diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml
index de409240c70..3673f6e0d9c 100644
--- a/nixos/doc/manual/release-notes/rl-2009.xml
+++ b/nixos/doc/manual/release-notes/rl-2009.xml
@@ -279,6 +279,13 @@ php.override {
+
+
+ The Nginx log directory has been moved to /var/log/nginx, the cache directory
+ to /var/cache/nginx. The option services.nginx.stateDir has
+ been removed.
+
+
The httpd web server previously started its main process as root
diff --git a/nixos/modules/services/logging/awstats.nix b/nixos/modules/services/logging/awstats.nix
index 5939d7808f7..896f52302ff 100644
--- a/nixos/modules/services/logging/awstats.nix
+++ b/nixos/modules/services/logging/awstats.nix
@@ -24,7 +24,7 @@ let
logFile = mkOption {
type = types.str;
- example = "/var/spool/nginx/logs/access.log";
+ example = "/var/log/nginx/access.log";
description = ''
The log file to be scanned.
@@ -110,7 +110,7 @@ in
{
"mysite" = {
domain = "example.com";
- logFile = "/var/spool/nginx/logs/access.log";
+ logFile = "/var/log/nginx/access.log";
};
}
'';
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index 8d49dc66eb1..1e9cda7e478 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -187,7 +187,7 @@ let
then "/etc/nginx/nginx.conf"
else configFile;
- execCommand = "${cfg.package}/bin/nginx -c '${configPath}' -p '${cfg.stateDir}'";
+ execCommand = "${cfg.package}/bin/nginx -c '${configPath}'";
vhosts = concatStringsSep "\n" (mapAttrsToList (vhostName: vhost:
let
@@ -463,13 +463,6 @@ in
'';
};
- stateDir = mkOption {
- default = "/var/spool/nginx";
- description = "
- Directory holding all state for nginx to run.
- ";
- };
-
user = mkOption {
type = types.str;
default = "nginx";
@@ -636,6 +629,13 @@ in
};
};
+ imports = [
+ (mkRemovedOptionModule [ "services" "nginx" "stateDir" ] ''
+ The Nginx log directory has been moved to /var/log/nginx, the cache directory
+ to /var/cache/nginx. The option services.nginx.stateDir has been removed.
+ '')
+ ];
+
config = mkIf cfg.enable {
# TODO: test user supplied config file pases syntax test
@@ -680,12 +680,6 @@ in
}
];
- systemd.tmpfiles.rules = [
- "d '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -"
- "d '${cfg.stateDir}/logs' 0750 ${cfg.user} ${cfg.group} - -"
- "Z '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -"
- ];
-
systemd.services.nginx = {
description = "Nginx Web Server";
wantedBy = [ "multi-user.target" ];
@@ -708,6 +702,12 @@ in
# Runtime directory and mode
RuntimeDirectory = "nginx";
RuntimeDirectoryMode = "0750";
+ # Cache directory and mode
+ CacheDirectory = "nginx";
+ CacheDirectoryMode = "0750";
+ # Logs directory and mode
+ LogsDirectory = "nginx";
+ LogsDirectoryMode = "0750";
# Capabilities
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" "CAP_SYS_RESOURCE" ];
};
diff --git a/nixos/tests/service-runner.nix b/nixos/tests/service-runner.nix
index adb3fcd36d7..39ae66fe111 100644
--- a/nixos/tests/service-runner.nix
+++ b/nixos/tests/service-runner.nix
@@ -23,7 +23,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
machine.fail(f"curl {url}")
machine.succeed(
"""
- mkdir -p /run/nginx /var/spool/nginx/logs
+ mkdir -p /run/nginx /var/log/nginx /var/cache/nginx
${nodes.machine.config.systemd.services.nginx.runner} &
echo $!>my-nginx.pid
"""
diff --git a/pkgs/servers/http/nginx/generic.nix b/pkgs/servers/http/nginx/generic.nix
index 67a914b6a98..80bc1458ad7 100644
--- a/pkgs/servers/http/nginx/generic.nix
+++ b/pkgs/servers/http/nginx/generic.nix
@@ -68,6 +68,14 @@ stdenv.mkDerivation {
"--with-http_stub_status_module"
"--with-threads"
"--with-pcre-jit"
+ "--http-log-path=/var/log/nginx/access.log"
+ "--error-log-path=/var/log/nginx/error.log"
+ "--pid-path=/var/log/nginx/nginx.pid"
+ "--http-client-body-temp-path=/var/cache/nginx/client_body"
+ "--http-proxy-temp-path=/var/cache/nginx/proxy"
+ "--http-fastcgi-temp-path=/var/cache/nginx/fastcgi"
+ "--http-uwsgi-temp-path=/var/cache/nginx/uwsgi"
+ "--http-scgi-temp-path=/var/cache/nginx/scgi"
] ++ optionals withDebug [
"--with-debug"
] ++ optionals withStream [
@@ -99,26 +107,28 @@ stdenv.mkDerivation {
preConfigure = preConfigure
+ concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules;
- patches = map fixPatch
- (singleton (substituteAll {
+ patches = map fixPatch ([
+ (substituteAll {
src = ./nix-etag-1.15.4.patch;
preInstall = ''
export nixStoreDir="$NIX_STORE" nixStoreDirLen="''${#NIX_STORE}"
'';
- }) ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
- (fetchpatch {
- url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/102-sizeof_test_fix.patch";
