Accepting request 1293972 from server:http

- Changed nginx.logrotate and nginx-conf.patch files.
  * Removed hardcoded user and group definitions.
- Removed ending slashes wherever possible.
- Removed root privileges when running logrotate (bsc#1246090).

OBS-URL: https://build.opensuse.org/request/show/1293972
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nginx?expand=0&rev=102

nginx-1.27.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bd7ba68a6ce1ea3768b771c7e2ab4955a59fb1b1ae8d554fedb6c2304104bdfc
-size 1245244

nginx-1.27.1.tar.gz.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJHBAABCAAxFiEE1nhs4wPZqQIpmNxsyEZNVJr3XAoFAma7Vi8THHMua2FuZGF1
-cm92QGY1LmNvbQAKCRDIRk1UmvdcCtRUEACjv3LHnzN3J1c6h5C9cKTjIIKa4PgA
-fM8o41QenN6HMQ8a0ww8zH2zdDUxVr9OgNBV0sqtsL5SX+BuMTjGC75M5qgk45yd
-E6FMk2tJ69wVqmN1zP5sYV5n7dmt89mh7W3J3lO4XpgqCQcogmmyMg+1Z9vvO4Nt
-VvYO7w45oEqc5rb7IjWtktNS3jjf2Kat6azhOvrbMjuCUt/pOBJiM11diLmURtEx
-xE5It7bFwoywJUtjF7XUMeOGljH5VnxTLuIlq/5FkAYklu484B2iLHidhCLfq7g7
-9FJO3XatFrRefA7ryawZ9AnQtrLIt0YZdIEweoOxp16kj3mCmqhF/aeBNAcnQUAM
-EZLX/BBYA6cog8YuWffan9G5EYvul0tdXK5DQF8vUjBfw54aI4YnA5TDtSMniBEJ
-SJrUCbKazGFwd+K94IrGD8EwypEC+M3gQovNn34NikLr1Xe8Uz3i2x7y0OgYxbUh
-hH+ilD5XS0bHfueydYIKl85muwFtiIs3b0EhfvGf4z5d2DmvZ3/cYxjYpzZG0r7L
-WckCqgj2uVXvR3phDqpm0aNd8C+4sho+PQmXon8PbIpjuVLvQhz0XiH6D7H61wks
-XWNvBFHNjeBJYjaZQQ/2kAKfdwdpYTYvDd3Rlnscn3BNQvu9prWUDCYiNHMnNnOB
-ueop2LrbK54ogg==
-=bwlL
------END PGP SIGNATURE-----

nginx-1.29.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:109754dfe8e5169a7a0cf0db6718e7da2db495753308f933f161e525a579a664
+size 1284291

nginx-1.29.0.tar.gz.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJHBAABCAAxFiEE1nhs4wPZqQIpmNxsyEZNVJr3XAoFAmha4MkTHHMua2FuZGF1
+cm92QGY1LmNvbQAKCRDIRk1UmvdcCjDJD/90SPlO0ZrSY4uv+FlwdxjIfGX46uNi
+Tx7ZkIRwUDv/dwEPq3WtpS88mOuDHMKL5EtdjHwf/njJ/xjMecgyIFYKKOi3uGpr
+G++DEMQ5o80isYc1jM5GKtYl9HtzsGxhFHeABaKpzCHKAWnVLygrLtPERzY9LN3+
+d4Z2FAogPY7Uy1w+H/B48IIFQdTsOwvcffJLCEklxQTZh6ILF2MlWU2tSJEHJ0L0
+9VbfZvlPaKXzK09p4nG9PytvXfd3JKO5evi2BoxuFvjruSjNBHsF89uhy+bhgqyM
+TBF9my9tkQdMc/HQ/vBhjo29VtnQ87+ZIlVJCqrh7Ln8y1dRX6lcSVfcVjAUdDs9
+rPyLrbHMORGgvfVo17MHpV+L2JdTJ+EZR3GFr7/kJuGXp8atfWGowZfmImWOyYss
+63GudvV5MhaUF7Ka6BXK5GaMRFMzbouUN5TMGD3/TZETcDM0EKucrEu40t/ucNDn
+Do2O+KX6jk9k5tFcWegVZWcoyV2VncSt8uRQXTnXq9DM/Uw37H7xGgi5N/UKyjNL
+1KH0n22BxiMSE8J6BEiDWgZJqQ4LBdrbThCN3BWMiGjwzDkcq+Ukb7BYxncrEBpm
+Rk4TXOLGRdZOQhCVFOx4ZcA5zzZqhPQT4WDVpDpJTw4+ls2TflKqst3n8yMEsRYq
+fB3ZvaTfOOt06g==
+=i+ek
+-----END PGP SIGNATURE-----

