The default access/error logs are access.log and error.log: nginx http access log file: "/usr/local/nginx/logs/access.log" nginx error log file: "/usr/local/nginx/logs/error.log" We set them to access_log and error_log: ./configure --http-log-path="${EPREFIX}"/var/log/${PN}/access_log --error-log-path="${EPREFIX}"/var/log/${PN}/error_log Even if you set "error_log /var/log/nginx/error.log error;" in nginx.conf, you'll have an empty /var/log/nginx/error_log I think it would be nice to use the same names as upstream does (access.log / error.log). Thanks.
This is complicated: Upstream is using file specified via --error-log-path configure option to log config parser issues. Upstream's idea is that you should have a chance to catch broken config especially during unattended boot. See https://trac.nginx.org/nginx/ticket/147 for more details. I wish that upstream would provide a command-line argument to allow people to overwrite configure path at runtime because whatever name we will pick, there will be always user who want to use a different name/location. Regarding chosen names: I can only speculate why Gentoo picked {access,error}_log instead of {access,error}.log as filename. I assume to match with Apache log names. I am not sure if we should change this. Although I am using *.log naming schema by myself we must assume to some point that user already found out about the problem that nginx is always using file from --error-log-path option and have adopted to that file and naming. Maybe ebuild could read from NGINX_DEFAULT_ERROR_LOG environment variable for example allowing user to set a different path in configure...
Thanks for the explanation, didn't know that.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c325bb75759d33f63580baedce3a0213df7934f3 commit c325bb75759d33f63580baedce3a0213df7934f3 Author: Zurab Kvachadze <zurabid2016@gmail.com> AuthorDate: 2024-07-13 10:38:00 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-07-05 07:26:53 +0000 www-servers/nginx: add 1.29.0, use nginx.eclass This commit makes NGINX employ new nginx.eclass. This adds the mainline 1.29.0 NGINX version to the Gentoo tree bringing a considerable amount of changes: * NGINX is now fully slotted. Stable versions are in the 'stable' SLOT and mainline ones are in the 'mainline' SLOT. There is also a 'live' slot for the latest git version. * All external modules have been unbundled from the main NGINX package. They will soon be available as separate packages in the www-nginx/ category. In addition, NGINX development kit (ngx_devel_kit) is no longer unconditionally statically built into NGINX binary. * LICENSE has been modified to reflect reality. * USE flag changes: 1. "pcre", "pcre2" have been removed along with the dependency on EOL libpcre1. Bug 886537, although it is not really closed until old versions that still depend on libpcre1 are treecleaned. 2. "ktls" and "pcre-jit" have been removed completely since they have no effect if system OpenSSL and libpcre are used (as is always the case with NGINX on Gentoo). 3. "threads" - removed, even though some really ancient third-party modules break with this (e.g. mogilefs last time I checked it). nginx.eclass enables pthreads support unconditionally, see https://bugs.gentoo.org/868336. 4. "vim-syntax" has been removed, as vimfiles are bundled with NGINX, are more updated there and, therefore, are now installed from the NGINX tarball. 5. "http2" and "http3" have been moved to their nginx_modules_http_v{2,3} counterparts where they actually belong as regular modules. 6. "ssl" has been moved to nginx_modules_{http,mail,stream}_ssl. 7. "http-cache" has been removed. It does not even qualify to be a USE flag: the flag just passes some argument to disable the http cache, which (the cache) is not documented upstream at all. 8. "modules" USE flag has been added to control dynamic modules support. 9. A substantial amount of USE flags have been added for minor HTTP, stream (bug 735020) and mail modules. * All the miscellaneous files (configuration file, confd, init and logrotate scripts, systemd service) have been revbumped. NGINX now ships with tmpfiles.d(5) configuration file (see below). This closes bugs 481456, 928131, 576414. * All the files that previously went into /etc/nginx are now stored in /usr/share/nginx, apart from nginx.conf. * NGINX's temporary files are now stored in /var/tmp/nginx, instead of /var/lib/nginx/tmp. The new directory is managed by systemd-tmpfiles(8), which has been added as a dependency. * NGINX now uses the access.log and error.log as default log names, instead