From 0b82aee7ae5319717b60a145fca05cf4ded60f4f Mon Sep 17 00:00:00 2001
From: psykose <alice@ayaya.dev>
Date: Wed, 27 Apr 2022 22:21:24 +0000
Subject: [PATCH] nginx-current: new ptrcport

---
 nginx-current/APKBUILD                   | 315 +++++++++++++++++++++++
 nginx-current/default.conf               |  17 ++
 nginx-current/nginx-current.post-install |  11 +
 nginx-current/nginx-current.post-upgrade |  70 +++++
 nginx-current/nginx-current.pre-install  |   8 +
 nginx-current/nginx-current.pre-upgrade  |   9 +
 nginx-current/nginx.conf                 | 107 ++++++++
 nginx-current/nginx.confd                |   6 +
 nginx-current/nginx.initd                |  71 +++++
 nginx-current/nginx.logrotate            |   8 +
 nginx-current/stream.conf                |  14 +
 11 files changed, 636 insertions(+)
 create mode 100644 nginx-current/APKBUILD
 create mode 100644 nginx-current/default.conf
 create mode 100644 nginx-current/nginx-current.post-install
 create mode 100644 nginx-current/nginx-current.post-upgrade
 create mode 100644 nginx-current/nginx-current.pre-install
 create mode 100644 nginx-current/nginx-current.pre-upgrade
 create mode 100644 nginx-current/nginx.conf
 create mode 100644 nginx-current/nginx.confd
 create mode 100644 nginx-current/nginx.initd
 create mode 100644 nginx-current/nginx.logrotate
 create mode 100644 nginx-current/stream.conf

diff --git a/nginx-current/APKBUILD b/nginx-current/APKBUILD
new file mode 100644
index 0000000..515d7e4
--- /dev/null
+++ b/nginx-current/APKBUILD
@@ -0,0 +1,315 @@
+# Maintainer: psykose <alice@ayaya.dev>
+pkgname=nginx-current
+pkgver=1.21.6
+pkgrel=0
+pkgdesc="HTTP and reverse proxy server (current version)"
+url="https://www.nginx.org/"
+arch="all"
+license="BSD-2-Clause"
+depends="!nginx"
+makedepends="
+	brotli-dev
+	gd-dev
+	libxml2-dev
+	libxslt-dev
+	linux-headers
+	luajit-dev
+	openssl3-dev
+	pcre2-dev
+	perl-dev
+	zeromq-dev
+	zlib-dev
+	"
+pkgusers="nginx"
+_grp_ngx="nginx"
+_grp_www="www-data"
+pkggroups="$_grp_ngx $_grp_www"
+install="$pkgname.pre-install $pkgname.post-install $pkgname.pre-upgrade $pkgname.post-upgrade"
+subpackages="$pkgname-doc $pkgname-openrc $pkgname-vim::noarch"
+source="https://nginx.org/download/nginx-$pkgver.tar.gz
+	nginx.conf
+	default.conf
+	stream.conf
+	nginx.logrotate
+	nginx.initd
+	nginx.confd
+	"
+builddir="$srcdir/nginx-$pkgver"
+options="!check" # no time!
+
+_modules_dir="usr/lib/$pkgname/modules"
+
+# Built-in dynamic modules
+for _mod in \
+	http-image-filter \
+	http-perl \
+	http-xslt-filter \
+	mail \
+	stream
+do
+	subpackages="$subpackages $pkgname-mod-$_mod:_module"
+done
+
+# Third-party dynamic modules
+
+# For simplicity we assume that module is hosted on GitHub.
+_add_module() {
+	local name="$1" ver="$2" url="$3" subdir="$4" enabled="${5:-true}"
+	local dirname=${url##*/}-${ver#v}
+	local varprefix="_${name//-/_}"
+
+	eval "${varprefix}_ver='$ver'; ${varprefix}_url='$url'"
+
+	# Don't add new flag and source if it's already there, i.e. two or more
+	# modules share the same source (e.g. geoip2 that provides http-geoip2
+	# and stream-geoip2).
+	if ! printf '%s\n' $_extra_flags | grep -qFw "$srcdir/$dirname"; then
+		source="$source $dirname.tar.gz::$url/archive/$ver.tar.gz"
+		# $source must be always in-sync with $sha512sums, so we have to
+		# add there source of a module that is disabled on the current arch.