nginx-conf.patch

@@ -1,13 +1,17 @@
-diff -Pdpru nginx-1.27.1.orig/conf/nginx.conf nginx-1.27.1/conf/nginx.conf
---- nginx-1.27.1.orig/conf/nginx.conf	2024-08-12 17:21:01.000000000 +0300
-+++ nginx-1.27.1/conf/nginx.conf	2024-08-16 02:08:46.680107766 +0300
-@@ -1,16 +1,28 @@
-+#user nginx nginx;
+diff -Pdpru nginx-1.27.4.orig/conf/nginx.conf nginx-1.27.4/conf/nginx.conf
+--- nginx-1.27.4.orig/conf/nginx.conf	2025-02-05 14:06:32.000000000 +0300
++++ nginx-1.27.4/conf/nginx.conf	2025-03-30 05:11:05.303755904 +0300
+@@ -1,117 +1,130 @@
++#user USER GROUP;
 +#worker_processes 1;
 +#pcre_jit off;
  
 -#user  nobody;
 -worker_processes  1;
+-
+-#error_log  logs/error.log;
+-#error_log  logs/error.log  notice;
+-#error_log  logs/error.log  info;
 +# load_module #LIBDIR#/nginx/modules/ngx_http_echo_module.so;
 +# load_module #LIBDIR#/nginx/modules/ngx_http_fancyindex_module.so;
 +# load_module #LIBDIR#/nginx/modules/ngx_http_geoip2_module.so;
@@ -19,101 +23,197 @@ diff -Pdpru nginx-1.27.1.orig/conf/nginx.conf nginx-1.27.1/conf/nginx.conf
 +# load_module #LIBDIR#/nginx/modules/ngx_stream_geoip2_module.so;
 +# load_module #LIBDIR#/nginx/modules/ngx_stream_module.so;
  
--#error_log  logs/error.log;
--#error_log  logs/error.log  notice;
--#error_log  logs/error.log  info;
+-#pid        logs/nginx.pid;
 +#error_log /var/log/nginx/error.log;
 +#error_log /var/log/nginx/error.log notice;
 +#error_log /var/log/nginx/error.log info;
  
--#pid        logs/nginx.pid;
-+#pid        /var/run/nginx.pid;
- 
++#pid /run/nginx.pid;
  
  events {
-     worker_connections  1024;
-+    use epoll;
+-    worker_connections  1024;
++	multi_accept on;
++	worker_connections 1024;
  }
  
- 
-@@ -22,7 +34,7 @@ http {
-     #                  '$status $body_bytes_sent "$http_referer" '
-     #                  '"$http_user_agent" "$http_x_forwarded_for"';
+-
+ http {
+-    include       mime.types;
+-    default_type  application/octet-stream;
+-
+-    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+-    #                  '$status $body_bytes_sent "$http_referer" '
+-    #                  '"$http_user_agent" "$http_x_forwarded_for"';
++	include mime.types;
++	default_type application/octet-stream;
  
 -    #access_log  logs/access.log  main;
++	#log_format main '$time_local - $http_host - $remote_addr - $status "$request" $body_bytes_sent - $http_referer - "$http_user_agent"';
 +	#access_log /var/log/nginx/access.log main;
  
-     sendfile        on;
-     #tcp_nopush     on;
-@@ -32,16 +44,18 @@ http {
+-    sendfile        on;
+-    #tcp_nopush     on;
++	http2 on;
++	sendfile on;
++	#tcp_nopush on;
++	#tcp_nodelay on;
  
-     #gzip  on;
+-    #keepalive_timeout  0;
+-    keepalive_timeout  65;
++	#keepalive_timeout 0;
++	keepalive_timeout 70;
  
+-    #gzip  on;
++	#gzip on;
+ 
+-    server {
+-        listen       80;
+-        server_name  localhost;
 +	include conf.d/*.conf;
-+
-     server {
-         listen       80;
-         server_name  localhost;
  
