nginxModules.http_proxy_connect_module: init

This adds the nginx module `ngx_http_proxy_connect_module` which allows to tunnel HTTPS through an nginx proxy[1]. As this module contained patches for several nginx version, some minor adjustments were needed: * Allowed each entry in `nginxModules` to provide patches. * Added an optional `supports` attribute to ensure that each module can determine if it supports the currently built nginx version (e.g. stable 1.14 ATM or mainline 1.15 ATM). [1] https://github.com/chobits/ngx_http_proxy_connect_module
5 years ago · 37867dba74
parent 6b1d7e9316
commit 37867dba74
2 changed files with 38 additions and 2 deletions
--- a/pkgs/servers/http/nginx/generic.nix
+++ b/pkgs/servers/http/nginx/generic.nix
@ -9,6 +9,17 @@

 with stdenv.lib;

+let
+
+  mapModules = attrPath: flip concatMap modules
+    (mod:
+      let supports = mod.supports or (_: true);
+      in
+        if supports version then mod.${attrPath} or []
+        else throw "Module at ${toString mod.src} does not support nginx version ${version}!");
+
+in
+
 stdenv.mkDerivation {
  name = "nginx-${version}";

@ -18,7 +29,7 @@ stdenv.mkDerivation {
  };

  buildInputs = [ openssl zlib pcre libxml2 libxslt gd geoip ]
-    ++ concatMap (mod: mod.inputs or []) modules;
+    ++ mapModules "inputs";

  configureFlags = [
    "--with-http_ssl_module"
@ -77,7 +88,7 @@ stdenv.mkDerivation {
      url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/103-sys_nerr.patch";
      sha256 = "0s497x6mkz947aw29wdy073k8dyjq8j99lax1a1mzpikzr4rxlmd";
    })
-  ];
+  ] ++ mapModules "patches";

  hardeningEnable = optional (!stdenv.isDarwin) "pie";

--- a/pkgs/servers/http/nginx/modules.nix
+++ b/pkgs/servers/http/nginx/modules.nix
@ -1,5 +1,22 @@
 { fetchFromGitHub, lib, pkgs }:

+let
+
+  http_proxy_connect_module_generic = patchName: rec {
+    src = fetchFromGitHub {
+      owner = "chobits";
+      repo = "ngx_http_proxy_connect_module";
+      rev = "8201639082cba702211585b03d4cc7bc51c65167";
+      sha256 = "0z71x3xnlczrr2kq43w3drxj9g14fkk4jz66x921v0yb8r9mnn5a";
+    };
+
+    patches = [
+      "${src}/patch/${patchName}.patch"
+    ];
+  };
+
+in
+
 {
  brotli = {
    src = let gitsrc = pkgs.fetchFromGitHub {
@ -318,4 +335,12 @@
      sha256 = "1jq2s9k7hah3b317hfn9y3g1q4g4x58k209psrfsqs718a9sw8c7";
    };
  };
+
+  http_proxy_connect_module_v15 = http_proxy_connect_module_generic "proxy_connect_rewrite_1015" // {
+    supports = with lib.versions; version: major version == "1" && minor version == "15";
+  };
+
+  http_proxy_connect_module_v14 = http_proxy_connect_module_generic "proxy_connect_rewrite_1014" // {
+    supports = with lib.versions; version: major version == "1" && minor version == "14";
+  };
 }