gentoo resync : 29.10.2017

13 files changed, 2507 insertions, 146 deletions

diff --git a/www-servers/apache/Manifest b/www-servers/apache/Manifest
index 9448068f5657..3013c675403b 100644
--- a/www-servers/apache/Manifest
+++ b/www-servers/apache/Manifest
@@ -3,19 +3,18 @@ AUX apache-asf-httpoxy.patch 830 SHA256 5ea2bf7f64dfde9c8141578208fa9eb17702769a
 AUX apache.conf 55 SHA256 ea616c5cc37979a006d69c51bda43fca15a4327d33175762652b29f5cdea1c7b SHA512 3a53beb7a283d17c14383f16ad14c0602681ac1b193cce8f5aca50ae9d9af3a71054ce4a9ab11cbcb72fe913459e1b306fd54660154e66afe10272f8c0f149f3 WHIRLPOOL fa348414f320a9f70001386dfb77d57ca4836c3ef3d251976077b7ad545d7f6752e534efadbf28c7dcb777388e3d844eba84b939dcf48881983388daf6ac23f0
 AUX apache2.2-hardened.service 970 SHA256 aaddbfb3953ad24b3714c54769df625d990833a24a075cfc0a10976c60dfa774 SHA512 c206e7103d592dcf4f2d62979a20f7ab3cc7ce357ffe3c06ae8137064c812b9727e01a53fd602a0a55a64ed609664061de680ff42329381db787e2dae9310c48 WHIRLPOOL 0dbec118e471363e84e00b6163ee6e7f7d9062d486523171da9c9df1f9eb3a7733bbc7262daa7f1ac9d47c1d4155d94ffd2f4b8d7905fa9372c1e275ea111b95
 AUX apache2.2.service 716 SHA256 e850ad73585fbba52ade58a39ca91adbfd52f56a0bbd426ebcadb340a7dcb62b SHA512 5f736c803772077598248bbb41f76dff396dfd2f11a60d1ba929a619275efb8c1b4c0dab78cbcdf83b9ec94db67b958b3333b01f67d71eb3b2e07dba4bca2a7c WHIRLPOOL 776a928422b8f37a12099111a1503674ca901934b60dca8596dc8bc287390be9a0e912d7ba6226dcb22eb7c669fa298ddc20fd7bf5c275b0cf019bae0d594839
-DIST gentoo-apache-2.2.29-20140922.tar.bz2 64135 SHA256 8c69c36c2f40fb81ee905b4dd72ab74aab4563c75149d302f372a451498e2678 SHA512 1d9aa12aa3ab79b5f80ee3fda020b33ff6798e5b1abbcbc138acea06a1ab9968ad240d2bdf9c5dbb9640fa9fb6718eec7175df7cc0fb8574cc4d7d5cdfb5bcc4 WHIRLPOOL f655300f0dcd2f4503cbdb25983fed902e4b717ff57e06f66486bebd0ed7cb8df56387be74b4259bfffad949bb446c5ec28f89065b6d5239585324b610be7b88
 DIST gentoo-apache-2.2.34-20170918.tar.bz2 64390 SHA256 27a1755e3cee4bf4976fd3ed7aeb55db7ad3c0076ae2081ae626d4133c91aac2 SHA512 10b42e50dcc196f60bcaefe90c382d62a61339dd8a56e899d6afb6998be4acdd376e2c3509791f22a0acf99d06add497e32703b6d523f640306a6db5e05f358a WHIRLPOOL 4480bc9ff7a7291eacdc4a8c77e12e58c48f8e1c87ed164a4af42dbdaceebd554343384291723310cbf20d8d0660817f59aa72e7cf541283a142d9f1b3fa58c2
 DIST gentoo-apache-2.4.18-r1-20160303.tar.bz2 24505 SHA256 d81e32d876594b48a7ff6d9123bf776c5bea5453eddd2fe40f4a9b79c11537aa SHA512 68f0c4de38ae05c45839fe692cbb7de641e331ca133b8aaaf69f3659dec15833cda95e6e074edb3a5b6b6d59b3fc5a4ee3589fff810707fe27417a25cd8a4c4d WHIRLPOOL fb61224b2104e611237e1d09eb4dfb3d2b8f023348c9622f7f19434b6b77d63786c41af17a300d994c14d983676f3753ab6fa52f7a7fcd07b9cea3d7eeacc9b9