-         #charset koi8-r;
+-        #charset koi8-r;
++	server {
++		listen 80;
++		server_name localhost;
  
 -        #access_log  logs/host.access.log  main;
 +		#access_log /var/log/nginx/host.access.log main;
  
-         location / {
+-        location / {
 -            root   html;
-+            root   /srv/www/htdocs/;
-             index  index.html index.htm;
-         }
+-            index  index.html index.htm;
+-        }
++		location / {
++			root /srv/www/htdocs;
++			index index.html index.htm;
++		}
  
-@@ -51,7 +65,7 @@ http {
-         #
-         error_page   500 502 503 504  /50x.html;
-         location = /50x.html {
+-        #error_page  404              /404.html;
++		#error_page 404 /404.html;
+ 
+-        # redirect server error pages to the static page /50x.html
+-        #
+-        error_page   500 502 503 504  /50x.html;
+-        location = /50x.html {
 -            root   html;
-+            root   /srv/www/htdocs/;
-         }
+-        }
++		# redirect server error pages to the static page /50x.html
++		#
++		#error_page 500 502 503 504 /50x.html;
++		#location = /50x.html {
++		#	root /srv/www/htdocs;
++		#}
  
-         # proxy the PHP scripts to Apache listening on 127.0.0.1:80
-@@ -63,7 +77,7 @@ http {
-         # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
-         #
-         #location ~ \.php$ {
+-        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+-        #
+-        #location ~ \.php$ {
+-        #    proxy_pass   http://127.0.0.1;
+-        #}
++		# proxy the PHP scripts to Apache listening on 127.0.0.1:80
++		#
++		#location ~ \.php$ {
++		#	proxy_pass http://127.0.0.1;
++		#}
+ 
+-        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+-        #
+-        #location ~ \.php$ {
 -        #    root           html;
-+        #    root   /srv/www/htdocs/;
-         #    fastcgi_pass   127.0.0.1:9000;
-         #    fastcgi_index  index.php;
-         #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
-@@ -87,7 +101,7 @@ http {
-     #    server_name  somename  alias  another.alias;
+-        #    fastcgi_pass   127.0.0.1:9000;
+-        #    fastcgi_index  index.php;
+-        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+-        #    include        fastcgi_params;
+-        #}
++		# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
++		#
++		#location ~ \.php$ {
++		#	root /srv/www/htdocs;
++		#	fastcgi_pass 127.0.0.1:9000;
++		#	fastcgi_index index.php;
++		#	fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
++		#	include fastcgi_params;
++		#}
  
-     #    location / {
+-        # deny access to .htaccess files, if Apache's document root
+-        # concurs with nginx's one
+-        #
+-        #location ~ /\.ht {
+-        #    deny  all;
+-        #}
+-    }
++		# deny access to hidden files
++		#
++		#location ^~ /. {
++		#	deny all;
++		#}
++	}
+ 
++	# another virtual host using mix of IP-, name-, and port-based configuration
++	#
++	#server {
++	#	listen 8000;
++	#	listen somename:8080;
++	#	server_name somename alias another.alias;
++	#	location / {
++	#		root /srv/www/htdocs;
++	#		index index.html index.htm;
++	#	}
++	#}
+ 
+-    # another virtual host using mix of IP-, name-, and port-based configuration
+-    #
+-    #server {
+-    #    listen       8000;
+-    #    listen       somename:8080;
+-    #    server_name  somename  alias  another.alias;
++	# HTTPS server
++	#
++	#server {
++	#	listen 443 ssl;
++	#	server_name localhost;
+ 
+-    #    location / {
 -    #        root   html;
-+    #        root   /srv/www/htdocs/;
-     #        index  index.html index.htm;
-     #    }
-     #}
-@@ -102,6 +116,10 @@ http {
-     #    ssl_certificate      cert.pem;
-     #    ssl_certificate_key  cert.key;
+-    #        index  index.html index.htm;
+-    #    }
+-    #}
++	#	ssl_certificate cert.crt;
++	#	ssl_certificate_key cert.key;
  
-+    #    Allow TLS version 1.2 only, which is a recommended default these days
-+    #    by international information security standards.
-+    #    ssl_protocols        TLSv1.2;
-+
-     #    ssl_session_cache    shared:SSL:1m;
-     #    ssl_session_timeout  5m;
++	#	ssl_protocols TLSv1.2 TLSv1.3;
  
