Merge pull request #85862 from Izorkin/nginx-paths

2020-05-11 11:17:04 +01:00 · 2020-05-11 11:17:04 +01:00 · 11c18faa4e
commit 11c18faa4e
parent e9853444c7 2d8d8415c0
8 changed files with 97 additions and 38 deletions
--- a/nixos/doc/manual/release-notes/rl-2009.xml
+++ b/nixos/doc/manual/release-notes/rl-2009.xml
@ -279,6 +279,13 @@ php.override {
 </programlisting>
    </para>
   </listitem>
+   <listitem>
+    <para>
+      The Nginx log directory has been moved to <literal>/var/log/nginx</literal>, the cache directory
+      to <literal>/var/cache/nginx</literal>. The option <literal>services.nginx.stateDir</literal> has
+      been removed.
+    </para>
+   </listitem>
   <listitem>
    <para>
     The httpd web server previously started its main process as root
--- a/nixos/modules/services/logging/awstats.nix
+++ b/nixos/modules/services/logging/awstats.nix
@ -24,7 +24,7 @@ let

      logFile = mkOption {
        type = types.str;
-        example = "/var/spool/nginx/logs/access.log";
+        example = "/var/log/nginx/access.log";
        description = ''
          The log file to be scanned.

@ -110,7 +110,7 @@ in
        {
          "mysite" = {
            domain = "example.com";
-            logFile = "/var/spool/nginx/logs/access.log";
+            logFile = "/var/log/nginx/access.log";
          };
        }
      '';
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@ -187,7 +187,7 @@ let
    then "/etc/nginx/nginx.conf"
    else configFile;

-  execCommand = "${cfg.package}/bin/nginx -c '${configPath}' -p '${cfg.stateDir}'";
+  execCommand = "${cfg.package}/bin/nginx -c '${configPath}'";

  vhosts = concatStringsSep "\n" (mapAttrsToList (vhostName: vhost:
    let
@ -463,13 +463,6 @@ in
        '';
      };

-      stateDir = mkOption {
-        default = "/var/spool/nginx";
-        description = "
-          Directory holding all state for nginx to run.
-        ";
-      };
-
      user = mkOption {
        type = types.str;
        default = "nginx";
@ -636,6 +629,13 @@ in
    };
  };

+  imports = [
+    (mkRemovedOptionModule [ "services" "nginx" "stateDir" ] ''
+      The Nginx log directory has been moved to /var/log/nginx, the cache directory
+      to /var/cache/nginx. The option services.nginx.stateDir has been removed.
+    '')
+  ];
+
  config = mkIf cfg.enable {
    # TODO: test user supplied config file pases syntax test

@ -680,12 +680,6 @@ in
      }
    ];

-    systemd.tmpfiles.rules = [
-      "d '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -"
-      "d '${cfg.stateDir}/logs' 0750 ${cfg.user} ${cfg.group} - -"
-      "Z '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -"
-    ];
-
    systemd.services.nginx = {
      description = "Nginx Web Server";
      wantedBy = [ "multi-user.target" ];
@ -708,6 +702,12 @@ in
        # Runtime directory and mode
        RuntimeDirectory = "nginx";
        RuntimeDirectoryMode = "0750";
+        # Cache directory and mode
+        CacheDirectory = "nginx";
+        CacheDirectoryMode = "0750";
+        # Logs directory and mode
+        LogsDirectory = "nginx";
+        LogsDirectoryMode = "0750";
        # Capabilities
        AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" "CAP_SYS_RESOURCE" ];
      };
--- a/nixos/tests/service-runner.nix
+++ b/nixos/tests/service-runner.nix
@ -23,7 +23,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
        machine.fail(f"curl {url}")
        machine.succeed(
            """
-            mkdir -p /run/nginx /var/spool/nginx/logs
+            mkdir -p /run/nginx /var/log/nginx /var/cache/nginx
            ${nodes.machine.config.systemd.services.nginx.runner} &
            echo $!>my-nginx.pid
            """
--- a/pkgs/servers/http/nginx/generic.nix
+++ b/pkgs/servers/http/nginx/generic.nix
@ -68,6 +68,14 @@ stdenv.mkDerivation {
    "--with-http_stub_status_module"
    "--with-threads"
    "--with-pcre-jit"
+    "--http-log-path=/var/log/nginx/access.log"
+    "--error-log-path=/var/log/nginx/error.log"
+    "--pid-path=/var/log/nginx/nginx.pid"
+    "--http-client-body-temp-path=/var/cache/nginx/client_body"
+    "--http-proxy-temp-path=/var/cache/nginx/proxy"
+    "--http-fastcgi-temp-path=/var/cache/nginx/fastcgi"
+    "--http-uwsgi-temp-path=/var/cache/nginx/uwsgi"
+    "--http-scgi-temp-path=/var/cache/nginx/scgi"
  ] ++ optionals withDebug [
    "--with-debug"
  ] ++ optionals withStream [
@ -99,26 +107,28 @@ stdenv.mkDerivation {
  preConfigure = preConfigure
    + concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules;

