%bcond_without mysql # mysql support in mod_mysql_vhost, mod_vhostdb_mysql
%bcond_without pgsql # PgSQL, enables mod_vhostdb_pgsql
%bcond_without geoip # GeoIP support
+%bcond_without maxminddb # MaxMind GeoIP2 module
%bcond_with krb5 # krb5 support (does not work with heimdal)
%bcond_without ldap # ldap support in mod_auth, mod_vhostdb_ldap
%bcond_without lua # LUA support in mod_cml (needs LUA >= 5.1)
Summary: Fast and light HTTP server
Summary(pl.UTF-8): Szybki i lekki serwer HTTP
Name: lighttpd
-Version: 1.4.54
+Version: 1.4.55
Release: 1
License: BSD
Group: Networking/Daemons/HTTP
Source0: https://download.lighttpd.net/lighttpd/releases-1.4.x/%{name}-%{version}.tar.xz
-# Source0-md5: 7abc776243c811e9872f73ab38b7f8b5
+# Source0-md5: be4bda2c28bcbdac6eb941528f6edf03
Source1: %{name}.init
Source2: %{name}.conf
Source3: %{name}.user
Source143: mod_vhostdb.conf
Source144: mod_wstunnel.conf
Source145: mod_authn_mysql.conf
+Source146: mod_sockproxy.conf
+Source147: mod_maxminddb.conf
# use branch.sh script to create branch.diff
#Patch100: %{name}-branch.diff
## Patch100-md5: 7bd09235304c8bcb16f34d49d480c0fb
Patch1: %{name}-mod_evasive-status_code.patch
Patch2: %{name}-mod_h264_streaming.patch
Patch3: %{name}-branding.patch
-Patch6: test-port-setup.patch
-Patch7: env-documentroot.patch
+Patch5: test-port-setup.patch
URL: https://www.lighttpd.net/
%{?with_geoip:BuildRequires: GeoIP-devel}
+%{?with_maxminddb:BuildRequires: libmaxminddb-devel}
%{?with_xattr:BuildRequires: attr-devel}
BuildRequires: autoconf >= 2.57
BuildRequires: automake >= 1:1.11.2
%description mod_magnet -l pl.UTF-8
mod_magnet to moduł sterujący obsługą żądań w lighty.
+%package mod_maxminddb
+Summary: lighttpd module
+Group: Networking/Daemons/HTTP
+#URL: https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModGeoip
+Requires: %{name} = %{version}-%{release}
+
+%description mod_maxminddb
+
%package mod_mysql_vhost
Summary: lighttpd module for MySQL based vhosting
Summary(pl.UTF-8): Moduł lighttpd obsługujący vhosty oparte na MySQL-u
Ten moduł pozwala na przepisywanie zbioru URL-i wewnętrznie w serwerze
WWW _przed_ ich obsługą.
-%package mod_sockproxy
-Summary: lighttpd module for socket forwarding
-Summary(pl.UTF-8): Moduł lighttpd przekazywania gniazdek
-Group: Networking/Daemons/HTTP
-Requires: %{name} = %{version}-%{release}
-
-%description mod_sockproxy
-Sock proxy module for socket forwarding.
-
-%description mod_sockproxy -l pl.UTF-8
-Moduł proxy do przekazywania gniazdek.
-
%package mod_rrdtool
Summary: lighttpd module for monitoring traffic and server load
Summary(pl.UTF-8): Moduł lighttpd do monitorowania ruchu i obciążenia serwera
%description mod_simple_vhost -l pl.UTF-8
Moduł lighttpd do prostych hostów wirtualnych.
+%package mod_sockproxy
+Summary: Transparent socket proxy
+Group: Networking/Daemons/HTTP
+URL: https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModSockProxy
+Requires: %{name} = %{version}-%{release}
+
+%description mod_sockproxy
+mod_sockproxy is a transparent socket proxy. For a given $SERVER["socket"]
+config, connections will be forwarded to backend(s) without any
+interpretation of the protocol.