-@@ -109,9 +127,11 @@ http {
-     #    ssl_prefer_server_ciphers  on;
+-    # HTTPS server
+-    #
+-    #server {
+-    #    listen       443 ssl;
+-    #    server_name  localhost;
++	#	ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
++	#	ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384;
++	#	ssl_prefer_server_ciphers on;
  
-     #    location / {
+-    #    ssl_certificate      cert.pem;
+-    #    ssl_certificate_key  cert.key;
++	#	ssl_ecdh_curve prime256v1;
+ 
+-    #    ssl_session_cache    shared:SSL:1m;
+-    #    ssl_session_timeout  5m;
++	#	ssl_early_data on;
+ 
+-    #    ssl_ciphers  HIGH:!aNULL:!MD5;
+-    #    ssl_prefer_server_ciphers  on;
++	#	ssl_session_cache shared:SSL:10m;
++	#	ssl_session_timeout 10m;
+ 
+-    #    location / {
 -    #        root   html;
-+    #        root   /srv/www/htdocs/;
-     #        index  index.html index.htm;
-     #    }
-     #}
+-    #        index  index.html index.htm;
+-    #    }
+-    #}
++	#	location / {
++	#		root /srv/www/htdocs;
++	#		index index.html index.htm;
++	#	}
++	#
  
 +	include vhosts.d/*.conf;
-+
  }

nginx-man.patch

@@ -0,0 +1,17 @@
+Index: nginx-1.27.4/auto/install
+===================================================================
+--- nginx-1.27.4.orig/auto/install
++++ nginx-1.27.4/auto/install
+@@ -104,9 +104,11 @@ $NGX_OBJS/nginx.8:	$NGX_MAN $NGX_AUTO_CO
+ 		-e "s|%%ERROR_LOG_PATH%%|${NGX_ERROR_LOG_PATH:-stderr}|" \\
+ 		< $NGX_MAN > \$@
+ 
+-install:	build $NGX_INSTALL_PERL_MODULES
++install:	build $NGX_INSTALL_PERL_MODULES manpage
+ 	test -d '\$(DESTDIR)$NGX_PREFIX' || mkdir -p '\$(DESTDIR)$NGX_PREFIX'
+ 
++	install -D -m 0644 -t '\$(DESTDIR)/usr/share/man/man8' $NGX_OBJS/nginx.8
++
+ 	test -d '\$(DESTDIR)`dirname "$NGX_SBIN_PATH"`' \\
+ 		|| mkdir -p '\$(DESTDIR)`dirname "$NGX_SBIN_PATH"`'
+ 	test ! -f '\$(DESTDIR)$NGX_SBIN_PATH' \\

