ ngx_http_upstream_get_peer(ngx_http_upstream_rr_peer_data_t rrp) + continue; + } + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ if (ngx_http_upstream_check_peer_down(peer->check_index)) { ++ continue; ++ } ++#endif ++ + if (peer->max_fails + && peer->fails >= peer->max_fails + && now - peer->checked <= peer->fail_timeout) +diff --git a/src/http/ngx_http_upstream_round_robin.h b/src/http/ngx_http_upstream_round_robin.h +index 9db82a6..6e19a65 100644 +--- a/src/http/ngx_http_upstream_round_robin.h ++++ b/src/http/ngx_http_upstream_round_robin.h +@@ -31,6 +31,10 @@ typedef struct { + ngx_uint_t max_fails; + time_t fail_timeout; + ++#if (NGX_HTTP_UPSTREAM_CHECK) ++ ngx_uint_t check_index; ++#endif ++ + ngx_uint_t down; /* unsigned down:1; */ + + #if (NGX_HTTP_SSL)
[-] [+]	Added	nginx-0.4.0-no_Werror.patch ^
@@ -0,0 +1,13 @@ +Index: auto/cc/gcc +=================================================================== +--- auto/cc/gcc.orig ++++ auto/cc/gcc +@@ -171,7 +171,7 @@ + + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++CFLAGS="$CFLAGS" + + # debug + CFLAGS="$CFLAGS -g"
[-] [+]	Added	nginx-0.4.0-perl_vendor_install.patch ^
@@ -0,0 +1,13 @@ +Index: auto/install +=================================================================== +--- auto/install.orig ++++ auto/install +@@ -7,7 +7,7 @@ + cat << END >> $NGX_MAKEFILE + + install_perl_modules: +- cd $NGX_OBJS/src/http/modules/perl && make install ++ cd $NGX_OBJS/src/http/modules/perl && make install_vendor + END + + NGX_INSTALL_PERL_MODULES=install_perl_modules
[-] [+]	Added	nginx-0.6.31-DESTDIR.patch ^
@@ -0,0 +1,75 @@ +Index: auto/install +=================================================================== +--- auto/install.orig 2007-07-30 12:51:55.000000000 +0200 ++++ auto/install 2008-05-29 18:00:45.383221398 +0200 +@@ -19,45 +19,45 @@ cat << END + + install: $NGX_OBJS${ngx_dirsep}nginx${ngx_binext} \ + $NGX_INSTALL_PERL_MODULES +- test -d '$NGX_PREFIX' \|\| mkdir -p '$NGX_PREFIX' ++ test -d '\$(DESTDIR)$NGX_PREFIX' \|\| mkdir -p '\$(DESTDIR)$NGX_PREFIX' + +- test -d '`dirname "$NGX_SBIN_PATH"`' \ +- \|\| mkdir -p '`dirname "$NGX_SBIN_PATH"`' +- test ! -f '$NGX_SBIN_PATH' \|\| mv '$NGX_SBIN_PATH' '$NGX_SBIN_PATH.old' +- cp $NGX_OBJS/nginx '$NGX_SBIN_PATH' ++ test -d '\$(DESTDIR)`dirname "$NGX_SBIN_PATH"`' \ ++ \|\| mkdir -p '\$(DESTDIR)`dirname "$NGX_SBIN_PATH"`' ++ test ! -f '\$(DESTDIR)$NGX_SBIN_PATH' \|\| mv '\$(DESTDIR)$NGX_SBIN_PATH' '\$(DESTDIR)$NGX_SBIN_PATH.old' ++ cp $NGX_OBJS/nginx '\$(DESTDIR)$NGX_SBIN_PATH' + +- test -d '$NGX_CONF_PREFIX' \|\| mkdir -p '$NGX_CONF_PREFIX' ++ test -d '\$(DESTDIR)$NGX_CONF_PREFIX' \|\| mkdir -p '\$(DESTDIR)$NGX_CONF_PREFIX' + +- cp conf/koi-win '$NGX_CONF_PREFIX' +- cp conf/koi-utf '$NGX_CONF_PREFIX' +- cp conf/win-utf '$NGX_CONF_PREFIX' ++ cp conf/koi-win '\$(DESTDIR)$NGX_CONF_PREFIX' ++ cp conf/koi-utf '\$(DESTDIR)$NGX_CONF_PREFIX' ++ cp conf/win-utf '\$(DESTDIR)$NGX_CONF_PREFIX' + +- test -f '$NGX_CONF_PREFIX/mime.types' \ +- \|\| cp conf/mime.types '$NGX_CONF_PREFIX' +- cp conf/mime.types '$NGX_CONF_PREFIX/mime.types.default' ++ test -f '\$(DESTDIR)$NGX_CONF_PREFIX/mime.types' \ ++ \|\| cp conf/mime.types '\$(DESTDIR)$NGX_CONF_PREFIX' ++ cp conf/mime.types '\$(DESTDIR)$NGX_CONF_PREFIX/mime.types.default' + +- test -f '$NGX_CONF_PREFIX/fastcgi_params' \ +- \|\| cp conf/fastcgi_params '$NGX_CONF_PREFIX' +- cp conf/fastcgi_params '$NGX_CONF_PREFIX/fastcgi_params.default' ++ test -f '\$(DESTDIR)$NGX_CONF_PREFIX/fastcgi_params' \ ++ \|\| cp conf/fastcgi_params '\$(DESTDIR)$NGX_CONF_PREFIX' ++ cp conf/fastcgi_params '\$(DESTDIR)$NGX_CONF_PREFIX/fastcgi_params.default' + +- test -f '$NGX_CONF_PATH' \|\| cp conf/nginx.conf '$NGX_CONF_PREFIX' +- cp conf/nginx.conf '$NGX_CONF_PREFIX/nginx.conf.default' ++ test -f '\$(DESTDIR)$NGX_CONF_PATH' \|\| cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PREFIX' ++ cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PREFIX/nginx.conf.default' + +- test -d '`dirname "$NGX_PID_PATH"`' \ +- \|\| mkdir -p '`dirname "$NGX_PID_PATH"`' ++ test -d '\$(DESTDIR)`dirname "$NGX_PID_PATH"`' \ ++ \|\| mkdir -p '\$(DESTDIR)`dirname "$NGX_PID_PATH"`' + +- test -d '`dirname "$NGX_HTTP_LOG_PATH"`' \|\| \ +- mkdir -p '`dirname "$NGX_HTTP_LOG_PATH"`' ++ test -d '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' \|\| \ ++ mkdir -p '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' + +- test -d '$NGX_PREFIX/html' \|\| cp -r html '$NGX_PREFIX' ++ test -d '\$(DESTDIR)$NGX_PREFIX/html' \|\| cp -r html '\$(DESTDIR)$NGX_PREFIX' + END + + +-if test -n "$NGX_ERROR_LOG_PATH"; then ++if test -n "\$(DESTDIR)$NGX_ERROR_LOG_PATH"; then + cat << END >> $NGX_MAKEFILE + +- test -d '`dirname "$NGX_ERROR_LOG_PATH"`' \|\| \ +- mkdir -p '`dirname "$NGX_ERROR_LOG_PATH"`' ++ test -d '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`' \|\| \ ++ mkdir -p '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`' + END + + fi
[-] [+]	Added	nginx-0.6.31_default_config.patch ^
@@ -0,0 +1,71 @@ +Index: conf/nginx.conf +=================================================================== +--- conf/nginx.conf.orig 2009-04-06 15:43:46.000000000 +0200 ++++ conf/nginx.conf 2009-05-08 20:19:55.436773498 +0200 +@@ -1,12 +1,12 @@ + +-#user nobody; ++user nginx; + worker_processes 1; + +-#error_log logs/error.log; +-#error_log logs/error.log notice; +-#error_log logs/error.log info; ++#error_log /var/log/nginx/error.log; ++#error_log /var/log/nginx/error.log notice; ++#error_log /var/log/nginx/error.log info; + +-#pid logs/nginx.pid; ++#pid /var/run/nginx.pid; + + + events { +@@ -22,7 +22,7 @@ http { + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; + +- #access_log logs/access.log main; ++ #access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; +@@ -38,10 +38,10 @@ http { + + #charset koi8-r; + +- #access_log logs/host.access.log main; ++ #access_log /var/log/nginx/host.access.log main; + + location / { +- root html; ++ root /srv/www/htdocs/; + index index.html index.htm; + } + +@@ -51,7 +51,7 @@ http { + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { +- root html; ++ root /srv/www/htdocs/; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 +@@ -87,7 +87,7 @@ http { + # server_name somename alias another.alias; + + # location / { +- # root html; ++ # root /srv/www/htdocs/; + # index index.html index.htm; + # } + #} +@@ -110,7 +110,7 @@ http { + # ssl_prefer_server_ciphers on; + + # location / { +- # root html; ++ # root /srv/www/htdocs/; + # index index.html index.htm; + # } + #}
[-] [+]	Added	nginx-0.6.38-html.patch ^
@@ -0,0 +1,14 @@ +Index: auto/install +=================================================================== +--- auto/install.orig ++++ auto/install +@@ -54,8 +54,7 @@ + test -d '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' \|\| \ + mkdir -p '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' + +- test -d '\$(DESTDIR)$NGX_PREFIX/html' \ +- \|\| cp -r html '\$(DESTDIR)$NGX_PREFIX' ++ test -d '\$(DESTDIR)/srv/www/htdocs' \|\| install -d '\$(DESTDIR)/srv/www/' && cp -r html '\$(DESTDIR)/srv/www/htdocs' + END + +
[-] [+]	Added	nginx-auto-cc-gcc.patch ^
@@ -0,0 +1,13 @@ +--- auto/cc/gcc.orig 2007-03-22 08:34:53.000000000 -0600 ++++ auto/cc/gcc 2007-03-22 08:58:47.000000000 -0600 +@@ -172,7 +172,9 @@ + + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++# This combined with Fedora's FORTIFY_SOURCE=2 option causes it nginx ++# to not compile. ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g"