+
%package mod_ssi
Summary: lighttpd module for server-side includes
Summary(pl.UTF-8): Moduł lighttpd do SSI (server-side includes)
#%patch1 -p1 UPDATE (and submit upstream!) if you need this
%{?with_h264_streaming:%patch2 -p1}
%patch3 -p1
-%patch6 -p1
-#%patch7 -p1 probably fixed upstream
+%patch5 -p1
rm -f src/mod_ssi_exprparser.h # bad patching: should be removed by is emptied instead
%{?with_dbi:--with-dbi} \
%{?with_krb5:--with-krb5} \
%{?with_geoip:--with-geoip} \
+ %{?with_maxminddb:--with-maxminddb} \
%{?with_mysql:--with-mysql} \
%{?with_ldap:--with-ldap} \
%{?with_ssl:--with-openssl} \
%if %{with geoip}
cp -p %{SOURCE140} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_geoip.conf
%endif
+%if %{with maxminddb}
+cp -p %{SOURCE147} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_maxminddb.conf
+%endif
%if %{with ldap}
cp -p %{SOURCE141} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_authn_ldap.conf
%endif
%if %{with mysql}
cp -p %{SOURCE133} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_mysql_vhost.conf
%endif
+cp -p %{SOURCE146} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_sockproxy.conf
cp -p %{SOURCE134} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/55_mod_magnet.conf
cp -p %{SOURCE111} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/55_mod_expire.conf
%module_scripts mod_h264_streaming
%module_scripts mod_indexfile
%module_scripts mod_magnet
+%module_scripts mod_maxminddb
%module_scripts mod_mysql_vhost
%module_scripts mod_openssl
%module_scripts mod_proxy
%module_scripts mod_redirect
%module_scripts mod_rewrite
-%module_scripts mod_sockproxy
%module_scripts mod_scgi
%module_scripts mod_secdownload
%module_scripts mod_setenv
%module_scripts mod_simple_vhost
+%module_scripts mod_sockproxy
%module_scripts mod_ssi
%module_scripts mod_staticfile
%module_scripts mod_status
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_magnet.conf
%attr(755,root,root) %{pkglibdir}/mod_magnet.so
+%if %{with maxminddb}
+%files mod_maxminddb
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_maxminddb.conf
+%attr(755,root,root) %{pkglibdir}/mod_maxminddb.so
+%endif
+
%if %{with mysql}
%files mod_mysql_vhost
%defattr(644,root,root,755)
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_rewrite.conf
%attr(755,root,root) %{pkglibdir}/mod_rewrite.so
-%files mod_sockproxy
-%defattr(644,root,root,755)
-%attr(755,root,root) %{pkglibdir}/mod_sockproxy.so
-
%files mod_rrdtool
%defattr(644,root,root,755)
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_rrdtool.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_simple_vhost.conf
%attr(755,root,root) %{pkglibdir}/mod_simple_vhost.so
+%files mod_sockproxy
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_sockproxy.conf
+%attr(755,root,root) %{pkglibdir}/mod_sockproxy.so
+
%files mod_ssi
%defattr(644,root,root,755)
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_ssi.conf
# "HTTPS" => "on"
# )
+ # https://ssl-config.mozilla.org/#server=lighttpd&server-version=1.4.54&config=intermediate
# intermediate configuration, tweak to your needs
+ #
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
- ssl.honor-cipher-order = "enable"
- # If you know you have RSA keys (standard), you can use:
- #ssl.cipher-list = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK"
- # The more generic version (without the restriction to RSA keys) is
- #ssl.cipher-list = "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK"
- # List from https://mozilla.github.io/server-side-tls/ssl-config-generator/
- ssl.cipher-list = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
+ # intermediate configuration, tweak to your needs
+ ssl.openssl.ssl-conf-cmd = ("Protocol" => "ALL, -SSLv2, -SSLv3, -TLSv1, -TLSv1.1")
+ ssl.cipher-list = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
+ ssl.honor-cipher-order = "disable"
- # HSTS(15768000 seconds = 6 months)
-# setenv.add-response-header = (
-# "Strict-Transport-Security" => "max-age=15768000;"
-# )
+ # HTTP Strict Transport Security (63072000 seconds
+ # setenv.add-response-header = (
+ # "Strict-Transport-Security" => "max-age=63072000"
+ # )
$HTTP["useragent"] =~ "MSIE" {
server.max-keep-alive-requests = 0
TLD / packages / lighttpd.git / commitdiff