From e633e10b0970bcef444ec1abad7a166259709494 Mon Sep 17 00:00:00 2001
From: Ycarus <ycarus@zugaina.org>
Date: Tue, 24 Jul 2018 21:48:58 +0200
Subject: [PATCH] Update nginx package

---
 nginx/Config.in                               |  26 +-
 nginx/Config_ssl.in                           | 238 ++++++++
 nginx/Makefile                                | 543 +++++++++++-------
 .../files-luci-support/60_nginx-luci-support  |   4 +-
 .../70_nginx-luci-support-ssl                 |   4 +-
 nginx/files-luci-support/luci_nginx.conf      |   2 +-
 .../patches/201-ignore-invalid-options.patch  |  12 +
 7 files changed, 623 insertions(+), 206 deletions(-)
 create mode 100644 nginx/Config_ssl.in
 create mode 100644 nginx/patches/201-ignore-invalid-options.patch

diff --git a/nginx/Config.in b/nginx/Config.in
index ebe0e567d..c2c9882c2 100644
--- a/nginx/Config.in
+++ b/nginx/Config.in
@@ -202,6 +202,11 @@ config NGINX_HTTP_SECURE_LINK
 	prompt "Enable HTTP secure link module"
 	default n
 	
+config NGINX_HTTP_SUB
+	bool
+	prompt "Enable HTTP sub module"
+	default n
+	
 config NGINX_HEADERS_MORE
 	bool
 	prompt "Enable Headers_more module"
@@ -215,10 +220,27 @@ config NGINX_HTTP_BROTLI
 	help
 		Add support for brotli compression module.
 	default n
-
+	
 config NGINX_STREAM
 	bool
-	prompt "Enable stream module"
+	prompt "Enable stream support"
+	help
+		Add support for stream module.
 	default y
 