 DIST gentoo-apache-2.4.27-20170918.tar.bz2 24850 SHA256 10c7404707508ce91ce59974f55fe4368ee153b299f697441f703dab1aefd17a SHA512 c58a9a0b171188ff163f6b45c47f243797d4050cf461ba1a642115350285879005be6496cee2031bffaccc0d8beda4c27de87afa2ded17cbe559f792eb7c00e8 WHIRLPOOL 143092df671320d353bb8221fe62351f5f70262fa5e83cad6904633bcbbd177810717f297081d59e3e3a37e2cb42a004c0575fb55d52e0d1ae7197768b96aef8
-DIST httpd-2.2.31.tar.bz2 5610489 SHA256 f32f9d19f535dac63b06cb55dfc023b40dcd28196b785f79f9346779e22f26ac SHA512 5aa47d4b76f692bbd8b309135ff99152df98cf69b505b9daf3f13f7f2a31443eaf4995161adfbc47a133b4d0e091fda2d95fc6b87a956f0ada18d7466ee28e74 WHIRLPOOL a2e3e53c51719cb6f7e641b41788cd89ce7b4d2ea105b403bfa3b3d4479b69c5604228269062f66722594e105e91121d05b1c9f27ca7dc4ecfcf339da8b8375c
 DIST httpd-2.2.34.tar.bz2 5779739 SHA256 e53183d5dfac5740d768b4c9bea193b1099f4b06b57e5f28d7caaf9ea7498160 SHA512 e6dac5865a48533c025fe17523ee74d68c3a23f9512c9441b78a140e33cfb6835573eb049b0ad424eb5c5ca78a1915778c54e8a409da95fbdd3890cb99e08240 WHIRLPOOL 0bd86b3644fae79c74928c0cd8bc3e4b7d821544a760dbe6459df43210f690d3c4dc74168e029b0b5bbaba6fcd0433aeb4312794455d91b00b7c36c537dfdefd
 DIST httpd-2.4.27.tar.bz2 6527394 SHA256 71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a SHA512 7e7e8070715b74cb6890096a74e194f4c6a49c14bda685b1ad832e84312f1ac4316ea03a430e679502bfd8e1853aefa544ee002a20d0f7e994b9a590c74bc42c WHIRLPOOL 35aeaa01b2bf5772ad21d1011e619befd75fdaade5aa0ca7c61367e7b7a66af28dccf8729a53418f2598199721b68aac7d8c575797ed218150d00af4e8dd4dba
 DIST httpd-2.4.28.tar.bz2 6553163 SHA256 c1197a3a62a4ab5c584ab89b249af38cf28b4adee9c0106b62999fd29f920666 SHA512 8de8e32b87e6de220e492e74db9df0882fae11c3b9732f3d3316da048c04767ac4429c0433c36f87d8705263e3376f97a7e1f66a9d7a518632a67b6fe617590a WHIRLPOOL a4c8be522d5e900e01cefc0fc6d196e3e49e45e2daffa9ec22b2dc44deace506da5a4cf68afd04b0062b87ffcd27b6e59d0b8ae71cc2304d5080d066174e95ed
-EBUILD apache-2.2.31-r1.ebuild 3046 SHA256 24ce15f98c4a7aa7e095aedf4aed23f763a3b540bce5976523961c9a96440ca2 SHA512 d3f5c471783365f53a9fd0678ae806d69d6ea3b872cb5ccfe5abdc5e7ad548402a5bac11ebcd1e6100c4245f220663b956ec8b22c1d3963d7ef45b9256def3d7 WHIRLPOOL 638a1978bd526a7e0d1e3c0c77c49a2e82d8869c69a5434c3a84ae83bf5cad18fb294d53c50dd0b5acc1e0e22ad787808b336c1d0b1a31b073fba0693c0092e5
-EBUILD apache-2.2.34.ebuild 2989 SHA256 582679d31812cf52f39a1056ee32ccb3ad11f4757e0ff10b56167639224007e9 SHA512 b256e889e63ec4a54fff8390c26072a5b1cfa86f44bf4c655e910740e6cac4d9781496ed332ff6db989a4381e4a837acc65579a045ddbcd3c2cd510a990ee1c3 WHIRLPOOL 662da708552c191a423300195d16928baf96922c6462f08a38a5fece6947b8f2302d4688b5011378c02c4e28b6faf5b2e65b3d4a0bd02f599fb50fb8f87ddd30
+DIST httpd-2.4.29.tar.bz2 6567926 SHA256 777753a5a25568a2a27428b2214980564bc1c38c1abf9ccc7630b639991f7f00 SHA512 840982fd3d21463bc5c1747f211dfacf3abdf634d149e49bb49fd2e5deda140de602dbdf31e1bbe5337a48f718ab2261c408e83a8dd39a9291ee7b6b7a85639a WHIRLPOOL bd91e3baa3c2b25cb6a4e48062c38a97f9c941884be2e44805a3a08e1fdfb13bf18b37b6c7ab9e7656934f2d3b8c2893e79480ee119f073bfbb376b6c3e32a74