[-] [+]	Added	nginx-conf-0.7.x.patch ^
@@ -0,0 +1,113 @@ +Index: conf/nginx.conf +=================================================================== +--- conf/nginx.conf.orig 2009-04-06 15:43:46.000000000 +0200 ++++ conf/nginx.conf 2009-06-25 12:38:03.000000000 +0200 +@@ -1,28 +1,57 @@ ++####################################################################### ++# ++# This is the main Nginx configuration file. ++# ++# More information about the configuration options is available on ++# * the English wiki - http://wiki.codemongers.com/Main ++# * the Russian documentation - http://sysoev.ru/nginx/ ++# ++####################################################################### ++ ++#---------------------------------------------------------------------- ++# Main Module - directives that cover basic functionality ++# ++# http://wiki.codemongers.com/NginxMainModule ++# ++#---------------------------------------------------------------------- + +-#user nobody; ++user nginx; + worker_processes 1; + +-#error_log logs/error.log; +-#error_log logs/error.log notice; +-#error_log logs/error.log info; ++error_log /var/log/nginx/error.log; ++#error_log /var/log/nginx/error.log notice; ++#error_log /var/log/nginx/error.log info; ++ ++pid /var/run/nginx.pid; + +-#pid logs/nginx.pid; + ++#---------------------------------------------------------------------- ++# Events Module ++# ++# http://wiki.codemongers.com/NginxEventsModule ++# ++#---------------------------------------------------------------------- + + events { + worker_connections 1024; + } + ++#---------------------------------------------------------------------- ++# HTTP Core Module ++# ++# http://wiki.codemongers.com/NginxHttpCoreModule ++# ++#---------------------------------------------------------------------- + + http { +- include mime.types; ++ include /etc/nginx/mime.types; + default_type application/octet-stream; + +- #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' +- # '$status $body_bytes_sent "$http_referer" ' +- # '"$http_user_agent" "$http_x_forwarded_for"'; ++ log_format main '$remote_addr - $remote_user [$time_local] $request ' ++ '"$status" $body_bytes_sent "$http_referer" ' ++ '"$http_user_agent" "$http_x_forwarded_for"'; + +- #access_log logs/access.log main; ++ access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; +@@ -32,9 +61,18 @@ http { + + #gzip on; + ++ ++ # Load config files from the /etc/nginx/conf.d directory ++ include /etc/nginx/conf.d/*.conf; ++ ++ ++ # ++ # The default server ++ # ++ + server { + listen 80; +- server_name localhost; ++ server_name _; + + #charset koi8-r; + +@@ -42,16 +80,17 @@ http { + + location / { + root html; +- index index.html index.htm; ++ root /usr/share/nginx/html; ++ index index.html index.htm; + } + +- #error_page 404 /404.html; ++ error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { +- root html; ++ root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80
[-] [+]	Added	nginx-conf.patch ^
@@ -0,0 +1,156 @@ +--- conf/nginx.conf.orig 2008-05-11 21:19:44.000000000 -0600 ++++ conf/nginx.conf 2008-05-11 22:20:32.000000000 -0600 +@@ -1,28 +1,59 @@ ++####################################################################### ++# ++# This is the main Nginx configuration file. ++# ++# More information about the configuration options is available on ++# * the English wiki - http://wiki.codemongers.com/Main ++# * the Russian documentation - http://sysoev.ru/nginx/ ++# ++####################################################################### ++ ++#---------------------------------------------------------------------- ++# Main Module - directives that cover basic functionality ++# ++# http://wiki.codemongers.com/NginxMainModule ++# ++#---------------------------------------------------------------------- + +-#user nobody; ++user nginx; + worker_processes 1; + +-#error_log logs/error.log; +-#error_log logs/error.log notice; +-#error_log logs/error.log info; ++error_log /var/log/nginx/error.log; ++#error_log /var/log/nginx/error.log notice; ++#error_log /var/log/nginx/error.log info; + +-#pid logs/nginx.pid; ++pid /var/run/nginx.pid; + + ++ ++#---------------------------------------------------------------------- ++# Events Module ++# ++# http://wiki.codemongers.com/NginxEventsModule ++# ++#---------------------------------------------------------------------- ++ + events { + worker_connections 1024; + } + + ++#---------------------------------------------------------------------- ++# HTTP Core Module ++# ++# http://wiki.codemongers.com/NginxHttpCoreModule ++# ++#---------------------------------------------------------------------- ++ + http { +- include mime.types; ++ include /etc/nginx/mime.types; + default_type application/octet-stream; + +- #log_format main '$remote_addr - $remote_user [$time_local] $request ' +- # '"$status" $body_bytes_sent "$http_referer" ' +- # '"$http_user_agent" "$http_x_forwarded_for"'; ++ log_format main '$remote_addr - $remote_user [$time_local] $request ' ++ '"$status" $body_bytes_sent "$http_referer" ' ++ '"$http_user_agent" "$http_x_forwarded_for"'; + +- #access_log logs/access.log main; ++ access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; +@@ -31,27 +62,36 @@ + keepalive_timeout 65; + + #gzip on; ++ ++ # Load config files from the /etc/nginx/conf.d directory ++ include /etc/nginx/conf.d/*.conf; + ++ # ++ # The default server ++ # + server { +- listen 80; +- server_name localhost; ++ listen 80; ++ server_name _; + + #charset koi8-r; + + #access_log logs/host.access.log main; + + location / { +- root html; ++ root /usr/share/nginx/html; + index index.html index.htm; + } + +- #error_page 404 /404.html; ++ error_page 404 /404.html; ++ location = /404.html { ++ root /usr/share/nginx/html; ++ } + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { +- root html; ++ root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 +@@ -77,42 +117,4 @@ + # deny all; + #} + } +- +- +- # another virtual host using mix of IP-, name-, and port-based configuration +- # +- #server { +- # listen 8000; +- # listen somename:8080; +- # server_name somename alias another.alias; +- +- # location / { +- # root html; +- # index index.html index.htm; +- # } +- #} +- +- +- # HTTPS server +- # +- #server { +- # listen 443; +- # server_name localhost; +- +- # ssl on; +- # ssl_certificate cert.pem; +- # ssl_certificate_key cert.key; +- +- # ssl_session_timeout 5m; +- # ssl_protocols SSLv2 SSLv3 TLSv1; +- # ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; +- # ssl_prefer_server_ciphers on; +- +- # location / { +- # root html; +- # index index.html index.htm; +- # } +- #} +- +- }
[-] [+]	Added	nginx-syslog.patch ^