+		[ "$enabled" = false ] && return
+
+		_extra_flags="$_extra_flags --add-dynamic-module=$srcdir/$dirname/$subdir"
+	fi
+	subpackages="$subpackages $pkgname-mod-$name:_module"
+}
+
+_add_module "devel-kit" "v0.3.1" "https://github.com/vision5/ngx_devel_kit"
+_devel_kit_so="ndk_http_module.so"
+
+_add_module "http-accounting" "v2.0" "https://github.com/Lax/traffic-accounting-nginx-module"
+
+_add_module "http-array-var" "v0.05" "https://github.com/openresty/array-var-nginx-module"
+_http_array_var_depends="$pkgname-mod-devel-kit"
+
+_add_module "http-brotli" "v1.0.0rc" "https://github.com/google/ngx_brotli"
+_http_brotli_so="ngx_http_brotli_filter_module.so ngx_http_brotli_static_module.so"
+
+_add_module "http-cache-purge" "2.5.1" "https://github.com/nginx-modules/ngx_cache_purge"
+
+_add_module "http-cookie-flag" "v1.1.0" "https://github.com/AirisX/nginx_cookie_flag_module"
+_http_cookie_flag_so="ngx_http_cookie_flag_filter_module.so"
+
+_add_module "http-echo" "v0.62" "https://github.com/openresty/echo-nginx-module"
+
+_add_module "http-encrypted-session" "v0.08" "https://github.com/openresty/encrypted-session-nginx-module"
+_http_encrypted_session_depends="$pkgname-mod-devel-kit"
+
+_add_module "http-fancyindex" "v0.5.1" "https://github.com/aperezdc/ngx-fancyindex"
+
+_add_module "http-headers-more" "v0.33" "https://github.com/openresty/headers-more-nginx-module"
+_http_headers_more_so="ngx_http_headers_more_filter_module.so"
+
+_add_module "http-log-zmq" "v1.0.0" "https://github.com/danifbento/nginx-log-zmq"
+
+_add_module "http-nchan" "v1.2.8" "https://github.com/slact/nchan"
+_http_nchan_so="ngx_nchan_module.so"
+
+_add_module "http-redis2" "v0.15" "https://github.com/openresty/redis2-nginx-module"
+
+_add_module "http-set-misc" "v0.32" "https://github.com/openresty/set-misc-nginx-module"
+_http_set_misc_depends="$pkgname-mod-devel-kit"
+
+_add_module "http-shibboleth" "v2.0.1" "https://github.com/nginx-shib/nginx-http-shibboleth"
+
+_add_module "http-untar" "v1.0" "https://github.com/ajax16384/ngx_http_untar_module"
+
+_add_module "http-upload-progress" "v0.9.2" "https://github.com/masterzen/nginx-upload-progress-module"
+_http_upload_progress_so="ngx_http_uploadprogress_module.so"
+
+_add_module "http-upstream-fair" "0.1.3" "https://github.com/itoffshore/nginx-upstream-fair"
+
+_add_module "http-upstream-jdomain" "1.1.5" "https://github.com/nicholaschiasson/ngx_upstream_jdomain"
+
+_add_module "http-vod" "1.28" "https://github.com/kaltura/nginx-vod-module"
+
+_add_module "http-zip" "1.2.0" "https://github.com/evanmiller/mod_zip"
+
+_add_module "rtmp" "v1.2.2" "https://github.com/arut/nginx-rtmp-module"
+_rtmp_provides="nginx-rtmp"  # for backward compatibility
+
+build() {
+	export LUAJIT_LIB="$(pkg-config --variable=libdir luajit)"
+	export LUAJIT_INC="$(pkg-config --variable=includedir luajit)"
+	./configure \
+		--prefix=/var/lib/nginx \
+		--sbin-path=/usr/sbin/nginx \
+		--modules-path=/$_modules_dir \
+		--conf-path=/etc/nginx/nginx.conf \
+		--pid-path=/run/nginx/nginx.pid \
+		--lock-path=/run/nginx/nginx.lock \
+		--http-client-body-temp-path=/var/lib/nginx/tmp/client_body \
+		--http-proxy-temp-path=/var/lib/nginx/tmp/proxy \
+		--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi \
+		--http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi \
+		--http-scgi-temp-path=/var/lib/nginx/tmp/scgi \