+EBUILD apache-2.2.34.ebuild 2988 SHA256 86b7a4116620a7aab67d6a71db6c8cb9ce2de012bc4bf0d87c28eac3a5bdb4bc SHA512 913dde770b5efd1e283d96403232aad75cb5ef6cbc9dbdefe90d307d2479dcb6245e2faffb47291118f48f576b1a0fae849e3ea481ff7208a755ef5b62033022 WHIRLPOOL 0813614af2a3b291dd1f9e781c7f300ad4331865412afd55c5d538178ae21d79193d1617c81f94b86d6e510dc8bfd0ae2afc12cd3e64e897c8cc1c97f318f7e7
 EBUILD apache-2.4.27-r1.ebuild 7750 SHA256 51733b100447f8cfdb2d1cf2ce980d6122d5e523cfa8ff7dbf45708970350171 SHA512 fa24f363d2cb031ca2467e53daeccd33f475e81801b6db2654063dca4b4a55be166b6b0dd12bd0943d88b032cc56a3ee09a51577660aedc449ea1df136cbffb5 WHIRLPOOL 840cd9ef44c9f2dce4d588ad211ac0612a6c7242e3778a0ebcf23f0345f7ecc855b1e5222c7107042be4e6f871ce504c0d388027b1e921f238863576a4044a8d
 EBUILD apache-2.4.27.ebuild 7761 SHA256 02a0e6b6d8150ee9766e9e1462ccff5036e00f97cda6540daa4bde08d356bca9 SHA512 efb043984a186acfa87e5cdbef60a65b16d33e870010d2c55ace8e7c9356202bdaec8c6c89586a1664967f27b57f0baaaf62da217c2168d9db0381ed564c1083 WHIRLPOOL 16b20195bede9c2c70451a58ba8fd8b85294a66f24a022feb683cd49719dd6cfc2dc43d451a50539727a6ba1fe5bb0a066cdb5a62fe8c4516b0b342bfe49536f
 EBUILD apache-2.4.28.ebuild 7776 SHA256 8ab5eba66f653d827d1b1f1bd087638aba82f8193d49b491f9ff9c1d80c98c19 SHA512 48a4dcf833fb4896dee8ae571939e9f2066655e8e23cd8512ebabe202d8d9bb95ffd007881fc69930deb03c95988119645d1b169d8939fbdfed15cfea3ea150d WHIRLPOOL 3c1ace2f261f10efbcaf5ed8a61b19884cbd2c1b0a28eea5b67d9fa96f1b8c9f761e1bcc3b09dc7d595b8c348ac396819e71d4dc340a2aae694be04cea742e47
+EBUILD apache-2.4.29.ebuild 7776 SHA256 8ab5eba66f653d827d1b1f1bd087638aba82f8193d49b491f9ff9c1d80c98c19 SHA512 48a4dcf833fb4896dee8ae571939e9f2066655e8e23cd8512ebabe202d8d9bb95ffd007881fc69930deb03c95988119645d1b169d8939fbdfed15cfea3ea150d WHIRLPOOL 3c1ace2f261f10efbcaf5ed8a61b19884cbd2c1b0a28eea5b67d9fa96f1b8c9f761e1bcc3b09dc7d595b8c348ac396819e71d4dc340a2aae694be04cea742e47
 MISC ChangeLog 13802 SHA256 23fdf1fc5c8aedb3511251cc41d097c99895ab24e50f48377fe91a39c17b9ddc SHA512 1b92ff6422e0db92f25546ffc37b1d2200060959cb7f1af91159e08b181d66df45baae15df31586a3333877e78cc49e2fa3621a950f52193e43e861fc03babf0 WHIRLPOOL 42e008d07b470d3620d2bfd02049f97463f4dfffe9756bbcde277eb4c1b6ce21f6b2a0f8853226166510012316e22ca3a4b730180c18aa692a929041dc127830
 MISC ChangeLog-2008 105137 SHA256 4afec18ad3c76df40314edb37b5512f81ca6223c38a899534d9d15342481accf SHA512 92dfd339b1c4ddec29222076a597220dc7faa504e2ee770339892f155febbf34004e60395f9eb21b43d3b1feb5f362c2946b69cc65151b5ba00fb53b35ccb9c6 WHIRLPOOL 89d77300aafb53ae0632904118064de19313fe51f635512314471e845574e7a624a770ae4ca4e335cff67d4fee92e062d28ef985a54c577a1b8b3ea0f621c0f8