@@ -0,0 +1,246 @@ +diff -ruN nginx-0.8.4_orig/auto/make nginx-0.8.4_syslog/auto/make +--- nginx-0.8.4_orig/auto/make 2009-05-12 20:15:43.000000000 +0700 ++++ nginx-0.8.4_syslog/auto/make 2009-07-08 16:32:06.000000000 +0700 +@@ -15,6 +15,10 @@ + ngx_objs_dir=$NGX_OBJS$ngx_regex_dirsep + ngx_use_pch=`echo $NGX_USE_PCH \| sed -e "s/\//$ngx_regex_dirsep/g"` + ++#SYSLOG ++if [[ "${USE_SYSLOG}" == "YES" ]]; then ++ CFLAGS="$CFLAGS -DUSE_SYSLOG" ++fi + + cat << END > $NGX_MAKEFILE + +diff -ruN nginx-0.8.4_orig/auto/options nginx-0.8.4_syslog/auto/options +--- nginx-0.8.4_orig/auto/options 2009-05-18 23:50:32.000000000 +0700 ++++ nginx-0.8.4_syslog/auto/options 2009-07-08 17:57:57.000000000 +0700 +@@ -110,6 +110,8 @@ + MD5_OPT= + MD5_ASM=NO + ++USE_SYSLOG=NO ++ + USE_SHA1=NO + SHA1=NONE + SHA1_OPT= +@@ -252,6 +254,8 @@ + --with-md5-opt=) MD5_OPT="$value" ;; + --with-md5-asm) MD5_ASM=YES ;; + ++ --with-syslog) USE_SYSLOG=YES ;; ++ + --with-sha1=) SHA1="$value" ;; + --with-sha1-opt=) SHA1_OPT="$value" ;; + --with-sha1-asm) SHA1_ASM=YES ;; +@@ -381,6 +385,8 @@ + --with-md5-opt=OPTIONS set additional options for md5 building + --with-md5-asm use md5 assembler sources + ++ --with-syslog use syslog instead of files to log messages ++ + --with-sha1=DIR set path to sha1 library sources + --with-sha1-opt=OPTIONS set additional options for sha1 building + --with-sha1-asm use sha1 assembler sources +@@ -395,6 +401,7 @@ + --with-openssl-opt=OPTIONS set additional options for OpenSSL building + + --with-debug enable the debugging logging ++ + + END + +diff -ruN nginx-0.8.4_orig/auto/summary nginx-0.8.4_syslog/auto/summary +--- nginx-0.8.4_orig/auto/summary 2009-05-26 21:28:49.000000000 +0700 ++++ nginx-0.8.4_syslog/auto/summary 2009-07-08 16:35:19.000000000 +0700 +@@ -71,6 +71,11 @@ + ) echo " + using zlib library: $ZLIB" ;; + esac + ++case $USE_SYSLOG in ++ YES) echo " + using syslog" ;; ++ ) echo " + syslog is not used" ;; ++esac ++ + echo + + +diff -ruN nginx-0.8.4_orig/src/core/nginx.c nginx-0.8.4_syslog/src/core/nginx.c +--- nginx-0.8.4_orig/src/core/nginx.c 2009-06-06 19:41:31.000000000 +0700 ++++ nginx-0.8.4_syslog/src/core/nginx.c 2009-07-08 16:39:57.000000000 +0700 +@@ -8,6 +8,9 @@ + #include <ngx_core.h> + #include <nginx.h> + ++#ifdef USE_SYSLOG ++#include <syslog.h> ++#endif + + static ngx_int_t ngx_add_inherited_sockets(ngx_cycle_t cycle); + static ngx_int_t ngx_get_options(int argc, char const argv); +@@ -271,6 +274,11 @@ + ngx_ssl_init(log); + #endif + ++ /* SYSLOG SUPPORT / ++#ifdef USE_SYSLOG ++ openlog("nginx", LOG_ODELAY, LOG_DAEMON); ++#endif ++ + / + * init_cycle->log is required for signal handlers and + * ngx_process_options() +@@ -382,6 +390,10 @@ + ngx_master_process_cycle(cycle); + } + ++#ifdef USE_SYSLOG ++ closelog(); ++#endif ++ + return 0; + } + +diff -ruN nginx-0.8.4_orig/src/core/ngx_conf_file.c nginx-0.8.4_syslog/src/core/ngx_conf_file.c +--- nginx-0.8.4_orig/src/core/ngx_conf_file.c 2009-06-02 21:00:01.000000000 +0700 ++++ nginx-0.8.4_syslog/src/core/ngx_conf_file.c 2009-07-08 19:25:57.000000000 +0700 +@@ -907,6 +907,12 @@ + full.data = NULL; + #endif + ++#ifdef USE_SYSLOG ++ if (name->len) { ++ name->len = 0; ++ } ++#endif ++ + if (name->len) { + full = name; + +diff -ruN nginx-0.8.4_orig/src/core/ngx_log.c nginx-0.8.4_syslog/src/core/ngx_log.c +--- nginx-0.8.4_orig/src/core/ngx_log.c 2009-04-30 20:53:42.000000000 +0700 ++++ nginx-0.8.4_syslog/src/core/ngx_log.c 2009-07-08 19:26:02.000000000 +0700 +@@ -7,6 +7,9 @@ + #include <ngx_config.h> + #include <ngx_core.h> + ++#ifdef USE_SYSLOG ++#include <syslog.h> ++#endif + + static char ngx_error_log(ngx_conf_t cf, ngx_command_t cmd, void conf); + +@@ -90,9 +93,11 @@ + u_char p, last, msg; + u_char errstr[NGX_MAX_ERROR_STR]; + ++#ifndef USE_SYSLOG + if (log->file->fd == NGX_INVALID_FILE) { + return; + } ++#endif + + last = errstr + NGX_MAX_ERROR_STR; + +@@ -139,7 +144,21 @@ + + ngx_linefeed(p); + ++#ifdef USE_SYSLOG ++ /* allocate a string which can hold the error message / ++ char syslogstr; ++ ++ if ((syslogstr = calloc((p - errstr + 1), sizeof(char))) != NULL) { ++ strncpy(syslogstr, errstr, p - errstr); ++ ++ /* write to syslog / ++ syslog(LOG_CRIT, "%s", syslogstr); ++ ++ free(syslogstr); ++ } ++#else + (void) ngx_write_fd(log->file->fd, errstr, p - errstr); ++#endif + + if (!ngx_use_stderr + \|\| level > NGX_LOG_WARN +@@ -428,9 +447,13 @@ + + value = cf->args->elts; + ++#ifdef USE_SYSLOG ++ value[1].data = "stderr"; ++#endif ++ + if (ngx_strcmp(value[1].data, "stderr") == 0) { + name.len = 0; +- name.data = NULL; ++ name.data = ""; + + } else { + name = value[1]; +diff -ruN nginx-0.8.4_orig/src/http/modules/ngx_http_log_module.c nginx-0.8.4_syslog/src/http/modules/ngx_http_log_module.c +--- nginx-0.8.4_orig/src/http/modules/ngx_http_log_module.c 2009-06-02 23:09:44.000000000 +0700 ++++ nginx-0.8.4_syslog/src/http/modules/ngx_http_log_module.c 2009-07-08 19:56:29.000000000 +0700 +@@ -8,6 +8,9 @@ + #include <ngx_core.h> + #include <ngx_http.h> + ++#ifdef USE_SYSLOG ++#include <syslog.h> ++#endif + + typedef struct ngx_http_log_op_s ngx_http_log_op_t; + +@@ -310,6 +313,19 @@ + ngx_http_log_write(ngx_http_request_t r, ngx_http_log_t log, u_char buf, + size_t len) + { ++#ifdef USE_SYSLOG
[-] [+]	Added	nginx-unix-sockets.diff ^
@@ -0,0 +1,69 @@ +diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c +index 4c18036..59998be 100644 +--- a/src/core/ngx_inet.c ++++ b/src/core/ngx_inet.c +@@ -68,7 +68,9 @@ ngx_sock_ntop(struct sockaddr sa, u_char text, size_t len, ngx_uint_t port) + size_t n; + struct sockaddr_in6 sin6; + #endif +- ++ struct sockaddr_un sun; ++ size_t path_len; ++ + switch (sa->sa_family) { + + case AF_INET: +@@ -108,6 +110,17 @@ ngx_sock_ntop(struct sockaddr sa, u_char text, size_t len, ngx_uint_t port) + return n; + #endif + ++ case AF_UNIX: ++ ++ sun = (struct sockaddr_un ) sa; ++ path_len = strlen(sun->sun_path); ++ if (path_len == 0) { ++ return ngx_snprintf(text, len, "(unknown)") - text; ++ } else { ++ ngx_copy(text, (const u_char ) sun->sun_path, path_len); ++ return path_len; ++ } ++ + default: + return 0; + } +diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c +index 4930b50..5e3493e 100644 +--- a/src/http/ngx_http_request.c ++++ b/src/http/ngx_http_request.c +@@ -2426,7 +2426,11 @@ ngx_http_set_keepalive(ngx_http_request_t r) + + if (tcp_nodelay + && clcf->tcp_nodelay +- && c->tcp_nodelay == NGX_TCP_NODELAY_UNSET) ++ && c->tcp_nodelay == NGX_TCP_NODELAY_UNSET ++ #if (NGX_HAVE_UNIX_DOMAIN) ++ && c->sockaddr->sa_family != AF_UNIX ++ #endif ++ ) + { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "tcp_nodelay"); + +diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c +index 8c7f9a4..7ab60ab 100644 +--- a/src/http/ngx_http_upstream.c ++++ b/src/http/ngx_http_upstream.c +@@ -1957,7 +1957,13 @@ ngx_http_upstream_send_response(ngx_http_request_t r, ngx_http_upstream_t *u) + return; + } + +- if (clcf->tcp_nodelay && c->tcp_nodelay == NGX_TCP_NODELAY_UNSET) { ++ if (clcf->tcp_nodelay ++ && c->tcp_nodelay == NGX_TCP_NODELAY_UNSET ++ #if (NGX_HAVE_UNIX_DOMAIN) ++ && c->sockaddr->sa_family != AF_UNIX ++ #endif ++ ) ++ { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "tcp_nodelay"); + + tcp_nodelay = 1;
[-] [+]	Added	openssl-rc4tilt.patch ^
@@ -0,0 +1,17 @@ +Nur in openssl-1.0.1j-norc4: openssl__disable_rc4.patch. +diff -ru openssl-1.0.1j/ssl/s3_lib.c openssl-1.0.1j-norc4/ssl/s3_lib.c +--- openssl-1.0.1j/ssl/s3_lib.c 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j-norc4/ssl/s3_lib.c 2014-10-23 18:57:16.468131600 +0200 +@@ -3844,6 +3844,11 @@ + (TLS1_get_version(s) < TLS1_2_VERSION)) + continue; + ++ /* Disable RC4 for TLS v1.1+ */ ++ if ((c->algorithm_enc == SSL_RC4) && ++ (TLS1_get_version(s) >= TLS1_1_VERSION)) ++ continue; ++ + ssl_set_cert_masks(cert,c); + mask_k = cert->mask_k; + mask_a = cert->mask_a; +Nur in openssl-1.0.1j-norc4/ssl: s3_lib.c.orig.