+		--with-perl_modules_path=/usr/lib/perl5/vendor_perl \
+		\
+		--user=$pkgusers \
+		--group=$_grp_ngx \
+		--with-threads \
+		--with-file-aio \
+		\
+		--with-http_ssl_module \
+		--with-http_v2_module \
+		--with-http_realip_module \
+		--with-http_addition_module \
+		--with-http_xslt_module=dynamic \
+		--with-http_image_filter_module=dynamic \
+		--with-http_sub_module \
+		--with-http_flv_module \
+		--with-http_mp4_module \
+		--with-http_gunzip_module \
+		--with-http_gzip_static_module \
+		--with-http_auth_request_module \
+		--with-http_random_index_module \
+		--with-http_secure_link_module \
+		--with-http_degradation_module \
+		--with-http_slice_module \
+		--with-http_stub_status_module \
+		--with-http_perl_module=dynamic \
+		--with-mail=dynamic \
+		--with-mail_ssl_module \
+		--with-openssl-opt=enable-ktls \
+		--with-stream=dynamic \
+		--with-stream_ssl_module \
+		--with-stream_realip_module \
+		--with-stream_ssl_preread_module \
+		\
+		$_extra_flags
+
+	make
+}
+
+package() {
+	cd "$builddir"
+
+	make DESTDIR="$pkgdir" install
+	chown root:root "$pkgdir"/usr/sbin/nginx
+
+	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
+	install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README
+
+	install -Dm644 objs/nginx.8 "$pkgdir"/usr/share/man/man8/nginx.8
+
+	local name; for name in ngx_devel_kit nginx-rtmp-module; do
+		cp -r "$srcdir"/$name-*/doc* "$pkgdir"/usr/share/doc/$pkgname/$name
+	done
+	cd "$pkgdir"
+
+	install -Dm644 "$srcdir"/nginx.conf ./etc/nginx/nginx.conf
+	install -dm755 ./etc/$pkgname/http.d ./etc/nginx/modules
+
+	install -Dm755 "$srcdir"/nginx.initd ./etc/init.d/nginx
+	install -Dm644 "$srcdir"/nginx.confd ./etc/conf.d/nginx
+	install -Dm644 "$srcdir"/nginx.logrotate ./etc/logrotate.d/nginx
+
+	install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/nginx
+	install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/nginx/tmp
+	install -dm755 -g $_grp_www ./var/www/localhost/htdocs
+
+	install -Dm644 "$srcdir"/default.conf ./usr/share/nginx/http-default_server.conf
+
+	install -dm755 ./var/log
+	mv ./var/lib/nginx/logs ./var/log/nginx
+	chown $pkgusers:$_grp_ngx var/log/nginx
+
+	ln -sf /$_modules_dir ./var/lib/nginx/modules
+	ln -sf /var/log/nginx ./var/lib/nginx/logs
+	ln -sf /run/nginx ./var/lib/nginx/run
+
+	# Remove archaic charset maps.
+	rm ./etc/nginx/koi-* ./etc/nginx/win-utf
+
+	rm -rf ./run ./etc/nginx/*.default
+}
+
+vim() {
+	pkgdesc="$pkgdesc (vim syntax)"
+	install_if="vim $pkgname=$pkgver-r$pkgrel"
+	depends=
+
+	mkdir -p "$subpkgdir"/usr/share/vim
+	cp -r "$builddir"/contrib/vim "$subpkgdir"/usr/share/vim/vimfiles
+}
+
+_module() {
+	local name="${subpkgname#$pkgname-mod-}"; name="${name//-/_}"
+	local ver=$(getvar _${name}_ver)
+
+	pkgdesc="Nginx module ${name//_/-}"
+	[ "$ver" ] && pkgdesc="Nginx third-party module ${name//_/-} (version $ver)"
+
+	url=$(getvar "_${name}_url" "$url")
+	sonames=$(getvar "_${name}_so" "ngx_${name}_module.so")
+	depends="$pkgname $(getvar "_${name}_depends")"
+	provides=$(getvar "_${name}_provides")
+
+	# Numeric prefix for the module config to ensure that modules with
+	# dependencies on other modules will be loaded after their dependencies.
+	# For simplicity, we don't actually resolve dependency tree. Instead,
+	# we just prefix the module name with a number that reflects number of
+	# the module's dependencies times ten (e.g. 10, 20, 30, ...).
