{ stdenv, fetchurl, fetchFromGitHub, openssl, zlib, pcre, libxml2, libxslt, expat , gd, geoip , withStream ? false , modules ? [] , hardening ? true }: with stdenv.lib; let version = "1.9.14"; mainSrc = fetchurl { url = "http://nginx.org/download/nginx-${version}.tar.gz"; sha256 = "1ljpyigqb6sbm4f8mi4fyvwfcvfapzg4z35s9cwb9ri8dl3r6j1b"; }; in stdenv.mkDerivation rec { name = "nginx-${version}"; src = mainSrc; buildInputs = [ openssl zlib pcre libxml2 libxslt gd geoip ] ++ concatMap (mod: mod.inputs or []) modules; configureFlags = [ "--with-http_ssl_module" "--with-http_v2_module" "--with-http_realip_module" "--with-http_addition_module" "--with-http_xslt_module" "--with-http_image_filter_module" "--with-http_geoip_module" "--with-http_sub_module" "--with-http_dav_module" "--with-http_flv_module" "--with-http_mp4_module" "--with-http_gunzip_module" "--with-http_gzip_static_module" "--with-http_auth_request_module" "--with-http_random_index_module" "--with-http_secure_link_module" "--with-http_degradation_module" "--with-http_stub_status_module" "--with-ipv6" # Install destination problems # "--with-http_perl_module" ] ++ optional withStream "--with-stream" ++ optional (elem stdenv.system (with platforms; linux ++ freebsd)) "--with-file-aio" ++ map (mod: "--add-module=${mod.src}") modules; NIX_CFLAGS_COMPILE = [ "-I${libxml2.dev}/include/libxml2" ] ++ optional stdenv.isDarwin "-Wno-error=deprecated-declarations"; preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules) + optionalString (hardening && (stdenv.cc.cc.isGNU or false)) '' configureFlagsArray=( --with-cc-opt="-fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2" --with-ld-opt="-pie -Wl,-z,relro,-z,now" ) '' ; postInstall = '' mv $out/sbin $out/bin ''; meta = { description = "A reverse proxy and lightweight webserver"; homepage = http://nginx.org; license = licenses.bsd2; platforms = platforms.all; maintainers = with maintainers; [ thoughtpolice raskin ]; }; }