+config NGINX_RTMP_MODULE
+	bool
+	prompt "Enable RTMP module"
+	depends on NGINX_SSL
+	help
+		Add support for NGINX-based Media Streaming Server module.
+	default n
+
+config NGINX_TS_MODULE
+	bool
+	prompt "Enable TS module"
+	help
+		Add support for MPEG-TS Live Module module.
+	default n
+
 endmenu
diff --git a/nginx/Config_ssl.in b/nginx/Config_ssl.in
new file mode 100644
index 000000000..90d8098d2
--- /dev/null
+++ b/nginx/Config_ssl.in
@@ -0,0 +1,238 @@
+#
+# Copyright (C) 2010-2016 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+menu "Configuration"
+        depends on PACKAGE_nginx-ssl
+
+config NGINX_DAV
+	bool
+	prompt "Enable WebDAV module"
+	help
+		Enable the HTTP and WebDAV methods PUT, DELETE, MKCOL, COPY and MOVE.
+	default n
+
+config NGINX_FLV
+	bool
+	prompt "Enable FLV module"
+	help
+		Provides the ability to seek within FLV (Flash) files using time-based offsets.
+	default n
+
+config NGINX_STUB_STATUS
+	bool
+	prompt "Enable stub status module"
+	help
+		Enable the stub status module which gives some status from the server.
+	default n
+
+config NGINX_HTTP_CHARSET
+	bool
+	prompt "Enable HTTP charset module"
+	default y
+
+config NGINX_HTTP_GZIP
+	bool
+	prompt "Enable HTTP gzip module"
+	default y
+
+config NGINX_HTTP_SSI
+	bool
+	prompt "Enable HTTP ssi module"
+	default y
+
+config NGINX_HTTP_USERID
+	bool
+	prompt "Enable HTTP userid module"
+	default y
+
+config NGINX_HTTP_ACCESS
+	bool
+	prompt "Enable HTTP access module"
+	default y
+
+config NGINX_HTTP_AUTH_BASIC
+	bool
+	prompt "Enable HTTP auth basic"
+	default y
+
+config NGINX_HTTP_AUTH_REQUEST
+	bool
+	prompt "Enable HTTP auth request module"
+	default n
+
+config NGINX_HTTP_AUTOINDEX
+	bool
+	prompt "Enable HTTP autoindex module"
+	default y
+
+config NGINX_HTTP_GEO
+	bool
+	prompt "Enable HTTP geo module"
+	default y
+
+config NGINX_HTTP_MAP
+	bool
+	prompt "Enable HTTP map module"
+	default y
+
+config NGINX_HTTP_SPLIT_CLIENTS
+	bool
+	prompt "Enable HTTP split clients"
+	default y
+
+config NGINX_HTTP_REFERER
+	bool
+	prompt "Enable HTTP referer module"
+	default y
+
+config NGINX_HTTP_REWRITE
+	bool
+	prompt "Enable HTTP rewrite module"
+	select NGINX_PCRE
+	default y
+
+config NGINX_HTTP_PROXY
+	bool
+	prompt "Enable HTTP proxy module"
+	default y
+
+config NGINX_HTTP_FASTCGI
+	bool
+	prompt "Enable HTTP fastcgi module"
+	default y
+
+config NGINX_HTTP_UWSGI
+	bool
+	prompt "Enable HTTP uwsgi module"
+	default y
+
+config NGINX_HTTP_SCGI
+	bool
+	prompt "Enable HTTP scgi module"
+	default y
+
+config NGINX_HTTP_MEMCACHED
+	bool
+	prompt "Enable HTTP memcached module"
+	default y
+
+config NGINX_HTTP_LIMIT_CONN
+	bool
+	prompt "Enable HTTP limit conn"
+	default y
+
+config NGINX_HTTP_LIMIT_REQ
+	bool
+	prompt "Enable HTTP limit req"
+	default y
+
+config NGINX_HTTP_EMPTY_GIF
+	bool
+	prompt "Enable HTTP empty gif"
+	default y
+
+config NGINX_HTTP_BROWSER
+	bool
+	prompt "Enable HTTP browser module"
+	default y
+
+config NGINX_HTTP_UPSTREAM_HASH
+	bool
+	prompt "Enable HTTP hash module"
+	default y
+
+config NGINX_HTTP_UPSTREAM_IP_HASH
+	bool
+	prompt "Enable HTTP IP hash module"
+	default y
+
+config NGINX_HTTP_UPSTREAM_LEAST_CONN
+	bool
+	prompt "Enable HTTP least conn module"
+	default y
+
+config NGINX_HTTP_UPSTREAM_KEEPALIVE
+	bool
+	prompt "Enable HTTP keepalive module"
+	default y
+
+config NGINX_HTTP_CACHE
+	bool
+	prompt "Enable HTTP cache"
+	default y
+
+config NGINX_HTTP_V2
+	bool
+	prompt "Enable HTTP_V2 module"
+	default n
+
+config NGINX_PCRE
+	bool
+	prompt "Enable PCRE library usage"
+	default y
+
+config NGINX_NAXSI
+	bool
+	prompt "Enable NAXSI module"
+	default y
+
+config NGINX_LUA
+	bool
+	prompt "Enable Lua module"
+	default n
+
+config NGINX_HTTP_REAL_IP
+	bool
+	prompt "Enable HTTP real ip module"
+	default n
+
+config NGINX_HTTP_SECURE_LINK
+	bool
+	prompt "Enable HTTP secure link module"
+	default n
+
+config NGINX_HTTP_SUB
+	bool
+	prompt "Enable HTTP sub module"
+	default n
+	
+config NGINX_HEADERS_MORE
+	bool
+	prompt "Enable Headers_more module"
+	help
+		Set and clear input and output headers...more than "add"!
+	default y
+	
+config NGINX_HTTP_BROTLI
+	bool
+	prompt "Enable Brotli compression module"
+	help
+		Add support for brotli compression module.
+	default n
+	
+config NGINX_STREAM
+	bool
+	prompt "Enable stream module"
+	help
+		Add support for stream module.
+	default n
+
+config NGINX_RTMP_MODULE
+	bool
+	prompt "Enable RTMP module"
+	help
+		Add support for NGINX-based Media Streaming Server module.
+	default n
+
+config NGINX_TS_MODULE
+	bool
+	prompt "Enable TS module"
+	help
+		Add support for MPEG-TS Live Module module.
+	default n
+
+endmenu
diff --git a/nginx/Makefile b/nginx/Makefile
index b3baa1d07..28c3457a6 100644
--- a/nginx/Makefile
+++ b/nginx/Makefile
@@ -8,18 +8,20 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nginx
-PKG_VERSION:=1.14.0
-PKG_RELEASE:=2
+PKG_VERSION:=1.15.1
+PKG_RELEASE:=5
 
 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://nginx.org/download/
-PKG_HASH:=5d15becbf69aba1fe33f8d416d97edd95ea8919ea9ac519eff9bafebb6022cb5
+PKG_HASH:=c7206858d7f832b8ef73a45c9b8f8e436bcb1ee88db2bc85b8e438ecec9d5460
 
-PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>
+PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de> \
+				Ansuel Smith <ansuelsmth@gmail.com>
 PKG_LICENSE:=2-clause BSD-like license
 
-PKG_BUILD_DIR:=$(BUILD_DIR)/nginx-$(PKG_VERSION)
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 
+PKG_FIXUP:=autoreconf
 PKG_BUILD_PARALLEL:=1
 PKG_INSTALL:=1
 