nginx.changes

@@ -1,3 +1,115 @@
+-------------------------------------------------------------------
+Wed Jul 16 22:29:54 UTC 2025 - Илья Индиго <ilya@ilya.top>
+
+- Changed nginx.logrotate and nginx-conf.patch files.
+  * Removed hardcoded user and group definitions.
+- Removed ending slashes wherever possible.
+
+-------------------------------------------------------------------
+Wed Jul 16 21:33:02 UTC 2025 - Parag Jain <parag.jain@suse.com>
+
+- Removed root privileges when running logrotate (bsc#1246090).
+
+-------------------------------------------------------------------
+Fri Jun 27 09:33:06 UTC 2025 - Илья Индиго <ilya@ilya.top>
+
+- Updated to 1.29.0
+  * https://nginx.org/en/CHANGES
+  * Added support for response code 103 from proxy and gRPC backends;
+    the "early_hints" directive.
+  * Added loading of secret keys from hardware tokens with OpenSSL provider.
+  * Changed the logging level of SSL errors in a QUIC handshake has been
+    changed from "error" to "crit" for critical errors, and to "info" for
+    the rest; the logging level of unsupported QUIC transport parameters
+    has been lowered from "info" to "debug".
+  * Disabled OpenSSL 3.5 QUIC API support by default.
+
+-------------------------------------------------------------------
+Mon Jun  2 13:28:14 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
+
+- Updated to 1.28.0:
+  * Fixed -Wunterminated-string-initialization with gcc15
+  * HTTP/3: fixed NGX_HTTP_V3_VARLEN_INT_LEN value
+
+-------------------------------------------------------------------
+Thu May 22 13:53:07 UTC 2025 - Oliver Kurz <okurz@suse.com>
+
+- Changed service to prevent "timed out. Killing" messages on service stopping
+
+-------------------------------------------------------------------
+Wed Apr 16 14:49:23 UTC 2025 - Илья Индиго <ilya@ilya.top>
+
+- Updated to 1.27.5
+  * https://nginx.org/en/CHANGES
+  * Changed the maximum size limit for SSL sessions cached in shared
+    memory has been raised to 8192.
+  * Fixed in the "grpc_ssl_password_file", "proxy_ssl_password_file",
+    and "uwsgi_ssl_password_file" directives when loading SSL certificates
+    and encrypted keys from variables; the bug had appeared in 1.23.1.
+  * Fixed in the $ssl_curve and $ssl_curves variables when using pluggable
+    curves in OpenSSL.
+
+-------------------------------------------------------------------
+Thu Apr  3 23:21:51 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- Added nginx-man.patch to enable manpage 8 (boo#1240675).
+
+-------------------------------------------------------------------
+Sun Mar 30 02:11:41 UTC 2025 - Илья Индиго <ilya@ilya.top>
+
+- Removed rudiment /srv/www/htdocs/50x.html (boo#1240166).
+- Changed nginx-conf.patch to refresh default config.
+
+-------------------------------------------------------------------
+Thu Feb  6 04:45:46 UTC 2025 - Илья Индиго <ilya@ilya.top>
+
+- Changed URL's from nginx.org to github.com .
+- Updated to 1.27.4
+  * https://nginx.org/en/CHANGES
+  * Fixed insufficient check in virtual servers handling with TLSv1.3
+    SNI allowed to reuse SSL sessions in a different virtual server, to
+    bypass client SSL certificates verification (CVE-2025-23419).
+  * Added the "ssl_object_cache_inheritable", "ssl_certificate_cache",
+    "proxy_ssl_certificate_cache", "grpc_ssl_certificate_cache", and
+    "uwsgi_ssl_certificate_cache", "keepalive_min_timeout" directives.
+  * Fixed nginx could not build libatomic library using the library
+    sources if the --with-libatomic=DIR option was used.
+
+-------------------------------------------------------------------
+Wed Nov 27 04:14:02 UTC 2024 - Илья Индиго <ilya@ilya.top>
+
+- Updated to 1.27.3
+  * https://github.com/nginx/nginx/releases/tag/release-1.27.3
+  * Added the "server" directive in the "upstream" block supports the "resolve" parameter.
+  * Added the "resolver" and "resolver_timeout" directives in the "upstream" block.
+  * Added SmarterMail specific mode support for IMAP LOGIN with
+    untagged CAPABILITY response in the mail proxy module.
+  * Changed TLSv1 and TLSv1.1 protocols are disabled by default.
+  * Changed IPv6 address in square brackets and no port can be specified in the
+    "proxy_bind", "fastcgi_bind", "grpc_bind", "memcached_bind", "scgi_bind",
+    and "uwsgi_bind" directives, and as client address in ngx_http_realip_module.
+  * Fixed ngx_http_mp4_module and "proxy_store" directive.
+
+-------------------------------------------------------------------
+Thu Oct  3 06:22:15 UTC 2024 - Илья Индиго <ilya@ilya.top>
+
+- Updated to 1.27.2
+  * https://nginx.org/en/CHANGES
+  * Added SSL certificates, secret keys, and CRLs are now cached on start
+    or during reconfiguration.
+  * Added client certificate validation with OCSP in the stream module.
+  * Added OCSP stapling support in the stream module.
+  * Added the "proxy_pass_trailers" directive in the ngx_http_proxy_module.
+  * Added the "ssl_client_certificate" directive now supports certificates
+    with auxiliary information.
+  * Changed now the "ssl_client_certificate" directive is not required
+    for client SSL certificates verification.
+
+-------------------------------------------------------------------
+Fri Sep 27 17:32:21 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
+
+- Add /srv/www to filelist [bsc#1231027]
+
 -------------------------------------------------------------------
 Fri Aug 16 02:21:19 UTC 2024 - Илья Индиго <ilya@ilya.top>
 

nginx.logrotate

@@ -1,4 +1,5 @@
 /var/log/nginx/*.log {
+    su USER GROUP
     compress
     dateext
     maxage 365