+	local conf_prefix="$(echo "$depends" | wc -w)0_"
+
+	mkdir -p "$subpkgdir"/$_modules_dir
+	mkdir -p "$subpkgdir"/etc/nginx/modules
+
+	cd "$subpkgdir"
+
+	local soname; for soname in $sonames; do
+		mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname
+		echo "load_module \"modules/$soname\";" >> ./etc/nginx/modules/${conf_prefix}$name.conf
+	done
+
+	case "$name" in
+		http_perl)
+			mv "$pkgdir"/usr/lib/perl5 "$subpkgdir"/usr/lib/
+		;;
+		http_naxsi)
+			install -m644 -D "$srcdir"/naxsi-*/naxsi_config/naxsi_core.rules \
+				./etc/nginx/naxsi_core.rules
+		;;
+		stream)
+			mkdir -p ./etc/nginx/stream.d
+			install -m644 "$srcdir"/stream.conf ./etc/nginx/stream.conf
+		;;
+	esac
+}
+
+# Print value of the specified variable, or the default if empty or not defined.
+getvar() {
+	eval "printf '%s\n' \"\${$1:-$2}\""
+}
+
+sha512sums="
+10b0cdd13b26687104bf11e6b850fd851e9d8881bdf67f72c062d956e661da4d70482e6ec3123405b324ad7ed821a8bcc67b742dce9f59e972407fa437ddcad4  nginx-1.21.6.tar.gz
+9c5ee975dffa15b76688ef798371635f38f1e6773b143c738add26297878dddfc20ebf276e3871a60f28b197e8a70496ca17d4816c2136171978c157bb8e591f  nginx.conf
+0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3  default.conf
+f3321a45736697009817db335ad36d3f1d05f60d98ac90a943220cdd4c00c52632f018db6a6076d5431a483525aacc5725b87b765b590e2f63b3ef98c5b16bd8  stream.conf
+09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb  nginx.logrotate
+ee10a5687740dde0c3d18d8b3555f49fcdc6abfc0a3bc2de1de3be0e99951a346fe8027d916aab73071ecd4e2c50871e7c867aca3a7a0fd16e3374c5caed1c57  nginx.initd
+0b9b9ed01ac077e334c034faa2679f6e26740fb3362eebf8cef82d22b2af2a3faaa53bae3c9e14af51cbf64720a7c66431905ca5cc43f978366456cc4e3b7f4a  nginx.confd
+de1e3349d8dd08e5982279b2219dc8a8006739f0409b8e0f5c50d93434beff1fbafba43e9c5ac85a5fab90afc5c0a7244a340610339c36f82f2cba7233e72de9  ngx_devel_kit-0.3.1.tar.gz
+0df34c3765e18dc5cc5a053d3a17dbee17a686a1f6e76ad057c262741c4e4465c66bcef86e627a19258f836cad5f14745bf046fd396b00960ad79ed20c2a07bb  traffic-accounting-nginx-module-2.0.tar.gz
+7c9fa9b76bc7cd2473ceae6d5ffb8de26993be9293ea967908d6c4550e086affa7016df4c936fb0b79f1142dc0aa1a5f2058d417e6433b5a3497a45d7e866e84  array-var-nginx-module-0.05.tar.gz
+05a880d5e48ac83be84498ed41fb4750211b827a9d7541acfd6ef494e5205a6e853d5594bfec3ab4ae668ea3f803e4f4b0ba550c76811971c8e266e42663c56d  ngx_brotli-1.0.0rc.tar.gz
+3ad37b4a251fb85a9a384f87fea5ca640166e3d7173c6ed9a857b191ae5f2e93819483b5d423fcafe8a10239b571677b342cc2d2d5d62315816f1316d7d5bb76  ngx_cache_purge-2.5.1.tar.gz
+352cc3d033cc67ee34209f958dac13ada2147de429f4dd3da301c865d52970d80c8aa3c193f7fb28cf4854b88baff07b6efc3bae1fb813fe53d5956a87dfc81a  nginx_cookie_flag_module-1.1.0.tar.gz
+240896b1c559a71ca6ca87136d8535edd25b1d65ebb80d46080ad41c09ed1cec9737828f9efe260782294d660cea66cf402f4e75bba3fed26f3a94de0ae2f89b  echo-nginx-module-0.62.tar.gz