[-] [+]	Added	openssl__chacha20_poly1305_draft_and_rfc_ossl102g.patch ^
@@ -0,0 +1,5227 @@ +From d21c75c622eb13a80080ed15fa30474f806a0a0f Mon Sep 17 00:00:00 2001 +From: Vlad Krasnov <vlad@cloudflare.com> +Date: Fri, 12 Feb 2016 18:25:11 -0800 +Subject: [PATCH] Implementation of draft and RFC versions of CHACHA20-POLY1305 + ciphers + +--- + Configure \| 48 +- + Makefile.org \| 4 +- + apps/speed.c \| 30 +- + crypto/chacha20poly1305/Makefile \| 97 +++ + crypto/chacha20poly1305/asm/chacha20_avx.pl \| 408 +++++++++++ + crypto/chacha20poly1305/asm/chacha20_avx2.pl \| 443 ++++++++++++ + crypto/chacha20poly1305/asm/poly1305_avx.pl \| 732 ++++++++++++++++++++ + crypto/chacha20poly1305/asm/poly1305_avx2.pl \| 984 +++++++++++++++++++++++++++ + crypto/chacha20poly1305/asm/poly1305_x64.pl \| 281 ++++++++ + crypto/chacha20poly1305/chacha20.c \| 162 +++++ + crypto/chacha20poly1305/chacha20poly1305.h \| 79 +++ + crypto/chacha20poly1305/chapolytest.c \| 470 +++++++++++++ + crypto/chacha20poly1305/poly1305.c \| 287 ++++++++ + crypto/cryptlib.c \| 10 - + crypto/evp/Makefile \| 7 +- + crypto/evp/e_chacha20poly1305.c \| 435 ++++++++++++ + crypto/evp/evp.h \| 4 + + ssl/s3_lib.c \| 119 ++++ + ssl/ssl.h \| 2 + + ssl/ssl_ciph.c \| 60 +- + ssl/ssl_locl.h \| 2 + + ssl/tls1.h \| 28 + + test/Makefile \| 17 +- + 23 files changed, 4655 insertions(+), 54 deletions(-) + create mode 100644 crypto/chacha20poly1305/Makefile + create mode 100644 crypto/chacha20poly1305/asm/chacha20_avx.pl + create mode 100644 crypto/chacha20poly1305/asm/chacha20_avx2.pl + create mode 100644 crypto/chacha20poly1305/asm/poly1305_avx.pl + create mode 100644 crypto/chacha20poly1305/asm/poly1305_avx2.pl + create mode 100644 crypto/chacha20poly1305/asm/poly1305_x64.pl + create mode 100644 crypto/chacha20poly1305/chacha20.c + create mode 100644 crypto/chacha20poly1305/chacha20poly1305.h + create mode 100644 crypto/chacha20poly1305/chapolytest.c + create mode 100644 crypto/chacha20poly1305/poly1305.c + create mode 100644 crypto/evp/e_chacha20poly1305.c + +diff --git a/Configure b/Configure +index 4a715dc..f3ab6cd 100755 +--- a/Configure ++++ b/Configure +@@ -146,25 +146,25 @@ my $tlib="-lnsl -lsocket"; + my $bits1="THIRTY_TWO_BIT "; + my $bits2="SIXTY_FOUR_BIT "; + +-my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:"; ++my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o::"; + + my $x86_elf_asm="$x86_asm:elf"; + +-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:"; +-my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void"; +-my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o::void"; +-my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o:::::::::::::void"; +-my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o::void"; +-my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::"; ++my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o::chacha20_avx.o chacha20_avx2.o poly1305_x64.o poly1305_avx2.o"; ++my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o:::void"; ++my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o:::void"; ++my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o::::::::::::::void"; ++my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o:::void"; ++my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o:::::::::"; + my $mips32_asm=$mips64_asm; $mips32_asm =~ s/\ssha512\-mips\.o//; +-my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:"; +-my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void"; +-my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:"; +-my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32"; +-my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64"; +-my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:"; ++my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o::"; ++my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o:::void"; ++my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o::"; ++my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o:::32"; ++my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o:::64"; ++my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o::"; + my $ppc32_asm=$ppc64_asm; +-my $no_asm="::::::::::::::::void"; ++my $no_asm=":::::::::::::::::void"; + + # As for $BSDthreads. Idea is to maintain "collective" set of flags, + # which would cover all BSD flavors. -pthread applies to them all, +@@ -710,6 +710,7 @@ my $idx_wp_obj = $idx++; + my $idx_cmll_obj = $idx++; + my $idx_modes_obj = $idx++; + my $idx_engines_obj = $idx++; ++my $idx_chapoly_obj = $idx++; + my $idx_perlasm_scheme = $idx++; + my $idx_dso_scheme = $idx++; + my $idx_shared_target = $idx++; +@@ -752,6 +753,7 @@ my $bf ="crypto/bf/bf_locl.h"; + my $bn_asm ="bn_asm.o"; + my $des_enc="des_enc.o fcrypt_b.o"; + my $aes_enc="aes_core.o aes_cbc.o"; ++my $chapoly_enc=""; + my $bf_enc ="bf_enc.o"; + my $cast_enc="c_enc.o"; + my $rc4_enc="rc4_enc.o rc4_skey.o"; +@@ -1210,7 +1212,7 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/\|^[a-zA-Z]:[\\\/] + + print "IsMK1MF=$IsMK1MF\n"; + +-my @fields = split(/\s:\s/,$table{$target} . ":" x 30 , -1); ++my @fields = split(/\s:\s/,$table{$target} . ":" x 31 , -1); + my $cc = $fields[$idx_cc]; + # Allow environment CC to override compiler... + if($ENV{CC}) { +@@ -1239,6 +1241,7 @@ my $wp_obj = $fields[$idx_wp_obj]; + my $cmll_obj = $fields[$idx_cmll_obj]; + my $modes_obj = $fields[$idx_modes_obj]; + my $engines_obj = $fields[$idx_engines_obj]; ++my $chapoly_obj = $fields[$idx_chapoly_obj]; + my $perlasm_scheme = $fields[$idx_perlasm_scheme]; + my $dso_scheme = $fields[$idx_dso_scheme]; + my $shared_target = $fields[$idx_shared_target]; +@@ -1405,7 +1408,7 @@ if ($no_asm) + { + $cpuid_obj=$bn_obj=$ec_obj= + $des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj= +- $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj=""; ++ $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj=$chapoly_obj=""; + } + + if (!$no_shared) +@@ -1558,6 +1561,14 @@ $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); + $cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/); + $rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/); + $rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/); ++if ($chapoly_obj =~ /\.o$/) ++ { ++ $cflags.=" -DCHAPOLY_x86_64_ASM"; ++ } ++else ++ { ++ $chapoly_obj=$chapoly_enc; ++ } + if ($sha1_obj =~ /\.o$/) + { + # $sha1_obj=$sha1_enc; +@@ -1740,6 +1751,7 @@ while (<IN>) + s/^WP_ASM_OBJ=.$/WP_ASM_OBJ= $wp_obj/; + s/^CMLL_ENC=.$/CMLL_ENC= $cmll_obj/; + s/^MODES_ASM_OBJ.=$/MODES_ASM_OBJ= $modes_obj/; ++ s/^CHAPOLY_ENC=.$/CHAPOLY_ENC= $chapoly_obj/; + s/^ENGINES_ASM_OBJ.=$/ENGINES_ASM_OBJ= $engines_obj/; + s/^PERLASM_SCHEME=.$/PERLASM_SCHEME= $perlasm_scheme/; + s/^PROCESSOR=./PROCESSOR= $processor/; +@@ -1802,6 +1814,7 @@ print "RMD160_OBJ_ASM=$rmd160_obj\n"; + print "CMLL_ENC =$cmll_obj\n"; + print "MODES_OBJ =$modes_obj\n"; + print "ENGINES_OBJ =$engines_obj\n"; ++print "CHAPOLY_ENC =$chapoly_obj\n"; + print "PROCESSOR =$processor\n"; + print "RANLIB =$ranlib\n"; + print "ARFLAGS =$arflags\n"; +@@ -2200,7 +2213,7 @@ sub print_table_entry + my ($cc, $cflags, $unistd, $thread_cflag, $sys_id, $lflags, + $bn_ops, $cpuid_obj, $bn_obj, $ec_obj, $des_obj, $aes_obj, $bf_obj, + $md5_obj, $sha1_obj, $cast_obj, $rc4_obj, $rmd160_obj, +- $rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj, ++ $rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj, $chapoly_obj, + $perlasm_scheme, $dso_scheme, $shared_target, $shared_cflag, + $shared_ldflag, $shared_extension, $ranlib, $arflags, $multilib)= + split(/\s:\s/,$table{$target} . ":" x 30 , -1); +@@ -2231,6 +2244,7 @@ sub print_table_entry + \$cmll_obj = $cmll_obj + \$modes_obj = $modes_obj + \$engines_obj = $engines_obj ++\$chapoly_obj = $chapoly_obj + \$perlasm_scheme = $perlasm_scheme + \$dso_scheme = $dso_scheme + \$shared_target= $shared_target +diff --git a/Makefile.org b/Makefile.org +index 76fdbdf..6556ef6 100644 +--- a/Makefile.org ++++ b/Makefile.org +@@ -91,6 +91,7 @@ BN_ASM= bn_asm.o + EC_ASM= + DES_ENC= des_enc.o fcrypt_b.o + AES_ENC= aes_core.o aes_cbc.o ++CHAPOLY_ENC= + BF_ENC= bf_enc.o + CAST_ENC= c_enc.o + RC4_ENC= rc4_enc.o +@@ -148,7 +149,7 @@ SDIRS= \ + bn ec rsa dsa ecdsa dh ecdh dso engine \ + buffer bio stack lhash rand err \ + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ +- cms pqueue ts jpake srp store cmac ++ cms pqueue ts jpake srp store cmac chacha20poly1305 + # keep in mind that the above list is adjusted by ./Configure + # according to no-xxx arguments... + +@@ -234,6 +235,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
	Added	1.12.34.2-x64.tar.gz ^
[-] [+]	Added	404.html ^