nginx.service

@@ -9,7 +9,9 @@ PIDFile=/run/nginx.pid
 ExecStartPre=/usr/sbin/nginx -t
 ExecStart=/usr/sbin/nginx -g "daemon off;"
 ExecReload=/bin/kill -s HUP $MAINPID
-KillSignal=SIGQUIT
+# Try graceful shutdown first, otherwise forced shutdown to not need to resort
+# to SIGKILL
+ExecStop=/bin/sh -c "kill -s QUIT $MAINPID && waitpid --timeout 3 --exited $MAINPID || kill -s TERM $MAINPID"
 TimeoutStopSec=5
 KillMode=mixed
 PrivateTmp=true

nginx.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package nginx
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -23,14 +23,14 @@
 %bcond_with    ngx_google_perftools
 #
 Name:           nginx
-Version:        1.27.1
+Version:        1.29.0
 Release:        0
 Summary:        A HTTP server and IMAP/POP3 proxy server
 License:        BSD-2-Clause
 Group:          Productivity/Networking/Web/Proxy
-URL:            https://nginx.org
-Source0:        https://nginx.org/download/%{name}-%{version}.tar.gz
-Source1:        https://nginx.org/download/%{name}-%{version}.tar.gz.asc
+URL:            https://github.com/nginx/nginx
+Source0:        https://github.com/nginx/nginx/releases/download/release-%{version}/%{name}-%{version}.tar.gz
+Source1:        https://github.com/nginx/nginx/releases/download/release-%{version}/%{name}-%{version}.tar.gz.asc
 Source2:        https://nginx.org/keys/pluknet.key#/%{name}.keyring
 Source3:        %{name}.rpmlintrc
 Source4:        %{name}.logrotate
@@ -46,6 +46,8 @@ Patch2:         %{name}-perl.patch
 Patch3:         %{name}-conf.patch
 # PATCH-FIX-UPSTREAM nginx-aio.patch fix support for Linux AIO
 Patch4:         %{name}-aio.patch
+# PATCH-FIX-OPENSUSE nginx-man.patch install the manpage
+Patch5:         %{name}-man.patch
 BuildRequires:  %{name}-macros
 BuildRequires:  gcc-c++
 BuildRequires:  gpg2
@@ -68,7 +70,7 @@ Provides:       http_daemon
 Provides:       httpd
 %{?systemd_ordering}
 %sysusers_requires
-#
+
 %if %{with ngx_google_perftools}
 BuildRequires:  google-perftools-devel
 %endif
@@ -98,14 +100,9 @@ The source of %{name} [engine x] HTTP server and IMAP/POP3 proxy server.
 
 %prep
 %autosetup -p1
-
-sed -i 's/\r//g' contrib/geo2nginx.pl
-sed -i 's|#LIBDIR#|%{_libdir}|g' conf/nginx.conf
-
-%if %{with systemd}
-sed -i 's/\/var\/run/\/run/' conf/nginx.conf
-%endif
-
+sed -i 's/\r//' contrib/geo2nginx.pl
+sed -i -e 's/USER/%{ngx_user_group}/' -e 's/GROUP/%{ngx_user_group}/' %{SOURCE4} conf/%{name}.conf
+sed -i -e 's|#LIBDIR#|%{_libdir}|' -e 's|/var/run|/run|' conf/%{name}.conf
 sed -i 's/^\(#define NGX_LISTEN_BACKLOG \).*/\1-1/' src/os/unix/ngx_linux_config.h
 
 %build
@@ -123,19 +120,17 @@ install -Dpm0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
 install -Dpm0644 %{SOURCE5} %{buildroot}%{_unitdir}/%{name}.service
 install -Dpm0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/%{name}.conf
 
-rm %{buildroot}/srv/www/htdocs/index.html
+rm %{buildroot}/srv/www/htdocs/{50x,index}.html
 
 mkdir -p %{buildroot}%{ngx_doc_dir}
-cp -av CHANGES* LICENSE \
-  %{buildroot}%{ngx_doc_dir}
+cp -av CHANGES* LICENSE %{buildroot}%{ngx_doc_dir}
 
