summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony Ryan <anthonyryan1@gmail.com>2023-07-13 18:53:44 -0400
committerConrad Kostecki <conikost@gentoo.org>2023-07-15 02:49:51 +0200
commitf13a45929c795f9e4802adb54bfcea1f1c59de01 (patch)
tree5f592145fa40340f50306d03d8a317f401c76cad
parentsci-electronics/nvc: compile with one makejob (diff)
downloadgentoo-f13a4592.tar.gz
gentoo-f13a4592.tar.bz2
gentoo-f13a4592.zip
www-servers/nginx: Add USE="ktls" (Kernel TLS offload)
Kernel TLS offload can reduce HTTPS the number of CPU and Memory ops necessary to send a file over HTTPS. To activate kTLS you need: - CONFIG_TLS=y in the kernel - OpenSSL built with USE="ktls" - ssl_conf_command Options KTLS; in nginx.conf After these changes the ebuild will get everything except nginx.conf ready. Signed-off-by: Anthony Ryan <anthonyryan1@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/31870 Signed-off-by: Conrad Kostecki <conikost@gentoo.org>
-rw-r--r--www-servers/nginx/metadata.xml1
-rw-r--r--www-servers/nginx/nginx-1.25.1-r2.ebuild7
2 files changed, 7 insertions, 1 deletions
diff --git a/www-servers/nginx/metadata.xml b/www-servers/nginx/metadata.xml
index 53e205ae2540..2cd20a68b9fb 100644
--- a/www-servers/nginx/metadata.xml
+++ b/www-servers/nginx/metadata.xml
@@ -8,6 +8,7 @@
<flag name="http2">Enable HTTP2 module support</flag>
<flag name="http3">Enable HTTP3 module support</flag>
<flag name="http-cache">Enable HTTP cache support</flag>
+ <flag name="ktls">Enable Kernel TLS offload (kTLS)</flag>
<flag name="libatomic">Use libatomic instead of builtin atomic operations</flag>
<flag name="pcre-jit">Enable JIT for pcre</flag>
<flag name="pcre2">Enable support for pcre2</flag>
diff --git a/www-servers/nginx/nginx-1.25.1-r2.ebuild b/www-servers/nginx/nginx-1.25.1-r2.ebuild
index f123cec7a6cb..1093a0399894 100644
--- a/www-servers/nginx/nginx-1.25.1-r2.ebuild
+++ b/www-servers/nginx/nginx-1.25.1-r2.ebuild
@@ -252,7 +252,7 @@ NGINX_MODULES_3RD="
stream_javascript
"
-IUSE="aio debug +http +http2 http3 +http-cache libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
+IUSE="aio debug +http +http2 http3 +http-cache ktls libatomic pcre +pcre2 pcre-jit rtmp selinux ssl threads vim-syntax"
for mod in $NGINX_MODULES_STD; do
IUSE="${IUSE} +nginx_modules_http_${mod}"
@@ -298,6 +298,9 @@ CDEPEND="
http-cache? (
dev-libs/openssl:0=
)
+ ktls? (
+ >=dev-libs/openssl-3:0=[ktls]
+ )
nginx_modules_http_brotli? ( app-arch/brotli:= )
nginx_modules_http_geoip? ( dev-libs/geoip )
nginx_modules_http_geoip2? ( dev-libs/libmaxminddb:= )
@@ -328,6 +331,7 @@ BDEPEND="nginx_modules_http_brotli? ( virtual/pkgconfig )"
PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
REQUIRED_USE="pcre-jit? ( pcre )
+ ktls? ( ssl )
nginx_modules_http_fancyindex? ( nginx_modules_http_addition )
nginx_modules_http_grpc? ( http2 )
nginx_modules_http_lua? (
@@ -442,6 +446,7 @@ src_configure() {
use debug && myconf+=( --with-debug )
use http2 && myconf+=( --with-http_v2_module )
use http3 && myconf+=( --with-http_v3_module )
+ use ktls && myconf+=( --with-openssl-opt=enable-ktls )
use libatomic && myconf+=( --with-libatomic )
use pcre && myconf+=( --with-pcre --without-pcre2 )
use pcre-jit && myconf+=( --with-pcre-jit )