@@ -0,0 +1,119 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + <head> + <title>The page is not found</title> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> + <style type="text/css"> + /<![CDATA[/ + body { + background-color: #fff; + color: #000; + font-size: 0.9em; + font-family: sans-serif,helvetica; + margin: 0; + padding: 0; + } + :link { + color: #c00; + } + :visited { + color: #c00; + } + a:hover { + color: #f50; + } + h1 { + text-align: center; + margin: 0; + padding: 0.6em 2em 0.4em; + background-color: #294172; + color: #fff; + font-weight: normal; + font-size: 1.75em; + border-bottom: 2px solid #000; + } + h1 strong { + font-weight: bold; + font-size: 1.5em; + } + h2 { + text-align: center; + background-color: #3C6EB4; + font-size: 1.1em; + font-weight: bold; + color: #fff; + margin: 0; + padding: 0.5em; + border-bottom: 2px solid #294172; + } + h3 { + text-align: center; + background-color: #ff0000; + padding: 0.5em; + color: #fff; + } + hr { + display: none; + } + .content { + padding: 1em 5em; + } + .alert { + border: 2px solid #000; + } + + img { + border: 2px solid #fff; + padding: 2px; + margin: 2px; + } + a:hover img { + border: 2px solid #294172; + } + .logos { + margin: 1em; + text-align: center; + } + /]]>/ + </style> + </head> + + <body> + <h1><strong>nginx error!</strong></h1> + + <div class="content"> + + <h3>The page you are looking for is not found.</h3> + + <div class="alert"> + <h2>Website Administrator</h2> + <div class="content"> + <p>Something has triggered missing webpage on your + website. This is the default 404 error page for + <strong>nginx</strong> that is distributed with + EPEL. It is located + <tt>/usr/share/nginx/html/404.html</tt></p> + + <p>You should customize this error page for your own + site or edit the <tt>error_page</tt> directive in + the <strong>nginx</strong> configuration file + <tt>/etc/nginx/nginx.conf</tt>.</p> + + </div> + </div> + + <div class="logos"> + <a href="http://nginx.net/"><img + src="nginx-logo.png" + alt="[ Powered by nginx ]" + width="121" height="32" /></a> + + <a href="http://fedoraproject.org/"><img + src="poweredby.png" + alt="[ Powered by Fedora EPEL ]" + width="88" height="31" /></a> + </div> + </div> + </body> +</html>
[-] [+]	Added	50x.html ^
@@ -0,0 +1,119 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + <head> + <title>The page is temporarily unavailable</title> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> + <style type="text/css"> + /<![CDATA[/ + body { + background-color: #fff; + color: #000; + font-size: 0.9em; + font-family: sans-serif,helvetica; + margin: 0; + padding: 0; + } + :link { + color: #c00; + } + :visited { + color: #c00; + } + a:hover { + color: #f50; + } + h1 { + text-align: center; + margin: 0; + padding: 0.6em 2em 0.4em; + background-color: #294172; + color: #fff; + font-weight: normal; + font-size: 1.75em; + border-bottom: 2px solid #000; + } + h1 strong { + font-weight: bold; + font-size: 1.5em; + } + h2 { + text-align: center; + background-color: #3C6EB4; + font-size: 1.1em; + font-weight: bold; + color: #fff; + margin: 0; + padding: 0.5em; + border-bottom: 2px solid #294172; + } + h3 { + text-align: center; + background-color: #ff0000; + padding: 0.5em; + color: #fff; + } + hr { + display: none; + } + .content { + padding: 1em 5em; + } + .alert { + border: 2px solid #000; + } + + img { + border: 2px solid #fff; + padding: 2px; + margin: 2px; + } + a:hover img { + border: 2px solid #294172; + } + .logos { + margin: 1em; + text-align: center; + } + /]]>/ + </style> + </head> + + <body> + <h1><strong>nginx error!</strong></h1> + + <div class="content"> + + <h3>The page you are looking for is temporarily unavailable. Please try again later.</h3> + + <div class="alert"> + <h2>Website Administrator</h2> + <div class="content"> + <p>Something has triggered an error on your + website. This is the default error page for + <strong>nginx</strong> that is distributed with + EPEL. It is located + <tt>/usr/share/nginx/html/50x.html</tt></p> + + <p>You should customize this error page for your own + site or edit the <tt>error_page</tt> directive in + the <strong>nginx</strong> configuration file + <tt>/etc/nginx/nginx.conf</tt>.</p> + + </div> + </div> + + <div class="logos"> + <a href="http://nginx.net/"><img + src="nginx-logo.png" + alt="[ Powered by nginx ]" + width="121" height="32" /></a> + + <a href="http://fedoraproject.org/"><img + src="poweredby.png" + alt="[ Powered by Fedora EPEL ]" + width="88" height="31" /></a> + </div> + </div> + </body> +</html>
	Added	Nginx-limit-traffic-rate-module.tar.gz ^
[-] [+]	Added	_service ^
@@ -0,0 +1,7 @@ +<services> + <service name="download_url"> + <param name="host">nginx.org</param> + <param name="protocol">http</param> + <param name="path">/download/nginx-1.16.1.tar.gz</param> + </service> +<service name="download_url"><param name="host">www.openssl.org</param><param name="protocol">https</param><param name="path">/source/openssl-1.1.1b.tar.gz</param></service></services>
	Added	_service:download_url:nginx-1.16.1.tar.gz ^
	Added	_service:download_url:openssl-1.1.1b.tar.gz ^
[-] [+]	Added	blockips.conf ^
@@ -0,0 +1,718 @@ +### updates are avail. at raw.githubusercontent.com/mariusv/nginx-badbot-blocker/master/blockips.conf + + +deny 178.238.234.1; +deny 76.90.254.19; +deny 85.17.26.68; # spammy comments - Leaseweb +deny 85.17.230.23; # spammy comments - Leaseweb +deny 173.234.11.105; # junk referrers +deny 173.234.31.9; # junk referrers - Ubiquityservers +deny 173.234.38.25; # spammy comments +deny 173.234.153.30; # junk referrers +deny 173.234.153.106; # spammy comments - Ubiquityservers +deny 173.234.175.68; # spammy comments +deny 190.152.223.27; # junk referrers +deny 195.191.54.90; # odd behaviour, Mozilla, doesnt fetch js/css. Ended up doing a POST, prob a spambot +deny 195.229.241.174; # spammy comments - United Arab Emirates +deny 210.212.194.60; # junk referrers + spammy comments +deny 76.91.248.49; # bad bot +deny 1.4.0.0/17; +deny 1.10.16.0/20; +deny 1.116.0.0/14; +deny 5.34.242.0/23; +deny 5.72.0.0/14; +deny 5.134.128.0/19; +deny 14.4.0.0/14; +deny 14.245.0.0/16; +deny 23.235.48.0/20; +deny 27.111.48.0/20; +deny 27.122.32.0/20; +deny 27.126.160.0/20; +deny 31.11.43.0/24; +deny 31.222.200.0/21; +deny 36.0.8.0/21; +deny 36.37.48.0/20; +deny 37.139.49.0/24; +deny 37.148.216.0/21; +deny 37.246.0.0/16; +deny 41.72.64.0/19; +deny 42.0.32.0/19; +deny 42.1.56.0/22; +deny 42.1.128.0/17; +deny 42.52.0.0/14; +deny 42.83.80.0/22; +deny 42.96.0.0/18; +deny 42.123.36.0/22; +deny 42.128.0.0/12; +deny 42.160.0.0/12; +deny 42.194.8.0/22; +deny 42.194.12.0/22; +deny 42.194.128.0/17; +deny 43.229.52.0/22; +deny 43.236.0.0/16; +deny 43.250.64.0/22; +deny 43.250.116.0/22; +deny 43.252.80.0/22; +deny 43.252.152.0/22; +deny 43.252.180.0/22; +deny 43.255.188.0/22; +deny 45.64.88.0/22; +deny 45.117.208.0/22; +deny 45.121.144.0/22; +deny 46.29.248.0/22; +deny 46.29.248.0/21; +deny 46.148.112.0/20; +deny 46.151.48.0/21; +deny 46.232.192.0/21; +deny 46.243.140.0/24; +deny 46.243.142.0/24; +deny 49.8.0.0/14; +deny 49.128.104.0/22; +deny 58.87.64.0/18; +deny 59.254.0.0/15; +deny 60.233.0.0/16; +deny 61.11.224.0/19; +deny 61.13.128.0/17; +deny 61.45.251.0/24; +deny 62.182.152.0/21; +deny 64.234.224.0/20; +deny 66.231.64.0/20; +deny 67.213.128.0/20; +deny 67.218.208.0/20; +deny 72.13.16.0/20; +deny 78.31.184.0/21; +deny 78.31.211.0/24; +deny 79.173.104.0/21; +deny 80.76.8.0/21; +deny 81.22.152.0/23; +deny 83.175.0.0/18; +deny 85.121.39.0/24; +deny 86.55.40.0/23; +deny 86.55.42.0/23; +deny 88.135.16.0/20; +deny 91.194.254.0/23; +deny 91.195.254.0/23; +deny 91.198.127.0/24; +deny 91.200.248.0/22; +deny 91.203.20.0/22; +deny 91.207.4.0/22; +deny 91.209.12.0/24; +deny 91.212.104.0/24; +deny 91.212.198.0/24; +deny 91.212.201.0/24; +deny 91.212.220.0/24; +deny 91.213.126.0/24; +deny 91.213.172.0/24; +deny 91.216.3.0/24; +deny 91.217.10.0/23; +deny 91.220.35.0/24; +deny 91.220.62.0/24; +deny 91.220.163.0/24; +deny 91.223.89.0/24; +deny 91.226.97.0/24; +deny 91.229.210.0/24; +deny 91.230.110.0/24; +deny 91.230.252.0/23; +deny 91.234.36.0/24; +deny 91.235.2.0/24; +deny 91.236.74.0/23; +deny 91.236.120.0/24; +deny 91.237.198.0/24; +deny 91.238.82.0/24; +deny 91.239.24.0/24; +deny 91.239.238.0/24; +deny 91.240.163.0/24; +deny 91.240.165.0/24; +deny 91.242.217.0/24; +deny 91.243.115.0/24; +deny 93.175.240.0/20; +deny 94.26.112.0/20; +deny 94.154.128.0/18; +deny 95.216.0.0/15; +deny 101.192.0.0/14; +deny 101.199.0.0/16; +deny 101.202.0.0/16; +deny 101.203.128.0/19; +deny 101.248.0.0/15; +deny 101.252.0.0/15; +deny 103.2.44.0/22; +deny 103.10.68.0/22; +deny 103.12.216.0/22; +deny 103.16.76.0/24; +deny 103.20.36.0/22; +deny 103.23.8.0/22; +deny 103.36.64.0/22; +deny 103.41.124.0/22; +deny 103.41.180.0/22; +deny 103.42.115.0/24; +deny 103.55.28.0/22; +deny 103.57.248.0/22; +deny 103.61.4.0/22; +deny 103.228.60.0/22; +deny 103.229.36.0/22; +deny 103.230.144.0/22; +deny 103.231.84.0/22; +deny 103.232.136.0/22; +deny 103.232.172.0/22; +deny 103.236.32.0/22; +deny 103.242.184.0/22; +deny 104.143.112.0/20; +deny 104.255.136.0/21; +deny 106.96.0.0/14; +deny 108.166.224.0/19; +deny 109.94.208.0/20; +deny 110.44.128.0/20; +deny 110.232.160.0/20; +deny 113.20.160.0/19; +deny 114.8.0.0/16; +deny 115.85.133.0/24; +deny 116.78.0.0/15; +deny 116.128.0.0/10; +deny 116.144.0.0/15; +deny 116.146.0.0/15; +deny 117.100.0.0/15; +deny 118.177.0.0/16; +deny 118.185.0.0/16; +deny 119.232.0.0/16; +deny 120.48.0.0/15; +deny 120.92.0.0/17; +deny 120.92.128.0/18; +deny 120.92.192.0/19; +deny 120.92.224.0/20; +deny 121.100.128.0/18; +deny 122.129.0.0/18; +deny 122.202.96.0/19; +deny 123.136.80.0/20; +deny 124.68.0.0/15; +deny 124.70.0.0/15; +deny 124.157.0.0/18; +deny 124.242.0.0/16; +deny 124.245.0.0/16; +deny 125.31.192.0/18; +deny 125.58.0.0/18; +deny 125.169.0.0/16; +deny 128.13.0.0/16; +deny 128.168.0.0/16; +deny 128.191.0.0/16; +deny 129.47.0.0/16; +deny 129.76.64.0/18; +deny 130.148.0.0/16;