@@ -58,202 +60,279 @@ PKG_CONFIG_DEPENDS := \
 	CONFIG_NGINX_HTTP_CACHE \
 	CONFIG_NGINX_HTTP_V2 \
 	CONFIG_NGINX_PCRE \
-	CONFIG_NGINX_STREAM \
 	CONFIG_NGINX_NAXSI \
 	CONFIG_NGINX_LUA \
 	CONFIG_NGINX_HTTP_REAL_IP \
 	CONFIG_NGINX_HTTP_SECURE_LINK \
 	CONFIG_NGINX_HTTP_BROTLI \
-	CONFIG_NGINX_HEADERS_MORE
+	CONFIG_NGINX_STREAM \
+	CONFIG_NGINX_HEADERS_MORE \
+	CONFIG_NGINX_RTMP_MODULE \
+	CONFIG_NGINX_TS_MODULE \
 
 include $(INCLUDE_DIR)/package.mk
 
-define Package/nginx
+define Package/nginx/default
   SECTION:=net
   CATEGORY:=Network
   SUBMENU:=Web Servers/Proxies
   TITLE:=Nginx web server
   URL:=http://nginx.org/
-  DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +NGINX_LUA:liblua +libpthread
+  DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl \
+     +NGINX_HTTP_GZIP:zlib +NGINX_LUA:liblua +libpthread
 endef
 
 define Package/nginx/description
- nginx is an HTTP and reverse proxy server, as well as a mail proxy server,
- written by Igor Sysoev.
+ nginx is an HTTP and reverse proxy server, as well as a mail proxy server, \
+ written by Igor Sysoev. (Some module require SSL module enable to show up in \
+ config menu)
 endef
 
+define Package/nginx
+  $(Package/nginx/default)
+  VARIANT:=no-ssl
+endef
+
+define Package/nginx-ssl
+  $(Package/nginx/default)
+  TITLE += with SSL support
+  DEPENDS +=+libopenssl
+  VARIANT:=ssl
+  PROVIDES:=nginx
+endef
+
+Package/nginx-ssl/description = $(Package/nginx/description) \
+  This varian is compiled with SSL support enabled. To enable additional module \
+  select them in the nginx default configuration menu.
+
+define Package/nginx-all-module
+  $(Package/nginx/default)
+  TITLE += with ALL module selected
+  DEPENDS:=+libpcre +libopenssl +zlib +liblua +libpthread
+  VARIANT:=all-module
+  PROVIDES:=nginx
+endef
+
+Package/nginx-all-module/description = $(Package/nginx/description) \
+  This varian is compiled with ALL module selected.
+
 define Package/nginx/config
   source "$(SOURCE)/Config.in"
 endef
 
+define Package/nginx-ssl/config
+  source "$(SOURCE)/Config_ssl.in"
+endef
+
 config_files=nginx.conf mime.types
 