+80651951edd69d202e991a66f531bbe0398b4f062e822bb7748411f5f597eb1d5827102ba477bb6cd2793274adf6f6d60dd89fde7645174b091143251197af69  encrypted-session-nginx-module-0.08.tar.gz
+5c9252713286056cb493b734c8aabef51538c4c3c3204404eecc6c09dffcd06f733ed4f134af8f5d38558db75ac0a6161a1fa29ae98284b68b30309d9a5e6b31  ngx-fancyindex-0.5.1.tar.gz
+13165b1b8d4be281b8bd2404fa48d456013d560bace094c81da08a35dc6a4f025a809a3ae3a42be6bbf67abbcbe41e0730aba06f905220f3baeb01e1192a7d37  headers-more-nginx-module-0.33.tar.gz
+015a358d987476bb61302fbbe1cb105f5314edc1a8b7ee6310aae697f755c79fcb1834ff561fced054c8cd5624f5387fcc1de729731ccd70662f2eb72bcdc174  nginx-log-zmq-1.0.0.tar.gz
+bea5ce8669f43f752a42f5988125ac1beb7c7904e780605f7706bbb03e9ab4f30a2bcbcddac5bc1c67cff4d92f798023ec320e8d9a2db47953f9f7b08b5ad882  nchan-1.2.8.tar.gz
+d6ca250db8de93edbd7875afca35e73cecdaf82132d1a7ee933cf94c6b8afa8e629e9e647a9321f2bc1fbb92137ec0d32dcd89b82ac5fae31e342537fb7e0431  redis2-nginx-module-0.15.tar.gz
+5590526f60c99630f99a49bfa9e3455baee6d58cd2a1419eab1367a838dafb87a50f5e2607aa8ac557b90dbf633dcf61069c997b3526cddc8f2fc45820a7bc3b  set-misc-nginx-module-0.32.tar.gz
+1730845ea2e52be8c2f6cfceb2894304c5a07959a96940bb1617ee0e7cf81d22283304f411d9a219ddb71e4d9a66012bba0f6f5574d101aeb3c406f26c5d6a4e  nginx-http-shibboleth-2.0.1.tar.gz
+5b0800ffb98ae69d3505d9046bc7f660defa14d21b74a4e425a4b07db917e39fd9a324851be8c424f5b4b4ef83997e09d9053eb8aa9e9f1889513dd742b5abba  ngx_http_untar_module-1.0.tar.gz
+c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c  nginx-upload-progress-module-0.9.2.tar.gz
+8adb7453c27748f4e685e3352e9b318b408da818754dc5b6244e908423941a8ba337561104f6e481f2553cbc0e334dcea73b57f8e810a9d6e974bb69ff8859e5  nginx-upstream-fair-0.1.3.tar.gz
+54a0aae25a80f285e76344e6d0759e9a1b707be4bc0755abf4b7e48918c8e37092b7b259d052215d875be447d79717c0626797ea449677c492aa1e473cc448fd  ngx_upstream_jdomain-1.1.5.tar.gz
+389137124a3d046b99faabb977b5dbcf7c84541e039da27dfcca6b863d6d7f99e4b42916be1d7202bad017a88973c2f931985c2c58243f5134b7d9d199cdff0c  nginx-vod-module-1.28.tar.gz
+92e1e5aa570b68a19bb718817f864c4347f6dc89f90d828071ab3d06c784cc2786674d9d64fffef8c23749d0a653f2eb996b412ab10015eea1ed895d81268ce1  mod_zip-1.2.0.tar.gz
+3f8c803221854c4b1a06aadc6313fbfec74bd7179c0ee51d4365b26ffa8875881a6e1e48f777a9c9efbb9170ab7478a82920d5448a2c2df485503d37bb03ab81  nginx-rtmp-module-1.2.2.tar.gz
+"
diff --git a/nginx-current/default.conf b/nginx-current/default.conf
new file mode 100644
index 0000000..4704a69
--- /dev/null
+++ b/nginx-current/default.conf
@@ -0,0 +1,17 @@
+# This is a default site configuration which will simply return 404, preventing
+# chance access to any other virtualhost.
+
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+
+	# Everything is a 404
+	location / {
+		return 404;
+	}
+
+	# You may need this to prevent return 404 recursion.