[-] [+]	Added	changelog ^
@@ -0,0 +1,131 @@ +* Sun Mar 05 2016 Juergen Gotteswinter <jg@internetx.com> - 1.9.12-1 +- 1.9.12 bump +- enabled http splice module + +* Tue Dec 08 2015 Juergen Gotteswinter <jg@internetx.com> - 1.9.7-1 +- version bump 1.9.7 +- enabled http2 +- enabled thread pool support + +* Wed May 12 2015 Juergen Gotteswinter <jg@internetx.com> - 1.9.1-1 +- Version Bump 1.9.1 Codename Putin + +* Wed May 12 2015 Juergen Gotteswinter <jg@internetx.com> - 1.9.0-1 +- moved on to the current stable mainline tree 1.9.x +- enabled stream module (appeared in 1.9.0) - simple tcp proxy feature + +* Wed Mar 25 2015 Juergen Gotteswinter <jg@internetx.com> - 1.7.11-1 +- pushed bundled openssl to latest 1.0.2 +- enabled thread pool support (appeared in 1.7.11) +- updated rtmp module to latest git (previous version does not build with +- 1.7.11) + +* Thu Dec 31 2014 Juergen Gotteswinter <jg@internetx.com> - 1.7.9-2 +- added nginx pagespeed module - rhel/centos 7.x only +- added nginx pagespeed sample config +- enabled complete mainline module tree, except mail* support + +* Thu Dec 31 2014 Juergen Gotteswinter <jg@internetx.com> - 1.7.9-1 +- bumped to 1.7.9 +- fixed check upstream module + patch +- 2014 byebye version bump + +* Thu Dec 02 2014 Juergen Gotteswinter <jg@internetx.com> - 1.7.8-1 +- bumped to 1.7.8 + +* Thu Nov 13 2014 Juergen Gotteswinter <jg@internetx.com> - 1.7.7-1 +- bumped to 1.7.7 + +* Thu Oct 23 2014 Juergen Gotteswinter <jg@internetx.com> - 1.7.6-1 +- added openssl source - nginx got built static against current vanilla +* openssl +- enabled additional mainline modules +- added patch to get rid of rc4 +- bumped to 1.7.6 + +* Fri Jun 28 2014 Juergen Gotteswinter <jg@internetx.com> - 1.7.3-1 +- bump to 1.7.3 + +* Fri Apr 26 2014 Juergen Gotteswinter <jg@internetx.com> - 1.6.0-2 +- added nginx-statsd module + +* Fri Apr 26 2014 Juergen Gotteswinter <jg@internetx.com> - 1.6.0-1 +- pushed to new stable branch 1.6 + +* Fri Apr 12 2014 Juergen Gotteswinter <jg@internetx.com> - 1.4.7-2 +- added patch to log heartbleed attacks + +* Tue Apr 03 2014 Juergen Gotteswinter <jg@internetx.com> - 1.4.7-1 +- bump to 1.4.7 + +* Wed Nov 20 2013 Juergen Gotteswinter <jg@internetx.com> - 1.4.4-1 +- https://bugzilla.redhat.com/show_bug.cgi?id=1032266 + +* Tue Oct 08 2013 Carsten Schoene <cs@linux-administrator.com> - 1.4.3-1 +- update nginx to 1.4.3 +- update rtmp module to 1.0.5 + +* Sun Aug 04 2013 Carsten Schoene <cs@linux-administrator.com> - 1.4.2-2 +- update rtmp module to 1.0.2 + +* Wed Jul 17 2013 Carsten Schoene <cs@linux-administrator.com> - 1.4.2-1 +- update nginx to 1.4.2 + +* Sat Jun 29 2013 Carsten Schoene <cs@linux-administrator.com> - 1.4.1-4 +- update rtmp module to 1.0.1 + +* Sat May 25 2013 Carsten Schoene <cs@linux-administrator.com> - 1.4.1-3 +- update rtmp module to 0.9.20 + +* Mon May 13 2013 Carsten Schoene <cs@linux-administrator.com> - 1.4.1-2 +- update rtmp module to 0.9.19 + +* Fri May 10 2013 Juergen Gotteswinter <jg@internetx.de> - 1.4.1-1 +- version bump to latest stable 1.4.1 + +* Fri Apr 26 2013 Carsten Schoene <cs@linux-administrator.com> - 1.2.7-2 +- update rtmp module to 0.9.18 + +* Sun Apr 14 2013 Carsten Schoene <cs@linux-administrator.com> - 1.2.7-4 +- update nginx to 1.2.7 +- update rtmp module to 0.9.14 + +* Mon Mar 04 2013 Carsten Schoene <cs@linux-administrator.com> - 1.2.7-3 +- update rtmp module to 0.9.11 + +* Thu Feb 28 2013 Carsten Schoene <cs@linux-administrator.com> - 1.2.7-2 +- update rtmp module to 0.9.8 + +* Tue Feb 12 2013 Carsten Schoene <cs@linux-administrator.com> - 1.2.7-1 +- update nginx to 1.2.7 +- update rtmp module to 0.9.7 + +* Fri Jan 25 2013 Carsten Schoene <cs@linux-administrator.com> - 1.2.6-4 +- update rtmp module to 0.9.1 + +* Wed Jan 16 2013 Carsten Schoene <cs@linux-administrator.com> - 1.2.6-3 +- update rtmp module to 0.9.0 + +* Sat Jan 12 2013 Carsten Schoene <cs@linux-administrator.com> - 1.2.6-2 +- added rtmp 0.8.7 module + +* Tue Dec 11 2012 Carsten Schoene <cs@linux-administrator.com> - 1.2.6-1 +- update to release 1.2.6 + +* Tue Nov 13 2012 Carsten Schoene <cs@linux-administrator.com> - 1.2.5-1 +- update to release 1.2.5 + +* Mon Oct 04 2010 Juergen Gotteswinter <jg at internetx.de> 0.8.52-1 +- update to latest stable branch + +* Wed Nov 17 2009 Juergen Gotteswinter <jg at internetx.de> 0.7.64-1 + +- version bump to 0.7.64 + + +* Wed Oct 28 2009 Juergen Gotteswinter <jg at internetx.de> 0.7.63-1 + +- version bump to 0.7.63 + +* Fri Oct 23 2009 Juergen Gotteswinter <jg at internetx.de> 0.7.62-3 +- included nginx-socket-patch for unix socket support \ No newline at end of file
[-] [+]	Added	config ^
@@ -0,0 +1,856 @@ + + + + + +<!DOCTYPE html> +<html> + <head> + <meta charset='utf-8'> + <meta http-equiv="X-UA-Compatible" content="chrome=1"> + <title>config at master from bigplum/Nginx-limit-traffic-rate-module - GitHub</title> + <link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml" title="GitHub" /> + <link rel="fluid-icon" href="https://github.com/fluidicon.png" title="GitHub" /> + + <link href="https://assets0.github.com/stylesheets/bundle_common.css?594c3ba479ae702f0f0215dba898d5fb809fc253" media="screen" rel="stylesheet" type="text/css" /> +<link href="https://assets3.github.com/stylesheets/bundle_github.css?594c3ba479ae702f0f0215dba898d5fb809fc253" media="screen" rel="stylesheet" type="text/css" /> + + <script type="text/javascript"> + if (typeof console == "undefined" \|\| typeof console.log == "undefined") + console = { log: function() {} } + </script> + <script type="text/javascript" charset="utf-8"> + var GitHub = {} + var github_user = null + + </script> + <script src="https://assets2.github.com/javascripts/jquery/jquery-1.4.2.min.js?594c3ba479ae702f0f0215dba898d5fb809fc253" type="text/javascript"></script> + <script src="https://assets2.github.com/javascripts/bundle_common.js?594c3ba479ae702f0f0215dba898d5fb809fc253" type="text/javascript"></script> +<script src="https://assets3.github.com/javascripts/bundle_github.js?594c3ba479ae702f0f0215dba898d5fb809fc253" type="text/javascript"></script> + + + <script type="text/javascript" charset="utf-8"> + GitHub.spy({ + repo: "bigplum/Nginx-limit-traffic-rate-module" + }) + </script> + + + <link href="https://github.com/bigplum/Nginx-limit-traffic-rate-module/commits/master.atom" rel="alternate" title="Recent Commits to Nginx-limit-traffic-rate-module:master" type="application/atom+xml" /> + + <meta name="description" content="Limiting rate by given variables(like $request_uri, $remote_addr, etc..)." /> + <script type="text/javascript"> + GitHub.nameWithOwner = GitHub.nameWithOwner \|\| "bigplum/Nginx-limit-traffic-rate-module"; + GitHub.currentRef = 'master'; + GitHub.commitSHA = "c0c90f55a8cb545559b73eafb91a0af3f2d8474a"; + GitHub.currentPath = 'config'; + GitHub.masterBranch = "master"; + + + </script> + + + <script type="text/javascript"> + var _gaq = _gaq \|\| []; + _gaq.push(['_setAccount', 'UA-3769691-2']); + _gaq.push(['_setDomainName', 'none']); + _gaq.push(['_trackPageview']); + (function() { + var ga = document.createElement('script'); + ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; + ga.setAttribute('async', 'true'); + document.documentElement.firstChild.appendChild(ga); + })(); + </script> + + + </head> + + + + <body class="logged_out page-blob"> + + + + + + + + + + + <div class="subnavd" id="main"> + <div id="header" class="true"> + + <a class="logo boring" href="https://github.com"> + <img src="/images/modules/header/logov3.png?changed" class="default" alt="github" /> + <!--[if (gt IE 8)\|!(IE)]><!--> + <img src="/images/modules/header/logov3-hover.png" class="hover" alt="github" /> + <!