 define Package/nginx/conffiles
 /etc/nginx/
 endef
 
+Package/nginx-ssl/conffiles = $(Package/nginx/conffiles)
+Package/nginx-all-module/conffiles = $(Package/nginx/conffiles)
+
+
 ADDITIONAL_MODULES:=
-ifeq ($(CONFIG_NGINX_NAXSI),y)
-  ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_src
-endif
-ifeq ($(CONFIG_NGINX_LUA),y)
-  ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/lua-nginx
-endif
-ifeq ($(CONFIG_IPV6),y)
-  ADDITIONAL_MODULES += --with-ipv6
-endif
-ifeq ($(CONFIG_NGINX_STUB_STATUS),y)
-  ADDITIONAL_MODULES += --with-http_stub_status_module
-endif
-ifeq ($(CONFIG_NGINX_FLV),y)
-  ADDITIONAL_MODULES += --with-http_flv_module
-endif
-ifeq ($(CONFIG_NGINX_SSL),y)
-  ADDITIONAL_MODULES += --with-http_ssl_module
-endif
-ifeq ($(CONFIG_NGINX_DAV),y)
-  ADDITIONAL_MODULES += --with-http_dav_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_CACHE),y)
-  ADDITIONAL_MODULES += --without-http-cache
-endif
-ifneq ($(CONFIG_NGINX_PCRE),y)
-  ADDITIONAL_MODULES += --without-pcre
-endif
-ifneq ($(CONFIG_NGINX_HTTP_CHARSET),y)
-  ADDITIONAL_MODULES += --without-http_charset_module
+
+ifneq ($(BUILD_VARIANT),all-module)
+  ifneq ($(CONFIG_NGINX_HTTP_CACHE),y)
+    ADDITIONAL_MODULES += --without-http-cache
+  endif
+  ifneq ($(CONFIG_NGINX_PCRE),y)
+    ADDITIONAL_MODULES += --without-pcre
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_CHARSET),y)
+    ADDITIONAL_MODULES += --without-http_charset_module
+  else
+    config_files += koi-utf koi-win win-utf
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_GZIP),y)
+    ADDITIONAL_MODULES += --without-http_gzip_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_SSI),y)
+    ADDITIONAL_MODULES += --without-http_ssi_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_USERID),y)
+    ADDITIONAL_MODULES += --without-http_userid_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_ACCESS),y)
+    ADDITIONAL_MODULES += --without-http_access_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_AUTH_BASIC),y)
+    ADDITIONAL_MODULES += --without-http_auth_basic_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_AUTOINDEX),y)
+    ADDITIONAL_MODULES += --without-http_autoindex_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_GEO),y)
+    ADDITIONAL_MODULES += --without-http_geo_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_MAP),y)
+    ADDITIONAL_MODULES += --without-http_map_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_SPLIT_CLIENTS),y)
+    ADDITIONAL_MODULES += --without-http_split_clients_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_REFERER),y)
+    ADDITIONAL_MODULES += --without-http_referer_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_REWRITE),y)
+    ADDITIONAL_MODULES += --without-http_rewrite_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_PROXY),y)
+    ADDITIONAL_MODULES += --without-http_proxy_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_FASTCGI),y)
+    ADDITIONAL_MODULES += --without-http_fastcgi_module
+  else
+    config_files += fastcgi_params
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_UWSGI),y)
+    ADDITIONAL_MODULES += --without-http_uwsgi_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_SCGI),y)
+    ADDITIONAL_MODULES += --without-http_scgi_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_MEMCACHED),y)
+    ADDITIONAL_MODULES += --without-http_memcached_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_LIMIT_CONN),y)
+    ADDITIONAL_MODULES += --without-http_limit_conn_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_LIMIT_REQ),y)
+    ADDITIONAL_MODULES += --without-http_limit_req_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_EMPTY_GIF),y)
+    ADDITIONAL_MODULES += --without-http_empty_gif_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_BROWSER),y)
+    ADDITIONAL_MODULES += --without-http_browser_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_HASH),y)
+    ADDITIONAL_MODULES += --without-http_upstream_hash_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_IP_HASH),y)
+    ADDITIONAL_MODULES += --without-http_upstream_ip_hash_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_LEAST_CONN),y)
+    ADDITIONAL_MODULES += --without-http_upstream_least_conn_module
+  endif
+  ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_KEEPALIVE),y)
+    ADDITIONAL_MODULES += --without-http_upstream_keepalive_module
+  endif
+  
+  ifeq ($(BUILD_VARIANT),ssl)
+    ifneq ($(CONFIG_NGINX_SSL),y)
+      ADDITIONAL_MODULES += --with-http_ssl_module
+    endif
+  endif
+  
+  ifeq ($(CONFIG_NGINX_SSL),y)
+    ADDITIONAL_MODULES += --with-http_ssl_module
+  endif
+  ifeq ($(CONFIG_NGINX_NAXSI),y)
+    ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_src
+  endif
+  ifeq ($(CONFIG_NGINX_LUA),y)
+    ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/lua-nginx
+  endif
+  ifeq ($(CONFIG_IPV6),y)
+    ADDITIONAL_MODULES += --with-ipv6
+  endif
+  ifeq ($(CONFIG_NGINX_STUB_STATUS),y)
+    ADDITIONAL_MODULES += --with-http_stub_status_module
+  endif
+  ifeq ($(CONFIG_NGINX_FLV),y)
+    ADDITIONAL_MODULES += --with-http_flv_module
+  endif
+  ifeq ($(CONFIG_NGINX_DAV),y)
+    ADDITIONAL_MODULES += --with-http_dav_module
+  endif
+  ifeq ($(CONFIG_NGINX_HTTP_AUTH_REQUEST),y)
+    ADDITIONAL_MODULES += --with-http_auth_request_module
+  endif
+  ifeq ($(CONFIG_NGINX_HTTP_V2),y)
+    ADDITIONAL_MODULES += --with-http_v2_module
+  endif
+  ifeq ($(CONFIG_NGINX_HTTP_REAL_IP),y)
+    ADDITIONAL_MODULES += --with-http_realip_module
+  endif
+  ifeq ($(CONFIG_NGINX_HTTP_SECURE_LINK),y)
+    ADDITIONAL_MODULES += --with-http_secure_link_module
+  endif
+  ifeq ($(CONFIG_NGINX_HTTP_SUB),y)
+	ADDITIONAL_MODULES += --with-http_sub_module
+  endif
+  ifeq ($(CONFIG_NGINX_HEADERS_MORE),y)
+    ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-headers-more
+  endif
+  ifeq ($(CONFIG_NGINX_HTTP_BROTLI),y)
+    ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-brotli
+  endif
+  ifeq ($(CONFIG_NGINX_STREAM),y)
+    ADDITIONAL_MODULES += --with-stream
+  endif
+  ifeq ($(CONFIG_NGINX_RTMP_MODULE),y)
+    ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-rtmp
+  endif
+  ifeq ($(CONFIG_NGINX_TS_MODULE),y)
+    ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-ts
+  endif
 else
-  config_files += koi-utf koi-win win-utf
-endif
-ifneq ($(CONFIG_NGINX_HTTP_GZIP),y)
-  ADDITIONAL_MODULES += --without-http_gzip_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_SSI),y)
-  ADDITIONAL_MODULES += --without-http_ssi_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_USERID),y)
-  ADDITIONAL_MODULES += --without-http_userid_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_ACCESS),y)
-  ADDITIONAL_MODULES += --without-http_access_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_AUTH_BASIC),y)
-  ADDITIONAL_MODULES += --without-http_auth_basic_module
-endif
-ifeq ($(CONFIG_NGINX_HTTP_AUTH_REQUEST),y)
-  ADDITIONAL_MODULES += --with-http_auth_request_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_AUTOINDEX),y)
-  ADDITIONAL_MODULES += --without-http_autoindex_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_GEO),y)
-  ADDITIONAL_MODULES += --without-http_geo_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_MAP),y)
-  ADDITIONAL_MODULES += --without-http_map_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_SPLIT_CLIENTS),y)
-  ADDITIONAL_MODULES += --without-http_split_clients_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_REFERER),y)
-  ADDITIONAL_MODULES += --without-http_referer_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_REWRITE),y)
-  ADDITIONAL_MODULES += --without-http_rewrite_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_PROXY),y)
-  ADDITIONAL_MODULES += --without-http_proxy_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_FASTCGI),y)
-  ADDITIONAL_MODULES += --without-http_fastcgi_module
-else
-  config_files += fastcgi_params
-endif
-ifneq ($(CONFIG_NGINX_HTTP_UWSGI),y)
-  ADDITIONAL_MODULES += --without-http_uwsgi_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_SCGI),y)
-  ADDITIONAL_MODULES += --without-http_scgi_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_MEMCACHED),y)
-  ADDITIONAL_MODULES += --without-http_memcached_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_LIMIT_CONN),y)
-  ADDITIONAL_MODULES += --without-http_limit_conn_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_LIMIT_REQ),y)
-  ADDITIONAL_MODULES += --without-http_limit_req_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_EMPTY_GIF),y)
-  ADDITIONAL_MODULES += --without-http_empty_gif_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_BROWSER),y)
-  ADDITIONAL_MODULES += --without-http_browser_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_HASH),y)
-  ADDITIONAL_MODULES += --without-http_upstream_hash_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_IP_HASH),y)
-  ADDITIONAL_MODULES += --without-http_upstream_ip_hash_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_LEAST_CONN),y)
-  ADDITIONAL_MODULES += --without-http_upstream_least_conn_module
-endif
-ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_KEEPALIVE),y)
-  ADDITIONAL_MODULES += --without-http_upstream_keepalive_module
-endif
-ifeq ($(CONFIG_NGINX_HTTP_V2),y)
-  ADDITIONAL_MODULES += --with-http_v2_module
-endif
-ifeq ($(CONFIG_NGINX_HTTP_REAL_IP),y)
-  ADDITIONAL_MODULES += --with-http_realip_module
-endif
-ifeq ($(CONFIG_NGINX_HTTP_SECURE_LINK),y)
-  ADDITIONAL_MODULES += --with-http_secure_link_module
-endif
-ifeq ($(CONFIG_NGINX_HEADERS_MORE),y)
-  ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-headers-more
-endif
-ifeq ($(CONFIG_NGINX_HTTP_BROTLI),y)
-  ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-brotli
-endif
-ifeq ($(CONFIG_NGINX_STREAM),y)
-  ADDITIONAL_MODULES += --with-stream
+  CONFIG_NGINX_HEADERS_MORE:=y
+  CONFIG_NGINX_HTTP_BROTLI:=y
+  CONFIG_NGINX_RTMP_MODULE:=y
+  CONFIG_NGINX_TS_MODULE:=y
+  CONFIG_NGINX_NAXSI:=y
+  CONFIG_NGINX_LUA:=y
+  ADDITIONAL_MODULES += --with-http_ssl_module --add-module=$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_src \
+    --add-module=$(PKG_BUILD_DIR)/lua-nginx --with-ipv6 --with-http_stub_status_module --with-http_flv_module \
+	--with-http_dav_module --with-stream --with-http_auth_request_module --with-http_v2_module --with-http_realip_module \
+	--with-http_secure_link_module --with-http_sub_module --add-module=$(PKG_BUILD_DIR)/nginx-headers-more \
+	--add-module=$(PKG_BUILD_DIR)/nginx-brotli --add-module=$(PKG_BUILD_DIR)/nginx-rtmp \
+	--add-module=$(PKG_BUILD_DIR)/nginx-ts
+  config_files += koi-utf koi-win win-utf fastcgi_params 
 endif
 