of access_log and error_log (bug 700866). * NGINX no longer does strange permission checks for 8-year-old CVEs. This commit also closes the bug 578658 mentioned in nginx.eclass. Bug: https://bugs.gentoo.org/886537 Closes: https://bugs.gentoo.org/481456 Closes: https://bugs.gentoo.org/928131 Closes: https://bugs.gentoo.org/576414 Closes: https://bugs.gentoo.org/578658 Closes: https://bugs.gentoo.org/735020 Closes: https://bugs.gentoo.org/700866 Signed-off-by: Zurab Kvachadze <zurabid2016@gmail.com> Part-of: https://github.com/gentoo/gentoo/pull/37590 Signed-off-by: Sam James <sam@gentoo.org> www-servers/nginx/Manifest | 2 ++ www-servers/nginx/nginx-1.29.0.ebuild | 31 +++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) Additionally, it has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c7e33e57a2eb5e8d58048e3a3443177092f889bd commit c7e33e57a2eb5e8d58048e3a3443177092f889bd Author: Zurab Kvachadze <zurabid2016@gmail.com> AuthorDate: 2024-05-25 22:15:36 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-07-05 07:26:48 +0000 www-servers/nginx: add nginx-r2.logrotate This is the second revision of the logrotate script for NGINX. This changes the log files' names from /var/log/nginx/*_log to /var/log/nginx/*.log, resembling the new nginx.eclass defaults (bug 700866). The postrotate script was updated to use the "$()" construct for the command substitution, instead of the legacy `backtick` one. The "kill" utility now use a more POSIX-complying argument "-s singal_name", replacing the XSI's "-signal_name". Bug: https://bugs.gentoo.org/700866 Signed-off-by: Zurab Kvachadze <zurabid2016@gmail.com> Part-of: https://github.com/gentoo/gentoo/pull/37590 Signed-off-by: Sam James <sam@gentoo.org> www-servers/nginx/files/nginx-r2.logrotate | 11 +++++++++++ 1 file changed, 11 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33d3f76d5dfc7a168b019edc1385af39aed75840 commit 33d3f76d5dfc7a168b019edc1385af39aed75840 Author: Zurab Kvachadze <zurabid2016@gmail.com> AuthorDate: 2024-05-25 19:57:29 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-07-05 07:26:41 +0000 nginx.eclass: Add new eclass for building the NGINX server This adds a generic eclass for building, testing and installing NGINX distributions (F5's NGINX, freenginx, etc). This is a complete revamp of the way NGINX is packaged in Gentoo. The problem =========== NGINX has not been maintained for almost 2 years, since June 5 2022 (commit 9061b2f2318: "*/*: reassign whissi's packages"). In its current state, NGINX has 16 open bugs, with the oldest being reported more than 10 years ago (471106, 496318 and a few more). Moreover, each NGINX ebuild is over 1100 lines of code and 40 kilobytes in size, with enormous amounts of code being copied over with each version bump. Currently, these are some of the most obvious issues. There is another major problem: the www-servers/nginx package bundles 25 third party modules. This inflexible approach has its own issues: * version pinning (of the external modules). * no trivial way to add other external modules (for the end user). The actual code is very old, has inconsistent USE flag choices (http{2,3} being USE flags on their own rather than NGINX_MODULES_HTTP USE_EXPAND flags, the same goes for the ssl USE flag, etc.), outright useless USE flags that do nothing at all (pcre-jit and ktls), outdated dependencies (libpcre instead of libpcre2 by default), mixed shell constructs ('[' somewhere and '[[' elsewhere). The ebuild adds the default include paths to CFLAGS and LDFLAGS for no reason and has warnings about the versions as old as 1.10 (released in January 2017); the ebuild configures NGINX to store its temporary files in /var/lib, instead of /var/tmp and so on... Although this does not intend to cover all the flaws of the current state of NGINX in the Gentoo tree, it is blatant that the quality of the NGINX ebuilds are quite poor and that they are overall particularly messy and clunky. So, I deemed "repackaging" NGINX from the ground up an easier task (than fixing the current NGINX ebuild in-place) and went on with it. The solution ============ This eclass aims to fully cover as much of what is in common between different NGINX versions and distributions as possible, which by itself requires a high degree of flexibility in an eclass. The nginx.eclass does not intend to move the aforementioned complexity to a one place, but rather to *get rid* of it entirely. It achieves this by requiring the inheriting ebuilds to provide the "specification" of their version. The specification is really simple and is comprised of 