-  patches = map fixPatch
-    (singleton (substituteAll {
+  patches = map fixPatch ([
+    (substituteAll {
      src = ./nix-etag-1.15.4.patch;
      preInstall = ''
        export nixStoreDir="$NIX_STORE" nixStoreDirLen="''${#NIX_STORE}"
      '';
-    }) ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
-      (fetchpatch {
-        url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/102-sizeof_test_fix.patch";
-        sha256 = "0i2k30ac8d7inj9l6bl0684kjglam2f68z8lf3xggcc2i5wzhh8a";
-      })
-      (fetchpatch {
-        url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/101-feature_test_fix.patch";
-        sha256 = "0v6890a85aqmw60pgj3mm7g8nkaphgq65dj4v9c6h58wdsrc6f0y";
-      })
-      (fetchpatch {
-        url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/103-sys_nerr.patch";
-        sha256 = "0s497x6mkz947aw29wdy073k8dyjq8j99lax1a1mzpikzr4rxlmd";
-      })
-    ] ++ mapModules "patches");
+    })
+    ./nix-skip-check-logs-path.patch
+  ] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
+    (fetchpatch {
+      url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/102-sizeof_test_fix.patch";
+      sha256 = "0i2k30ac8d7inj9l6bl0684kjglam2f68z8lf3xggcc2i5wzhh8a";
+    })
+    (fetchpatch {
+      url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/101-feature_test_fix.patch";
+      sha256 = "0v6890a85aqmw60pgj3mm7g8nkaphgq65dj4v9c6h58wdsrc6f0y";
+    })
+    (fetchpatch {
+      url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/103-sys_nerr.patch";
+      sha256 = "0s497x6mkz947aw29wdy073k8dyjq8j99lax1a1mzpikzr4rxlmd";
+    })
+  ] ++ mapModules "patches");

  hardeningEnable = optional (!stdenv.isDarwin) "pie";

--- a/pkgs/servers/http/nginx/nix-skip-check-logs-path.patch
+++ b/pkgs/servers/http/nginx/nix-skip-check-logs-path.patch
@ -0,0 +1,27 @@
+diff --git a/auto/install b/auto/install
+index d884487..dccc411 100644
+--- a/auto/install
+++ b/auto/install
+@@ -148,12 +148,6 @@ install:	build $NGX_INSTALL_PERL_MODULES
+ 		|| cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PATH'
+ 	cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PREFIX/nginx.conf.default'
+ 
+-	test -d '\$(DESTDIR)`dirname "$NGX_PID_PATH"`' \\
+-		|| mkdir -p '\$(DESTDIR)`dirname "$NGX_PID_PATH"`'
+-
+-	test -d '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' \\
+-		|| mkdir -p '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`'
+-
+ 	test -d '\$(DESTDIR)$NGX_PREFIX/html' \\
+ 		|| cp -R $NGX_HTML '\$(DESTDIR)$NGX_PREFIX'
+ END
+@@ -161,9 +155,6 @@ END
+ 
+ if test -n "$NGX_ERROR_LOG_PATH"; then
+     cat << END                                                >> $NGX_MAKEFILE
+-
+-	test -d '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`' \\
+-		|| mkdir -p '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`'
+ END
+ 
+ fi
--- a/pkgs/servers/http/openresty/default.nix
+++ b/pkgs/servers/http/openresty/default.nix
@ -16,10 +16,11 @@ callPackage ../nginx/generic.nix args rec {
    sha256 = "1a1la7vszv1parsnhphydblz64ffhycazncn3ividnvqg2mg735n";
  };

-  fixPatch = patch:
-    runCommand "openresty-${patch.name}" { src = patch; } ''
+  fixPatch = patch: let name = patch.name or (builtins.baseNameOf patch); in
+    runCommand "openresty-${name}" { src = patch; } ''
      substitute $src $out \
-        --replace "src/" "bundle/nginx-${nginxVersion}/src/"
+        --replace "a/" "a/bundle/nginx-${nginxVersion}/" \
+        --replace "b/" "b/bundle/nginx-${nginxVersion}/"
    '';

  buildInputs = [ postgresql ];
--- a/pkgs/servers/http/tengine/default.nix
+++ b/pkgs/servers/http/tengine/default.nix
@ -1,5 +1,5 @@
 { stdenv, fetchFromGitHub, openssl, zlib, pcre, libxml2, libxslt
-, gd, geoip, gperftools, jemalloc
+, substituteAll, gd, geoip, gperftools, jemalloc
 , withDebug ? false
 , withMail ? false
 , withStream ? false
@ -24,8 +24,14 @@ stdenv.mkDerivation rec {
    [ openssl zlib pcre libxml2 libxslt gd geoip gperftools jemalloc ]
    ++ concatMap (mod: mod.inputs or []) modules;

-  patches = [
+  patches = singleton (substituteAll {
+    src = ../nginx/nix-etag-1.15.4.patch;
+    preInstall = ''
+      export nixStoreDir="$NIX_STORE" nixStoreDirLen="''${#NIX_STORE}"
+    '';
+  }) ++ [
    ./check-resolv-conf.patch
+    ../nginx/nix-skip-check-logs-path.patch
  ];

  configureFlags = [
@ -53,6 +59,14 @@ stdenv.mkDerivation rec {
    "--with-poll_module"
    "--with-google_perftools_module"
    "--with-jemalloc"
+    "--http-log-path=/var/log/nginx/access.log"
+    "--error-log-path=/var/log/nginx/error.log"
+    "--pid-path=/var/log/nginx/nginx.pid"
+    "--http-client-body-temp-path=/var/cache/nginx/client_body"
+    "--http-proxy-temp-path=/var/cache/nginx/proxy"
+    "--http-fastcgi-temp-path=/var/cache/nginx/fastcgi"
+    "--http-uwsgi-temp-path=/var/cache/nginx/uwsgi"
+    "--http-scgi-temp-path=/var/cache/nginx/scgi"
  ] ++ optionals withDebug [
    "--with-debug"
  ] ++ optionals withMail [