-define Package/nginx-mod-luci
+define Package/nginx-mod-luci/default
+  TITLE:=Nginx on LuCI
   SECTION:=net
   CATEGORY:=Network
   SUBMENU:=Web Servers/Proxies
   TITLE:=Support file for Nginx
   URL:=http://nginx.org/
-  DEPENDS:=nginx +uwsgi-cgi +uwsgi-cgi-luci-support
+  DEPENDS:=+uwsgi-cgi +uwsgi-cgi-luci-support
+endef
+
+define Package/nginx-mod-luci
+  $(Package/nginx-mod-luci/default)
+  DEPENDS += +nginx
 endef
 
 define Package/nginx-mod-luci/description
- Support file for LuCI in nginx (include custom nginx configuration, autostart script for uwsgi)
+ Support file for LuCI in nginx. Include custom nginx configuration, autostart script for uwsgi.
 endef
 
 define Package/nginx-mod-luci-ssl
-  SECTION:=net
-  CATEGORY:=Network
-  SUBMENU:=Web Servers/Proxies
-  TITLE:=Support file for Nginx (SSL)
-  URL:=http://nginx.org/
-  DEPENDS:=nginx +nginx-mod-luci
+  $(Package/nginx-mod-luci/default)
+  TITLE += with HTTPS support
+  DEPENDS += +nginx-ssl
 endef
 