4 variables: * NGINX_MODULES, that defines available modules, i.e "http_perl", "http_geoip", "http_ssl", "http_v3", "mail_imap", etc. * NGINX_SUBSYSTEMS, that defines individual available NGINX servers: "http", "stream" and "mail". * NGINX_TESTS_COMMIT, that defines a partcular commit of NGINX tests. * NGINX_UPDATE_STREAM, that corresponds to the NGINX version type as defined upstream. Currently, it is either "mainline", "stable" or "live" for the Git version. SLOT is derived from this variable. And 1 optional variable: * NGINX_MISC_FILES, that specifies files in FILESDIR, e.g. NGINX main configuration file, NGINX systemd service file, etc. They are installed into specific locations based on their file extension. The nginx.eclass takes care of all the other aspects. This eclass: 1. Sets the default value for DESCRITPION, HOMEPAGE, LICENSE, SRC_URI. SLOT is set to ${NGINX_UPDATE_STREAM}/${PV}. 2. Populates IUSE, based on the NGINX_MODULES and NGINX_SUBSYSTEMS variables. 3. Fills BDEPEND, DEPEND and RDEPEND with general NGINX dependencies. 4. Sets blocks on all possible update streams (that are expressed as SLOT) apart from the current one, in order to disallow installing multiple NGINX versions at once. 5. Sets REQUIRED_USE for inter-module dependencies, unless OVERRIDE_NGINX_MOD_REQUIRED_USE is set. 6. Sets BDEPEND, DEPEND and RDEPEND for external module dependencies, unless OVERRIDE_NGINX_MOD_DEPEND is set. 7. Sets BDEPEND for module test dependencies, unless OVERRIDE_NGINX_MOD_TEST_DEPEND is set. (points 5-7: the nginx.eclass comes with a default list for such dependencies; the REQUIRED_USE and *DEPEND variables are only set for the modules that are present in NGINX_MODULES). 8. Unpacks the sources or clones the Git repository. 9. Configures NGINX, obviously. 10. Compiles NGINX. 11. Tests the compiled binary. The test dependencies have also been brought in line with what tests actually depend on. 12. Installs NGINX, complying with the FHS. The files specified in NGINX_MISC_FILES are installed in their respective directories. If "modules" use flag is enabled, indicating dynamic modules support, NGINX build system is installed into /usr/src/nginx and NGINX headers are installed into /usr/include/nginx. The nginx.eclass also installs Portage set @nginx-modules-rebuild. It groups all the NGINX dynamic modules and is mainly of use for those who install the "live" version. A considerable part of the eclass parses the ebuild variables, the actual phase function code constitues roughly 240 LoC (out of 790 total). Every part of the eclass is thoroughly annotated and documented. The nginx.eclass sets up the infrastructure for resolving the following bugs: * 886537 - "drop support for obsolete dev-libs/libpcre": _ngx_set_mod_depend() makes the http_rewrite module depend only on dev-libs/libpcre2. * 578658 - "silently ignoring USE=http": nginx.eclass introduces the "http" USE flag, which is a master switch for the whole http subsystem. * 573710 - "Add support for external 3rd party modules": nginx.eclass acts as a foundation for such support. The actual support for building dynamic modules will be in a separate eclass - nginx-module.eclass. * 735020 - "missing a USE flag for building --with-stream only": nginx.eclass adds the "stream" flag to IUSE, allowing the subsystem to be enabled without requiring to alter the NGINX_MODULES_STREAM variable. * 700866 - "use default log names": this eclass uses the default {access,error}.log filenames, instead of {access,error}_log. * 925098 - "www-servers/freenginx - new package": with this eclass, adding freenginx to the Gentoo tree is as simple as setting the aforementioned NGINX_* variables, inheriting nginx.eclass and setting the proper HOMEPAGE, DESCRITPION and SRC_URI. It is crucial to also add block on www-servers/nginx, so that the two packages are not installed simultaneously. Nonetheless, the procedure desribed above is not comprehensive; freenginx will not be regarded by the package manager as a drop-in replacement of F5's NGINX for external modules. To achieve this, a separate virtual/nginx ebuild must be created. Bug: https://bugs.gentoo.org/886537 Bug: https://bugs.gentoo.org/578658 Bug: https://bugs.gentoo.org/573710 Bug: https://bugs.gentoo.org/735020 Bug: https://bugs.gentoo.org/700866 Bug: https://bugs.gentoo.org/925098 Signed-off-by: Zurab Kvachadze <zurabid2016@gmail.com> Part-of: https://github.com/gentoo/gentoo/pull/37590 Signed-off-by: Sam James <sam@gentoo.org> eclass/nginx.eclass | 951 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 951 insertions(+)