--<![endif]--> + </a> + + + <div class="topsearch"> + + <ul class="nav logged_out"> + <li class="pricing"><a href="/plans">Pricing and Signup</a></li> + <li class="explore"><a href="/explore">Explore GitHub</a></li> + <li class="features"><a href="/features">Features</a></li> + <li class="blog"><a href="/blog">Blog</a></li> + <li class="login"><a href="/login?return_to=https://github.com/bigplum/Nginx-limit-traffic-rate-module/blob/master/config">Login</a></li> + </ul> + +</div> + + </div> + + + + + <div class="site"> + <div class="pagehead repohead vis-public "> + + + + <div class="title-actions-bar"> + <h1> + <a href="/bigplum">bigplum</a> / <strong><a href="https://github.com/bigplum/Nginx-limit-traffic-rate-module">Nginx-limit-traffic-rate-module</a></strong> + + + </h1> + + + <ul class="actions"> + + + + <li class="for-owner" style="display:none"><a href="https://github.com/bigplum/Nginx-limit-traffic-rate-module/admin" class="minibutton btn-admin "><span><span class="icon"></span>Admin</span></a></li> + <li> + <a href="/bigplum/Nginx-limit-traffic-rate-module/toggle_watch" class="minibutton btn-watch " id="watch_button" onclick="var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;var s = document.createElement('input'); s.setAttribute('type', 'hidden'); s.setAttribute('name', 'authenticity_token'); s.setAttribute('value', '5fb90cea03b51d302598461c3969cdb3211d3084'); f.appendChild(s);f.submit();return false;" style="display:none"><span><span class="icon"></span>Watch</span></a> + <a href="/bigplum/Nginx-limit-traffic-rate-module/toggle_watch" class="minibutton btn-watch " id="unwatch_button" onclick="var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;var s = document.createElement('input'); s.setAttribute('type', 'hidden'); s.setAttribute('name', 'authenticity_token'); s.setAttribute('value', '5fb90cea03b51d302598461c3969cdb3211d3084'); f.appendChild(s);f.submit();return false;" style="display:none"><span><span class="icon"></span>Unwatch</span></a> + </li> + + + <li class="for-notforked" style="display:none"><a href="/bigplum/Nginx-limit-traffic-rate-module/fork" class="minibutton btn-fork " id="fork_button" onclick="var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;var s = document.createElement('input'); s.setAttribute('type', 'hidden'); s.setAttribute('name', 'authenticity_token'); s.setAttribute('value', '5fb90cea03b51d302598461c3969cdb3211d3084'); f.appendChild(s);f.submit();return false;"><span><span class="icon"></span>Fork</span></a></li> + <li class="for-hasfork" style="display:none"><a href="#" class="minibutton btn-fork " id="your_fork_button"><span><span class="icon"></span>Your Fork</span></a></li> + + + + + + + <li class="repostats"> + <ul class="repo-stats"> + <li class="watchers"><a href="/bigplum/Nginx-limit-traffic-rate-module/watchers" title="Watchers" class="tooltipped downwards">3</a></li> + <li class="forks"><a href="/bigplum/Nginx-limit-traffic-rate-module/network" title="Forks" class="tooltipped downwards">2</a></li> + </ul> + </li> + </ul> + + </div> + + + <ul class="tabs"> + <li><a href="https://github.com/bigplum/Nginx-limit-traffic-rate-module" class="selected" highlight="repo_source">Source</a></li> + <li><a href="https://github.com/bigplum/Nginx-limit-traffic-rate-module/commits/master" highlight="repo_commits">Commits</a></li> + <li><a href="/bigplum/Nginx-limit-traffic-rate-module/network" highlight="repo_network">Network</a></li> + <li><a href="/bigplum/Nginx-limit-traffic-rate-module/pulls" highlight="repo_pulls">Pull Requests (0)</a></li> + + + + + + <li><a href="/bigplum/Nginx-limit-traffic-rate-module/issues" highlight="issues">Issues (0)</a></li> + + + + <li><a href="/bigplum/Nginx-limit-traffic-rate-module/graphs" highlight="repo_graphs">Graphs</a></li> + + <li class="contextswitch nochoices"> + <span class="toggle leftwards" > + <em>Branch:</em> + <code>master</code> + </span> + </li> + </ul> + + <div style="display:none" id="pl-description"><p><em class="placeholder">click here to add a description</em></p></div> + <div style="display:none" id="pl-homepage"><p><em class="placeholder">click here to add a homepage</em></p></div> + + <div class="subnav-bar"> + + <ul> + <li> + <a href="#" class="dropdown">Switch Branches (1)</a> + <ul> + + + <li><strong>master ✓</strong></li> + + </ul> + </li> + <li> + <a href="#" class="dropdown defunct">Switch Tags (0)</a> + + </li> + <li> + + <a href="/bigplum/Nginx-limit-traffic-rate-module/branches" class="manage">Branch List</a> +
[-] [+]	Added	index.html ^
@@ -0,0 +1,116 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + <head> + <title>Test Page for the Nginx HTTP Server on EPEL</title> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> + <style type="text/css"> + /<![CDATA[/ + body { + background-color: #fff; + color: #000; + font-size: 0.9em; + font-family: sans-serif,helvetica; + margin: 0; + padding: 0; + } + :link { + color: #c00; + } + :visited { + color: #c00; + } + a:hover { + color: #f50; + } + h1 { + text-align: center; + margin: 0; + padding: 0.6em 2em 0.4em; + background-color: #294172; + color: #fff; + font-weight: normal; + font-size: 1.75em; + border-bottom: 2px solid #000; + } + h1 strong { + font-weight: bold; + font-size: 1.5em; + } + h2 { + text-align: center; + background-color: #3C6EB4; + font-size: 1.1em; + font-weight: bold; + color: #fff; + margin: 0; + padding: 0.5em; + border-bottom: 2px solid #294172; + } + hr { + display: none; + } + .content { + padding: 1em 5em; + } + .alert { + border: 2px solid #000; + } + + img { + border: 2px solid #fff; + padding: 2px; + margin: 2px; + } + a:hover img { + border: 2px solid #294172; + } + .logos { + margin: 1em; + text-align: center; + } + /]]>/ + </style> + </head> + + <body> + <h1>Welcome to <strong>nginx</strong> on EPEL!</h1> + + <div class="content"> + <p>This page is used to test the proper operation of the + <strong>nginx</strong> HTTP server after it has been + installed. If you can read this page, it means that the + web server installed at this site is working + properly.</p> + + <div class="alert"> + <h2>Website Administrator</h2> + <div class="content"> + <p>This is the default <tt>index.html</tt> page that + is distributed with <strong>nginx</strong> on + EPEL. It is located in + <tt>/usr/share/nginx/html</tt>.</p> + + <p>You should now put your content in a location of + your choice and edit the <tt>root</tt> configuration + directive in the <strong>nginx</strong> + configuration file + <tt>/etc/nginx/nginx.conf</tt>.</p> + + </div> + </div> + + <div class="logos"> + <a href="http://nginx.net/"><img + src="nginx-logo.png" + alt="[ Powered by nginx ]" + width="121" height="32" /></a> + + <a href="http://fedoraproject.org/"><img + src="poweredby.png" + alt="[ Powered by Fedora EPEL ]" + width="88" height="31" /></a> + </div> + </div> + </body> +</html>
[-] [+]	Added	magento-sample.conf-disabled ^
@@ -0,0 +1,113 @@ +server { + include /etc/nginx/port.conf; + server_name example.com; + return 301 $scheme://www.example.com$request_uri; +} + +server { + include /etc/nginx/port.conf; + #listen 443 ssl; + server_name www.example.com; ## Domain is here + root /var/www/html; + access_log /var/log/nginx/access_www.example.com.log main; + + if ($http_user_agent = "") { return 444;} + + #################################################################################### + ## SSL CONFIGURATION + + #ssl_certificate /etc/ssl/certs/www_server_com.chained.crt; + #ssl_certificate_key /etc/ssl/certs/server.key; + + #################################################################################### + ## Server maintenance block. insert dev ip 1.2.3.4 static address www.whatismyip.com + + #if ($remote_addr !~ "^(1.2.3.4\|1.2.3.4)$") { + #return 503; + #} + + #error_page 503 @maintenance; + #location @maintenance { + #rewrite ^(.)$ /error_page/503.html break; + #internal; + #access_log off; + #log_not_found off; + #} + + #################################################################################### + ## 403 error log/page + + #error_page 403 /403.html; + #location = /403.html { + #root /var/www/html/error_page; + #internal; + #access_log /var/log/nginx/403.log error403; + #} + + #################################################################################### + ## Main Magento location + + location / { + try_files $uri $uri/ @handler; + } + + #################################################################################### + ## These locations would be hidden by .htaccess normally, protected + + location ~ (/(app/\|includes/\|pkginfo/\|var/\|errors/local.xml)\|/\.) { + deny all; + } + + #################################################################################### + ## Protecting /admin/ and /downloader/ 1.2.3.4 = static ip (www.whatismyip.com) + + #location /downloader/ { + #allow 1.2.3.4; allow 1.2.3.4; deny all; + #rewrite ^/downloader/(.)$ /downloader/index.php$1; + #} + #location /admin { + #allow 1.2.3.4; allow 1.2.3.4; deny all; + #rewrite / /@handler; + #} + + #################################################################################### + ## Images, scripts and styles set far future Expires header + + location ~* \.(js\|css\|png\|jpg\|jpeg\|gif\|ico)$ { + open_file_cache max=10000 inactive=8h; + open_file_cache_valid 1h; + open_file_cache_min_uses 2; + open_file_cache_errors off; + expires max; + log_not_found off; + access_log off; + } + + #################################################################################### + ## Main Magento location + + location @handler { + rewrite / /index.php?$args; + } + + location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler + rewrite ^(.*.php)/ $1 last; + } + + #################################################################################### + ## Execute PHP scripts + + location ~ .php$ { + add_header X-UA-Compatible 'IE=Edge,chrome=1'; + add_header X-Time-Spent $request_time; + try_files $uri $uri/ =404; + fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + ## Store code with multi domain + #fastcgi_param MAGE_RUN_CODE $storecode; + ## Default Store code + fastcgi_param MAGE_RUN_CODE default; + fastcgi_param MAGE_RUN_TYPE store; ## or website; + include fastcgi_params; ## See /etc/nginx/fastcgi_params + } + }