-define Package/nginx-mod-luci-ssl/description
- Support file for LuCI in nginx (include custom nginx configuration, autostart script for uwsgi, redirect from http to https)
-endef
+Package/nginx-mod-luci-ssl/description = $(define Package/nginx-mod-luci/description) \
+  This also include redirect from http to https and cert autogeneration.
 
-TARGET_CFLAGS += -fvisibility=hidden -ffunction-sections -fdata-sections -DNGX_LUA_NO_BY_LUA_BLOCK -DNGX_HAVE_GCC_ATOMIC
+TARGET_CFLAGS += -fvisibility=hidden -ffunction-sections -fdata-sections -DNGX_LUA_NO_BY_LUA_BLOCK
 TARGET_LDFLAGS += -Wl,--gc-sections
 
-define Build/Configure
-	( cd $(PKG_BUILD_DIR) ; \
-		$(if $(CONFIG_NGINX_LUA),LUA_INC=$(STAGING_DIR)/usr/include LUA_LIB=$(STAGING_DIR)/usr/lib) \
-		./configure \
+ifeq ($(CONFIG_NGINX_LUA),y)
+  CONFIGURE_VARS += LUA_INC=$(STAGING_DIR)/usr/include \
+					LUA_LIB=$(STAGING_DIR)/usr/lib
+endif
+
+CONFIGURE_ARGS += \
 			--crossbuild=Linux::$(ARCH) \
 			--prefix=/usr \
 			--conf-path=/etc/nginx/nginx.conf \
@@ -268,9 +347,7 @@ define Build/Configure
 			--with-cc="$(TARGET_CC)" \
 			--with-cc-opt="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \
 			--with-ld-opt="$(TARGET_LDFLAGS)" \
-			--without-http_upstream_zone_module \
-	)
-endef
+			--without-http_upstream_zone_module
 
 define Package/nginx-mod-luci/install
 	$(INSTALL_DIR) $(1)/etc/nginx
@@ -281,6 +358,7 @@ define Package/nginx-mod-luci/install
 endef
 
 define Package/nginx-mod-luci-ssl/install
+	$(Package/nginx-mod-luci/install)
 	$(INSTALL_DIR) $(1)/etc/nginx
 	$(INSTALL_BIN) ./files-luci-support/luci_nginx_ssl.conf $(1)/etc/nginx/luci_nginx_ssl.conf
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
@@ -303,67 +381,130 @@ endif
 	$(if $(CONFIG_NGINX_NAXSI),$(chmod 0640 $(1)/etc/nginx/naxsi_core.rules))
 endef
 
+Package/nginx-ssl/install = $(Package/nginx/install)
+Package/nginx-all-module/install = $(Package/nginx/install)
+
 define Build/Prepare
-	$(call Build/Prepare/Default)
-	$(if $(CONFIG_NGINX_NAXSI),$(call Prepare/nginx-naxsi))
-	$(if $(CONFIG_NGINX_LUA),$(call Prepare/lua-nginx))
-	$(if $(CONFIG_NGINX_HTTP_BROTLI),$(call Prepare/nginx-brotli))
-	$(if $(CONFIG_NGINX_HEADERS_MORE),$(call Prepare/nginx-headers-more))
+	$(Build/Prepare/Default)
+	$(Prepare/nginx-naxsi)
+	$(Prepare/lua-nginx)
+	$(Prepare/nginx-brotli)
+	$(Prepare/nginx-headers-more)
+	$(Prepare/nginx-rtmp)
+	$(Prepare/nginx-ts)
 endef
 
-define Download/nginx-headers-more
-	VERSION:=a9f7c7e86cc7441d04e2f11f01c2e3a9c4b0301d
-	SUBDIR:=nginx-headers-more
-	FILE:=headers-more-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz
-	URL:=https://github.com/openresty/headers-more-nginx-module.git
-	PROTO:=git
-endef
 