+	location = /404.html {
+		internal;
+	}
+}
diff --git a/nginx-current/nginx-current.post-install b/nginx-current/nginx-current.post-install
new file mode 100644
index 0000000..cf4ddbc
--- /dev/null
+++ b/nginx-current/nginx-current.post-install
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# This is needed for containers that don't start nginx using init script.
+install -d -m 755 -o nginx -g nginx /run/nginx || true
+
+# Install config with the default http server to the new location (since 1.18.0-r13).
+if ! [ -e /etc/nginx/http.d/default.conf ]; then
+	install -m644 /usr/share/nginx/http-default_server.conf /etc/nginx/http.d/default.conf
+fi
+
+exit 0
diff --git a/nginx-current/nginx-current.post-upgrade b/nginx-current/nginx-current.post-upgrade
new file mode 100644
index 0000000..58e8e1b
--- /dev/null
+++ b/nginx-current/nginx-current.post-upgrade
@@ -0,0 +1,70 @@
+#!/bin/sh
+
+ver_new="$1"
+ver_old="$2"
+
+if [ "$(apk version -t "$ver_old" "1.10.1-r3")" = "<" ]; then
+	cat 1>&2 <<-EOF
+	*
+	* The nginx package has been modified to use dynamic modules. Now there's
+	* just single package providing nginx executable and bunch of nginx-mod-*
+	* subpackages.
+	*
+	* Lua support is now provided by package nginx-mod-http-lua, RTMP support
+	* is provided by nginx-mod-rtmp.
+	*
+	* Modules mail and stream are dynamic modules too and so not included
+	* by default anymore. If you use them, install nginx-mod-mail and
+	* nginx-mod-stream.
+	* 
+	EOF
+fi
+
+# Handle transition from /etc/nginx/conf.d to /etc/nginx/http.d.
+if [ "$(apk version -t "$ver_old" '1.18.0-r13')" = '<' ]; then
+	default_conf='/usr/share/nginx/http-default_server.conf'
+
+	if [ -z "$(ls -A /etc/nginx/conf.d 2>/dev/null)" ]; then
+		# conf.d dir doesn't exist or is empty, so the user doesn't use it.
+		# Thus we can install default.conf to the new directory.
+		install -m644 "$default_conf" /etc/nginx/http.d/default.conf
+
+	else
+		if ! [ -e /etc/nginx/conf.d/default.conf ]; then
+			# conf.d dir exists and is not empty, but there's no default.conf
+			# file, so the user probably did not modify it and apk has removed
+			# it during this upgrade. Prior this version, the default.conf
+			# would be installed, so install it now for backward compatibility.
+			install -m644 "$default_conf" /etc/nginx/conf.d/default.conf
+		fi
+		if ! [ -e /etc/nginx/nginx.conf.apk-new ]; then
+			# There's no updated nginx.conf, so the user didn't modify this
+			# config and apk replaced it during this upgrade. However, the
+			# user has some vhost configs in the old directory, so we have
+			# to revert the include back to the legacy path.
+			sed -i 's|include /etc/nginx/http\.d|# WARNING: Do not use this directory for virtual hosts anymore, use directory http.d!\n\tinclude /etc/nginx/conf.d|' \
+				/etc/nginx/nginx.conf
+		fi
+	fi
+
+	cat >&2 <<-EOF
+	*
+	* The default and preferred location for nginx vhost configs has been changed
+	* from /etc/nginx/conf.d to /etc/nginx/http.d. Although we did our best to not
+	* break existing setups by this upgrade, we strongly recommend to verify it.