	Added	naxsi-git.tar.gz ^
	Added	nginx-ajp-module-0.3.tar.gz ^
	Added	nginx-auth-ldap.tar.gz ^
	Added	nginx-logo.png ^
	Added	nginx-munin.tar.gz ^
	Added	nginx-rtmp-module-1.1.15.tar.gz ^
[-] [+]	Added	nginx-statsd.conf-sample ^
@@ -0,0 +1,39 @@ +http { + + # Set the server that you want to send stats to. + statsd_server your.statsd.server.com; + + # Randomly sample 10% of requests so that you do not overwhelm your statsd server. + # Defaults to sending all statsd (100%). + statsd_sample_rate 10; # 10% of requests + + + server { + listen 80; + server_name www.your.domain.com; + + # Increment "your_product.requests" by 1 whenever any request hits this server. + statsd_count "your_product.requests" 1; + + location / { + + # Increment the key by 1 when this location is hit. + statsd_count "your_product.pages.index_requests" 1; + + # Increment the key by 1, but only if $request_completion is set to something. + statsd_count "your_product.pages.index_responses" 1 "$request_completion"; + + # Send a timing to "your_product.pages.index_response_time" equal to the value + # returned from the upstream server. If this value evaluates to 0 or empty-string, + # it will not be sent. Thus, there is no need to add a test. + statsd_timing "your_product.pages.index_response_time" "$upstream_response_time"; + + # Increment a key based on the value of a custom header. Only sends the value if + # the custom header exists in the upstream response. + statsd_count "your_product.custom_$upstream_http_x_some_custom_header" 1 + "$upstream_http_x_some_custom_header"; + + proxy_pass http://some.other.domain.com; + } + } +} \ No newline at end of file
	Added	nginx-statsd.tar.gz ^
	Added	nginx-sticky-module-1.1.tar.gz ^
	Added	nginx-upstream-fair.tgz ^
[-] [+]	Added	nginx.init ^
@@ -0,0 +1,129 @@ +#!/bin/sh +# +# nginx - this script starts and stops the nginx daemon +# +# chkconfig: - 85 15 +# description: Nginx is an HTTP(S) server, HTTP(S) reverse \ +# proxy and IMAP/POP3 proxy server +# processname: nginx +# config: /etc/nginx/nginx.conf +# config: /etc/sysconfig/nginx +# pidfile: /var/run/nginx.pid + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +# Check that networking is up. +[ "$NETWORKING" = "no" ] && exit 0 + +nginx="/usr/sbin/nginx" +prog=$(basename $nginx) + +NGINX_CONF_FILE="/etc/nginx/nginx.conf" + +[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx + +lockfile=/var/lock/subsys/nginx + +start() { + [ -x $nginx ] \|\| exit 5 + [ -f $NGINX_CONF_FILE ] \|\| exit 6 + echo -n $"Starting $prog: " + daemon $nginx -c $NGINX_CONF_FILE + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + killproc $prog + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + configtest_q \|\| configtest \|\| return 6 + stop + start +} + +reload() { + configtest_q \|\| configtest \|\| return 6 + echo -n $"Reloading $prog: " + killproc $nginx -HUP + echo +} + +configtest() { + $nginx -t -c $NGINX_CONF_FILE +} + +configtest_q() { + configtest >/dev/null 2>&1 +} + +rh_status() { + status $prog +} + +rh_status_q() { + rh_status >/dev/null 2>&1 +} + +# Online upgrade nginx binary on the fly, with no downtime. +# details: http://sysoev.ru/nginx/docs/control.html#upgrade +upgrade() { + configtest_q \|\| configtest \|\| return 6 + echo -n $"Upgrading $prog: " + kill -USR2 `cat /var/run/$prog.pid` + sleep 1 + if test -f /var/run/$prog.pid.oldbin + then + killproc -p /var/run/$prog.pid.oldbin -QUIT + echo + else + failure $"$prog online upgrade" + echo + exit 1 + fi +} + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q \|\| exit 0 + $1 + ;; + reload) + rh_status_q \|\| exit 7 + $1 + ;; + upgrade\|force-reload) + rh_status_q \|\| exit 7 + upgrade + ;; + condrestart\|try-restart) + rh_status_q \|\| exit 7 + restart + ;; + restart\|configtest) + $1 + ;; + status\|status_q) + rh_$1 + ;; + *) + echo $"Usage: $0 {start\|stop\|reload\|force-reload\|restart\|try-restart\|status\|configtest}" + exit 2 +esac +
[-] [+]	Added	nginx.logrotate ^
@@ -0,0 +1,12 @@ +/var/log/nginx/*log { + daily + rotate 10 + missingok + notifempty + compress + sharedscripts + postrotate + [ ! -f /var/run/nginx.pid ] \|\| kill -USR1 `cat /var/run/nginx.pid` + endscript +} +
[-] [+]	Added	nginx.sysconfig ^
@@ -0,0 +1,5 @@ +# Configuration file for the nginx service + +# set this to the location of the nginx configuration file +NGINX_CONF_FILE=/etc/nginx/nginx.conf +ulimit -n 512000 \ No newline at end of file
	Added	nginx_upstream_check_module-master.tar.gz ^
	Added	ngx_cache_purge-2.3.tar.gz ^
	Added	ngx_cache_purge.tar.gz ^
	Added	ngx_pagespeed-latest-testing.zip ^
	Added	ngx_pagespeed-latest-testing.zip.old ^
	Added	ngx_slowfs_cache-1.5.tar.gz ^
[-] [+]	Added	pagespeed.conf ^
@@ -0,0 +1,53 @@ +pagespeed off; + + +# Configuring PageSpeed Filters +pagespeed RewriteLevel PassThrough; + +# Needs to exist and be writable by nginx. Use tmpfs for best performance. +pagespeed MemcachedServers "127.0.0.1:11211"; +pagespeed FileCachePath /var/ngx_pagespeed_cache; + +# PageSpeed Admin +pagespeed StatisticsPath /ngx_pagespeed_statistics; +pagespeed GlobalStatisticsPath /ngx_pagespeed_global_statistics; +pagespeed MessagesPath /ngx_pagespeed_message; +pagespeed ConsolePath /pagespeed_console; +pagespeed AdminPath /pagespeed_admin; +pagespeed GlobalAdminPath /pagespeed_global_admin; + +# PageSpeed Cache Purge +pagespeed EnableCachePurge on; +pagespeed PurgeMethod PURGE; + + +# Ensure requests for pagespeed optimized resources go to the pagespeed handler +# and no extraneous headers get set. +location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { + add_header "" ""; +} + + +# HTTPS Support +# pagespeed FetchHttps enable; + +# PageSpeed Filters +# CSS Minification +# pagespeed EnableFilters combine_css,rewrite_css; + +# JS Minification +# pagespeed EnableFilters combine_javascript,rewrite_javascript; + +# Images Optimization +#pagespeed EnableFilters lazyload_images; +#pagespeed EnableFilters rewrite_images; +#pagespeed EnableFilters convert_jpeg_to_progressive,convert_png_to_jpeg,convert_jpeg_to_webp,convert_to_webp_lossless; + +# Remove comments from HTML +#pagespeed EnableFilters remove_comments; +# Remove WHITESPACE from HTML +#pagespeed EnableFilters collapse_whitespace; + + +# CDN Support +#pagespeed MapRewriteDomain cdn.example.com www.example.com; \ No newline at end of file
	Added	poweredby.png ^
	Added	release-1.11.33.2-beta.zip ^
[-] [+]	Added	ssl-ciphersample ^
@@ -0,0 +1,3 @@ +ssl_protocols TLSv1 TLSv1.1 TLSv1.2; +ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5; +ssl_prefer_server_ciphers on;
[-] [+]	Added	ssl.conf ^
@@ -0,0 +1,37 @@ + +#server { +# listen 443; +# server_name _; + +# ssl on; +# ssl_certificate cert.pem; +# ssl_certificate_key cert.key; + +# Don't use outdated SSLv3 protocol. Protects against BEAST and POODLE attacks. +# ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + +# Use secure ciphers - courtesy Cloudflare +# ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; +# ssl_prefer_server_ciphers on; + +# ssl_session_cache shared:SSL:20m; +# ssl_session_tickets on; +# ssl_session_timeout 30m; + +# HSTS - Use HTTPS exclusively , uncomment one. +# add_header Strict-Transport-Security "max-age=15768000; includeSubdomains"; + +# create new one with: openssl dhparam -out dhparams.pem 2048 +# ssl_dhparam /etc/nginx/ssl/dhparams_2048.pem; + +# ssl_buffer_size 4k; + +# if you want extra security at the cost of considerable pressure on processor .. +# ssl_ecdh_curve secp384r1; + +# location / { +# root html; +# index index.html index.htm; +# } +#} +
[-] [+]	Added	upstream-fair.conf ^
@@ -0,0 +1,18 @@ +# +# This is a sample configuration to use the nginx-upstream-fair module +# that is included. +# +# http://wiki.codemongers.com/NginxHttpUpstreamFairModule +# +# Change your Nginx config file's upstream block to include the 'fair' +# directive: +# + +# upstream mongrel { +# fair; +# server 127.0.0.1:5000; +# server 127.0.0.1:5001; +# server 127.0.0.1:5002; +# } + +
	Added	v1.10.33.6-beta.zip ^
[-] [+]	Added	virtual.conf ^
@@ -0,0 +1,15 @@ +# +# A virtual host using mix of IP-, name-, and port-based configuration +# + +#server { +# listen 8000; +# listen somename:8080; +# server_name somename alias another.alias; + +# location / { +# root html; +# index index.html index.htm; +# } +#} +