-define  Prepare/nginx-headers-more
-	$(eval $(call Download,nginx-headers-more))
+ifeq ($(CONFIG_NGINX_HEADERS_MORE),y)
+  define Download/nginx-headers-more
+    VERSION:=a9f7c7e86cc7441d04e2f11f01c2e3a9c4b0301d
+    SUBDIR:=nginx-headers-more
+    FILE:=headers-more-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz
+    URL:=https://github.com/openresty/headers-more-nginx-module.git
+    MIRROR_HASH:=432609015719aaa7241e5166c7cda427acbe004f725887f78ef629d51bd9cb3f
+    PROTO:=git
+  endef
+  $(eval $(call Download,nginx-headers-more))
+
+  define Prepare/nginx-headers-more
+	$(eval $(Download/nginx-headers-more))
 	gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
-endef
+  endef
+endif
 
-define Download/nginx-brotli
-	VERSION:=37ab9b2933a0b756ba3447000b7f31d432ed8228
-	SUBDIR:=nginx-brotli
-	FILE:=ngx-brotli-module-$(PKG_VERSION)-$$(VERSION).tar.gz
-	URL:=https://github.com/eustas/ngx_brotli.git
-	PROTO:=git
-endef
 
-define  Prepare/nginx-brotli
-	$(eval $(call Download,nginx-brotli))
+ifeq ($(CONFIG_NGINX_HTTP_BROTLI),y)
+  define Download/nginx-brotli
+    VERSION:=e26248ee361c04e25f581b92b85d95681bdffb39
+    SUBDIR:=nginx-brotli
+    FILE:=ngx-brotli-module-$(PKG_VERSION)-$$(VERSION).tar.gz
+    URL:=https://github.com/eustas/ngx_brotli.git
+    MIRROR_HASH:=76b891ba49f82f0cfbc9cba875646e26ee986b522373e0aa2698a9923a4adcdb
+    PROTO:=git
+  endef
+  $(eval $(call Download,nginx-brotli))
+
+  define Prepare/nginx-brotli
+	$(eval $(Download/nginx-brotli))
 	gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
-endef
+  endef
+endif
 
-define Download/nginx-naxsi
-	VERSION:=fc4740f9734cabc1ce4c9d4cddc4b472eab1cc4b
-	SUBDIR:=nginx-naxsi
-	FILE:=nginx-naxsi-module-$(PKG_VERSION)-$$(VERSION).tar.gz
-	URL:=https://github.com/nbs-system/naxsi.git
-	PROTO:=git
-endef
 
-define  Prepare/nginx-naxsi
-	$(eval $(call Download,nginx-naxsi))
+ifeq ($(CONFIG_NGINX_RTMP_MODULE),y)
+  define Download/nginx-rtmp
+    VERSION:=791b6136f02bc9613daf178723ac09f4df5a3bbf
+    SUBDIR:=nginx-rtmp
+    FILE:=ngx-rtmp-module-$(PKG_VERSION)-$$(VERSION).tar.gz
+    URL:=https://github.com/arut/nginx-rtmp-module.git
+    MIRROR_HASH:=8db3f7b545ce98f47415e0436e12dfb55ae787afd3cd9515b5642c7b9dc0ef00
+    PROTO:=git
+  endef
+  $(eval $(call Download,nginx-rtmp))
+
+  define  Prepare/nginx-rtmp
+	$(eval $(call Download,nginx-rtmp))
 	gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
-endef
+  endef
+endif
 
-define Download/lua-nginx
-	VERSION:=55743aeba3075b34a250380b32bad6366eae6c30
-	SUBDIR:=lua-nginx
-	FILE:=lua-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz
-	URL:=https://github.com/openresty/lua-nginx-module.git
-	PROTO:=git
-endef
 
-define  Prepare/lua-nginx
-	$(eval $(call Download,lua-nginx))
+ifeq ($(CONFIG_NGINX_TS_MODULE),y)
+  define Download/nginx-ts
+    VERSION:=ef2f874d95cc75747eb625a292524a702aefb0fd
+    SUBDIR:=nginx-ts
+    FILE:=ngx-ts-module-$(PKG_VERSION)-$$(VERSION).tar.gz
+    URL:=https://github.com/arut/nginx-ts-module.git
+    MIRROR_HASH:=31ecc9968b928886b54884138eafe2fa747648bca5094d4c3132e8ae9509d1d3
+    PROTO:=git
+  endef
+  $(eval $(call Download,nginx-ts))
+
+  define  Prepare/nginx-ts
+	$(eval $(call Download,nginx-ts))
+	gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
+  endef
+endif
+
+
+ifeq ($(CONFIG_NGINX_NAXSI),y)
+  define Download/nginx-naxsi
+    VERSION:=951123ad456bdf5ac94e8d8819342fe3d49bc002
+    SUBDIR:=nginx-naxsi
+    FILE:=nginx-naxsi-module-$(PKG_VERSION)-$$(VERSION).tar.gz
+    URL:=https://github.com/nbs-system/naxsi.git
+    MIRROR_HASH:=7ab791f2ff38096f48013141bbfe20ba213d5e04dcac08ca82e0cac07d5c30f0
+    PROTO:=git
+  endef
+  $(eval $(call Download,nginx-naxsi))
+
+  define Prepare/nginx-naxsi
+	$(eval $(Download/nginx-naxsi))
+	gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
+  endef
+endif
+
+
+ifeq ($(CONFIG_NGINX_LUA),y)
+  define Download/lua-nginx
+    VERSION:=576a10d246daf81c0ce1b959c50ee807769c01a8
+    SUBDIR:=lua-nginx
+    FILE:=lua-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz
+    URL:=https://github.com/openresty/lua-nginx-module.git
+    MIRROR_HASH:=85ab2fc752d4e09f266209fdec507b30c57bb966c34bbff148cf3459ae5cac80
+    PROTO:=git
+  endef
+  $(eval $(call Download,lua-nginx))
+
+  define Prepare/lua-nginx
+	$(eval $(Download/lua-nginx))
 	gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
 	$(call PatchDir,$(PKG_BUILD_DIR),./patches-lua-nginx)
-endef
+  endef
+endif
 