- sha256 = "0i2k30ac8d7inj9l6bl0684kjglam2f68z8lf3xggcc2i5wzhh8a";
- })
- (fetchpatch {
- url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/101-feature_test_fix.patch";
- sha256 = "0v6890a85aqmw60pgj3mm7g8nkaphgq65dj4v9c6h58wdsrc6f0y";
- })
- (fetchpatch {
- url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/103-sys_nerr.patch";
- sha256 = "0s497x6mkz947aw29wdy073k8dyjq8j99lax1a1mzpikzr4rxlmd";
- })
- ] ++ mapModules "patches");
+ })
+ ./nix-skip-check-logs-path.patch
+ ] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
+ (fetchpatch {
+ url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/102-sizeof_test_fix.patch";
+ sha256 = "0i2k30ac8d7inj9l6bl0684kjglam2f68z8lf3xggcc2i5wzhh8a";
+ })
+ (fetchpatch {
+ url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/101-feature_test_fix.patch";
+ sha256 = "0v6890a85aqmw60pgj3mm7g8nkaphgq65dj4v9c6h58wdsrc6f0y";
+ })
+ (fetchpatch {
+ url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/103-sys_nerr.patch";
+ sha256 = "0s497x6mkz947aw29wdy073k8dyjq8j99lax1a1mzpikzr4rxlmd";
+ })
+ ] ++ mapModules "patches");
hardeningEnable = optional (!stdenv.isDarwin) "pie";
diff --git a/pkgs/servers/http/nginx/nix-skip-check-logs-path.patch b/pkgs/servers/http/nginx/nix-skip-check-logs-path.patch
new file mode 100644
index 00000000000..a823660cc32
--- /dev/null
+++ b/pkgs/servers/http/nginx/nix-skip-check-logs-path.patch
@@ -0,0 +1,27 @@
+diff --git a/auto/install b/auto/install
+index d884487..dccc411 100644
+--- a/auto/install
++++ b/auto/install
+@@ -148,12 +148,6 @@ install: build $NGX_INSTALL_PERL_MODULES
+ || cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PATH'
+ cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PREFIX/nginx.conf.default'
+
+- test -d '\$(DESTDIR)`dirname "$NGX_PID_PATH"`' \\
+- || mkdir -p '\$(DESTDIR)`dirname "$NGX_PID_PATH"`'
+-
+- test -d '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' \\
+- || mkdir -p '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`'
+-
+ test -d '\$(DESTDIR)$NGX_PREFIX/html' \\
+ || cp -R $NGX_HTML '\$(DESTDIR)$NGX_PREFIX'
+ END
+@@ -161,9 +155,6 @@ END
+
+ if test -n "$NGX_ERROR_LOG_PATH"; then
+ cat << END >> $NGX_MAKEFILE
+-
+- test -d '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`' \\
+- || mkdir -p '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`'
+ END
+
+ fi
diff --git a/pkgs/servers/http/openresty/default.nix b/pkgs/servers/http/openresty/default.nix
index 0e87b971985..9c01cfb19e1 100644
--- a/pkgs/servers/http/openresty/default.nix
+++ b/pkgs/servers/http/openresty/default.nix
@@ -16,10 +16,11 @@ callPackage ../nginx/generic.nix args rec {
sha256 = "1a1la7vszv1parsnhphydblz64ffhycazncn3ividnvqg2mg735n";
};
- fixPatch = patch:
- runCommand "openresty-${patch.name}" { src = patch; } ''
+ fixPatch = patch: let name = patch.name or (builtins.baseNameOf patch); in
+ runCommand "openresty-${name}" { src = patch; } ''
substitute $src $out \
- --replace "src/" "bundle/nginx-${nginxVersion}/src/"
+ --replace "a/" "a/bundle/nginx-${nginxVersion}/" \
+ --replace "b/" "b/bundle/nginx-${nginxVersion}/"
'';
buildInputs = [ postgresql ];
diff --git a/pkgs/servers/http/tengine/default.nix b/pkgs/servers/http/tengine/default.nix
index 1593ad0c06f..f3cae597ef9 100644
--- a/pkgs/servers/http/tengine/default.nix
+++ b/pkgs/servers/http/tengine/default.nix
@@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, openssl, zlib, pcre, libxml2, libxslt
-, gd, geoip, gperftools, jemalloc
+, substituteAll, gd, geoip, gperftools, jemalloc
, withDebug ? false
, withMail ? false
, withStream ? false
@@ -24,8 +24,14 @@ stdenv.mkDerivation rec {
[ openssl zlib pcre libxml2 libxslt gd geoip gperftools jemalloc ]
++ concatMap (mod: mod.inputs or []) modules;
- patches = [
+ patches = singleton (substituteAll {
+ src = ../nginx/nix-etag-1.15.4.patch;
+ preInstall = ''
+ export nixStoreDir="$NIX_STORE" nixStoreDirLen="''${#NIX_STORE}"
+ '';
+ }) ++ [
./check-resolv-conf.patch
+ ../nginx/nix-skip-check-logs-path.patch
];
configureFlags = [
@@ -53,6 +59,14 @@ stdenv.mkDerivation rec {
"--with-poll_module"
"--with-google_perftools_module"
"--with-jemalloc"
+ "--http-log-path=/var/log/nginx/access.log"
+ "--error-log-path=/var/log/nginx/error.log"
+ "--pid-path=/var/log/nginx/nginx.pid"
+ "--http-client-body-temp-path=/var/cache/nginx/client_body"
+ "--http-proxy-temp-path=/var/cache/nginx/proxy"
+ "--http-fastcgi-temp-path=/var/cache/nginx/fastcgi"
+ "--http-uwsgi-temp-path=/var/cache/nginx/uwsgi"
+ "--http-scgi-temp-path=/var/cache/nginx/scgi"
] ++ optionals withDebug [
"--with-debug"
] ++ optionals withMail [