+	*
+	EOF
+fi
+
+# Handle trasition from /var/tmp/nginx to /var/lib/nginx/tmp
+# https://gitlab.alpinelinux.org/alpine/aports/-/issues/11204
+if [ -d /var/lib/nginx/tmp ]; then
+	for i in /var/tmp/nginx/*; do
+		if [ -e "$i" ]; then
+			mv $i /var/lib/nginx/tmp/
+		fi
+	done
+	rmdir /var/tmp/nginx 2>/dev/null
+fi
+
+exit 0
diff --git a/nginx-current/nginx-current.pre-install b/nginx-current/nginx-current.pre-install
new file mode 100644
index 0000000..ae5b685
--- /dev/null
+++ b/nginx-current/nginx-current.pre-install
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+addgroup -Sg 82 www-data 2>/dev/null
+addgroup -S nginx 2>/dev/null
+adduser -S -D -H -h /var/lib/nginx -s /sbin/nologin -G nginx -g nginx nginx 2>/dev/null
+addgroup nginx www-data 2>/dev/null
+
+exit 0
diff --git a/nginx-current/nginx-current.pre-upgrade b/nginx-current/nginx-current.pre-upgrade
new file mode 100644
index 0000000..67d540f
--- /dev/null
+++ b/nginx-current/nginx-current.pre-upgrade
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+# symlink to directory confuses apk. remove it before the upgrade
+# https://gitlab.alpinelinux.org/alpine/aports/-/issues/11204
+
+if [ "$(readlink /var/lib/nginx/tmp)" = "/var/tmp/nginx" ]; then
+	rm /var/lib/nginx/tmp
+fi
+
diff --git a/nginx-current/nginx.conf b/nginx-current/nginx.conf
new file mode 100644
index 0000000..bc784a3
--- /dev/null
+++ b/nginx-current/nginx.conf
@@ -0,0 +1,107 @@
+# /etc/nginx/nginx.conf
+
+user nginx;
+
+# Set number of worker processes automatically based on number of CPU cores.
+worker_processes auto;
+
+# Enables the use of JIT for regular expressions to speed-up their processing.
+pcre_jit on;
+
+# Configures default error logger.
+error_log /var/log/nginx/error.log warn;
+
+# Includes files with directives to load dynamic modules.
+include /etc/nginx/modules/*.conf;
+
+# Uncomment to include files with config snippets into the root context.
+# NOTE: This will be enabled by default in Alpine 3.15.
+#include /etc/nginx/conf.d/*.conf;
+
+events {
+	# The maximum number of simultaneous connections that can be opened by
+	# a worker process.
+	worker_connections 1024;
+}
+
+http {
+	# Includes mapping of file name extensions to MIME types of responses
+	# and defines the default type.
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	# Name servers used to resolve names of upstream servers into addresses.
+	# It's also needed when using tcpsocket and udpsocket in Lua modules.
+	#resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001;
+
+	# Don't tell nginx version to the clients. Default is 'on'.
+	server_tokens off;
+
+	# Specifies the maximum accepted body size of a client request, as
+	# indicated by the request header Content-Length. If the stated content
+	# length is greater than this size, then the client receives the HTTP
+	# error code 413. Set to 0 to disable. Default is '1m'.
+	client_max_body_size 1m;
+
+	# Sendfile copies data between one FD and other from within the kernel,
+	# which is more efficient than read() + write(). Default is off.
+	sendfile on;
+
+	# Causes nginx to attempt to send its HTTP response head in one packet,
+	# instead of using partial frames. Default is 'off'.
+	tcp_nopush on;
+
+
+	# Enables the specified protocols. Default is TLSv1 TLSv1.1 TLSv1.2.
+	# TIP: If you're not obligated to support ancient clients, remove TLSv1.1.
+	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+
+	# Path of the file with Diffie-Hellman parameters for EDH ciphers.
+	# TIP: Generate with: `openssl dhparam -out /etc/ssl/nginx/dh2048.pem 2048`
+	#ssl_dhparam /etc/ssl/nginx/dh2048.pem;
+
+	# Specifies that our cipher suits should be preferred over client ciphers.
+	# Default is 'off'.
+	ssl_prefer_server_ciphers on;
+
+	# Enables a shared SSL cache with size that can hold around 8000 sessions.
+	# Default is 'none'.
+	ssl_session_cache shared:SSL:2m;
+
+	# Specifies a time during which a client may reuse the session parameters.
+	# Default is '5m'.
+	ssl_session_timeout 1h;
+
+	# Disable TLS session tickets (they are insecure). Default is 'on'.
+	ssl_session_tickets off;
+
+
+	# Enable gzipping of responses.
+	#gzip on;
+
+	# Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'.
+	gzip_vary on;
+
+
+	# Helper variable for proxying websockets.
+	map $http_upgrade $connection_upgrade {
+		default upgrade;
+		'' close;
+	}
+
+
+	# Specifies the main log format.
+	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+			'$status $body_bytes_sent "$http_referer" '
+			'"$http_user_agent" "$http_x_forwarded_for"';
+
+	# Sets the path, format, and configuration for a buffered log write.