 $(eval $(call BuildPackage,nginx))
+$(eval $(call BuildPackage,nginx-ssl))
+$(eval $(call BuildPackage,nginx-all-module))
 $(eval $(call BuildPackage,nginx-mod-luci))
 $(eval $(call BuildPackage,nginx-mod-luci-ssl))
diff --git a/nginx/files-luci-support/60_nginx-luci-support b/nginx/files-luci-support/60_nginx-luci-support
index 38a8aa885..dd076d260 100644
--- a/nginx/files-luci-support/60_nginx-luci-support
+++ b/nginx/files-luci-support/60_nginx-luci-support
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 if [ -f "/etc/nginx/luci_nginx.conf" ] && [ -f "/etc/nginx/nginx.conf" ]; then
-	if [ ! "$(cat '/etc/nginx/nginx.conf' | grep -q 'luci_uwsgi.conf')" ]; then
+	if [ ! "$(cat '/etc/nginx/nginx.conf' | grep 'luci_uwsgi.conf')" ]; then
 		mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf_old
 		mv /etc/nginx/luci_nginx.conf /etc/nginx/nginx.conf
 		core_number=$(grep -c ^processor /proc/cpuinfo)
@@ -20,6 +20,8 @@ if [ -f "/etc/nginx/luci_nginx.conf" ] && [ -f "/etc/nginx/nginx.conf" ]; then
 		else
 			/etc/init.d/uwsgi start
 		fi
+	else
+		rm /etc/nginx/luci_nginx.conf
 	fi
 fi
 
diff --git a/nginx/files-luci-support/70_nginx-luci-support-ssl b/nginx/files-luci-support/70_nginx-luci-support-ssl
index 1cc1a85fc..76ce3a819 100644
--- a/nginx/files-luci-support/70_nginx-luci-support-ssl
+++ b/nginx/files-luci-support/70_nginx-luci-support-ssl
@@ -2,7 +2,7 @@
 
 
 if [ -f "/etc/nginx/luci_nginx_ssl.conf" ] && [ -f "/etc/nginx/nginx.conf" ]; then
-	if [ ! "$(cat '/etc/nginx/nginx.conf' | grep -q 'return 301 https://$host$request_uri;')" ]; then
+	if [ ! "$(cat '/etc/nginx/nginx.conf' | grep 'return 301 https://$host$request_uri;')" ]; then
 		if [ -f "/etc/nginx/nginx.conf_old" ]; then
 			rm /etc/nginx/nginx.conf
 		else
@@ -16,6 +16,8 @@ if [ -f "/etc/nginx/luci_nginx_ssl.conf" ] && [ -f "/etc/nginx/nginx.conf" ]; th
 		else
 			/etc/init.d/nginx start
 		fi
+	else
+		rm /etc/nginx/luci_nginx_ssl.conf
 	fi
 fi
 
diff --git a/nginx/files-luci-support/luci_nginx.conf b/nginx/files-luci-support/luci_nginx.conf
index 78f916b04..53d4ab6c7 100644
--- a/nginx/files-luci-support/luci_nginx.conf
+++ b/nginx/files-luci-support/luci_nginx.conf
@@ -1,5 +1,5 @@
 
-user  root;
+user nobody nogroup;
 worker_processes  1;
 
 #error_log  logs/error.log;
diff --git a/nginx/patches/201-ignore-invalid-options.patch b/nginx/patches/201-ignore-invalid-options.patch
new file mode 100644
index 000000000..82180239d
--- /dev/null
+++ b/nginx/patches/201-ignore-invalid-options.patch
@@ -0,0 +1,12 @@
+--- a/auto/options
++++ b/auto/options
+@@ -391,8 +391,7 @@
+         --test-build-solaris-sendfilev)  NGX_TEST_BUILD_SOLARIS_SENDFILEV=YES ;;
+ 
+         *)
+-            echo "$0: error: invalid option \"$option\""
+-            exit 1
++            echo "$0: error: ignoring invalid option \"$option\""
+         ;;
+     esac
+ done