-mkdir -p %{buildroot}%{_datadir}/%{name}/
-mkdir -p %{buildroot}%{ngx_conf_dir}/vhosts.d/
-mkdir -p %{buildroot}%{ngx_conf_dir}/conf.d/
+mkdir -p %{buildroot}%{_datadir}/%{name}
+mkdir -p %{buildroot}%{ngx_conf_dir}/vhosts.d
+mkdir -p %{buildroot}%{ngx_conf_dir}/conf.d
 
 chmod a+rx contrib/geo2nginx.pl
-cp -av contrib/geo2nginx.pl contrib/unicode2nginx/ \
-  %{buildroot}%{_datadir}/%{name}/
+cp -av contrib/geo2nginx.pl contrib/unicode2nginx/ %{buildroot}%{_datadir}/%{name}
 
 mkdir -p %{buildroot}%{src_install_dir}
 tar -xzf %{SOURCE0} --strip-components=1 -C %{buildroot}%{src_install_dir}
@@ -143,9 +138,9 @@ tar -xzf %{SOURCE0} --strip-components=1 -C %{buildroot}%{src_install_dir}
 copydocs() {
   subdir=$1;
   shift;
-  mkdir -p %{buildroot}%{ngx_doc_dir}/$subdir/
+  mkdir -p %{buildroot}%{ngx_doc_dir}/$subdir
   pushd $subdir
-  cp -av $* %{buildroot}%{ngx_doc_dir}/$subdir/
+  cp -av $* %{buildroot}%{ngx_doc_dir}/$subdir
   popd
 }
 
@@ -168,7 +163,7 @@ rm -r $GPGTMP
 %service_del_postun %{name}.service
 
 %files
-%dir %{ngx_conf_dir}/
+%dir %{ngx_conf_dir}
 %dir %{ngx_conf_dir}/vhosts.d
 %dir %{ngx_conf_dir}/conf.d
 %config(noreplace) %{ngx_conf_dir}/koi-utf
@@ -177,7 +172,7 @@ rm -r $GPGTMP
 %config %{ngx_conf_dir}/fastcgi_params.default
 %config(noreplace) %{ngx_conf_dir}/mime.types
 %config %{ngx_conf_dir}/mime.types.default
-%config(noreplace) %{ngx_conf_dir}/nginx.conf
+%config(noreplace) %{ngx_conf_dir}/%{name}.conf
 %config %{ngx_conf_dir}/%{name}.conf.default
 %config(noreplace) %{ngx_conf_dir}/fastcgi.conf
 %config %{ngx_conf_dir}/fastcgi.conf.default
@@ -186,21 +181,22 @@ rm -r $GPGTMP
 %config %{ngx_conf_dir}/scgi_params.default
 %config(noreplace) %{ngx_conf_dir}/uwsgi_params
 %config %{ngx_conf_dir}/uwsgi_params.default
-%{perl_vendorarch}/auto/%{name}/
+%{perl_vendorarch}/auto/%{name}
 %{perl_vendorarch}/%{name}.pm
 %{ngx_sbin_path}
-%dir %{_libdir}/%{name}/
-%dir %{ngx_module_dir}/
+%dir %{_libdir}/%{name}
+%dir %{ngx_module_dir}
 %{ngx_module_dir}/ngx_http_image_filter_module.so
 %{ngx_module_dir}/ngx_http_perl_module.so
 %{ngx_module_dir}/ngx_http_xslt_filter_module.so
 %{ngx_module_dir}/ngx_mail_module.so
 %{ngx_module_dir}/ngx_stream_module.so
-%{_mandir}/man3/%{name}.3pm*
-/srv/www/htdocs/50x.html
+%{_mandir}/man{3,8}/%{name}.{3pm,8}%{?ext_man}
+%dir /srv/www
+%dir /srv/www/htdocs
 %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
-%dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{_localstatedir}/log/nginx/
-%dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{ngx_home}/
+%dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{_localstatedir}/log/%{name}
+%dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{ngx_home}
 %dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{ngx_tmp_http}
 %dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{ngx_tmp_proxy}
 %dir %attr(750,%{ngx_user_group},%{ngx_user_group}) %{ngx_tmp_fcgi}
@@ -209,7 +205,7 @@ rm -r $GPGTMP
 %doc %{ngx_doc_dir}
 %{_unitdir}/%{name}.service
 %{_sysusersdir}/%{name}.conf
-%{_datadir}/%{name}/
+%{_datadir}/%{name}
 
 %files source
 %{src_install_dir}