+	access_log /var/log/nginx/access.log main;
+
+
+	# Includes virtual hosts configs.
+	include /etc/nginx/http.d/*.conf;
+}
+
+# TIP: Uncomment if you use stream module.
+#include /etc/nginx/stream.conf;
diff --git a/nginx-current/nginx.confd b/nginx-current/nginx.confd
new file mode 100644
index 0000000..dd9ddf5
--- /dev/null
+++ b/nginx-current/nginx.confd
@@ -0,0 +1,6 @@
+# Configuration for /etc/init.d/nginx
+
+# The nginx binary to run. If you want to use debugging log, install package
+# "nginx-debug" and set this variable to "/usr/sbin/nginx-debug".
+# See http://nginx.org/en/docs/debugging_log.html for more information.
+#command="/usr/sbin/nginx"
diff --git a/nginx-current/nginx.initd b/nginx-current/nginx.initd
new file mode 100644
index 0000000..976e59f
--- /dev/null
+++ b/nginx-current/nginx.initd
@@ -0,0 +1,71 @@
+#!/sbin/openrc-run
+
+description="Nginx http and reverse proxy server"
+extra_commands="checkconfig"
+extra_started_commands="reload reopen upgrade"
+
+cfgfile=${cfgfile:-/etc/nginx/nginx.conf}
+pidfile=/run/nginx/nginx.pid
+command=${command:-/usr/sbin/nginx}
+command_args="-c $cfgfile"
+required_files="$cfgfile"
+
+depend() {
+	need net
+	use dns logger netmount
+}
+
+start_pre() {
+	checkpath --directory --owner nginx:nginx ${pidfile%/*}
+	$command $command_args -t -q
+}
+
+checkconfig() {
+	ebegin "Checking $RC_SVCNAME configuration"
+	start_pre
+	eend $?
+}
+
+reload() {
+	ebegin "Reloading $RC_SVCNAME configuration"
+	start_pre && start-stop-daemon --signal HUP --pidfile $pidfile
+	eend $?
+}
+
+reopen() {
+	ebegin "Reopening $RC_SVCNAME log files"
+	start-stop-daemon --signal USR1 --pidfile $pidfile
+	eend $?
+}
+
+upgrade() {
+	start_pre || return 1
+
+	ebegin "Upgrading $RC_SVCNAME binary"
+
+	einfo "Sending USR2 to old binary"
+	start-stop-daemon --signal USR2 --pidfile $pidfile
+
+	einfo "Sleeping 3 seconds before pid-files checking"
+	sleep 3
+
+	if [ ! -f $pidfile.oldbin ]; then
+		eerror "File with old pid ($pidfile.oldbin) not found"
+		return 1
+	fi
+
+	if [ ! -f $pidfile ]; then
+		eerror "New binary failed to start"
+		return 1
+	fi
+
+	einfo "Sleeping 3 seconds before WINCH"
+	sleep 3 ; start-stop-daemon --signal 28 --pidfile $pidfile.oldbin
+
+	einfo "Sending QUIT to old binary"
+	start-stop-daemon --signal QUIT --pidfile $pidfile.oldbin
+
+	einfo "Upgrade completed"
+
+	eend $? "Upgrade failed"
+}
diff --git a/nginx-current/nginx.logrotate b/nginx-current/nginx.logrotate
new file mode 100644
index 0000000..c07e6bc
--- /dev/null
+++ b/nginx-current/nginx.logrotate
@@ -0,0 +1,8 @@
+/var/log/nginx/*.log {
+	missingok
+	sharedscripts
+	postrotate
+		/etc/init.d/nginx --quiet --ifstarted reopen
+	endscript
+}
+
diff --git a/nginx-current/stream.conf b/nginx-current/stream.conf
new file mode 100644
index 0000000..2438744
--- /dev/null
+++ b/nginx-current/stream.conf
@@ -0,0 +1,14 @@
+# /etc/nginx/stream.conf
+
+stream {
+	# Specifies the main log format.
+	log_format main '$remote_addr [$time_local] '
+			'$protocol $status $bytes_sent $bytes_received '
+			'$session_time "$upstream_addr" '
+			'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
+
+	access_log /var/log/nginx/stream.log main;
+
+	# Includes servers configs.
+	include stream.d/*.conf;
+}