 MISC ChangeLog-2015 30572 SHA256 2608174e0cdfe351d5c8d25d21cbe9c6b7b98c6de9ee6d04da23c3de9fb95d6b SHA512 b76aaa5b8bc20f2fb45346e5d6f1f094e9f6b6f740054755bdc0399f581c78fd0c087f183ca756a63a08e8d96eedb292ffc4d2f6ddc00c8374435866e15fac9b WHIRLPOOL 8dd5292ae8fa15422c6d663420e7655cb13247380831d2f147dfdd0deaa51d6899e1c7f3b8ae9ae111074c8464e0bd94a38d491981ce84fc6268ab83c0af9396
diff --git a/www-servers/apache/apache-2.2.31-r1.ebuild b/www-servers/apache/apache-2.2.31-r1.ebuild
deleted file mode 100644
index 7aa6f4ad3c01..000000000000
--- a/www-servers/apache/apache-2.2.31-r1.ebuild
+++ /dev/null
@@ -1,118 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-
-# latest gentoo apache files
-GENTOO_PATCHSTAMP="20140922"
-GENTOO_DEVELOPER="polynomial-c"
-GENTOO_PATCHNAME="gentoo-apache-2.2.29"
-
-# IUSE/USE_EXPAND magic
-IUSE_MPMS_FORK="itk peruser prefork"
-IUSE_MPMS_THREAD="event worker"
-
-IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon
-authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
-authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio
-env expires ext_filter file_cache filter headers ident imagemap include info
-log_config log_forensic logio mem_cache mime mime_magic negotiation proxy
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite
-reqtimeout setenvif speling status substitute unique_id userdir usertrack
-version vhost_alias"
-# The following are also in the source as of this version, but are not available
-# for user selection:
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
-# optional_fn_import optional_hook_export optional_hook_import
-
-# inter-module dependencies
-# TODO: this may still be incomplete
-MODULE_DEPENDS="
-	dav_fs:dav
-	dav_lock:dav
-	deflate:filter
-	disk_cache:cache
-	ext_filter:filter
-	file_cache:cache
-	log_forensic:log_config
-	logio:log_config
-	mem_cache:cache
-	mime_magic:mime
-	proxy_ajp:proxy
-	proxy_balancer:proxy
-	proxy_connect:proxy
-	proxy_ftp:proxy
-	proxy_http:proxy
-	proxy_scgi:proxy
-	substitute:filter
-"
-
-# module<->define mappings
-MODULE_DEFINES="
-	auth_digest:AUTH_DIGEST
-	authnz_ldap:AUTHNZ_LDAP
-	cache:CACHE
-	dav:DAV
-	dav_fs:DAV
-	dav_lock:DAV
-	disk_cache:CACHE
-	file_cache:CACHE
-	info:INFO
-	ldap:LDAP
-	mem_cache:CACHE
-	proxy:PROXY
-	proxy_ajp:PROXY
-	proxy_balancer:PROXY
-	proxy_connect:PROXY
-	proxy_ftp:PROXY
-	proxy_http:PROXY
-	ssl:SSL
-	status:STATUS
-	suexec:SUEXEC
-	userdir:USERDIR
-"
-
-# critical modules for the default config
-MODULE_CRITICAL="
-	authz_host
-	dir
-	mime
-"
-
-inherit apache-2 systemd toolchain-funcs
-
-DESCRIPTION="The Apache Web Server"
-HOMEPAGE="https://httpd.apache.org/"
-
-# some helper scripts are Apache-1.1, thus both are here
-LICENSE="Apache-2.0 Apache-1.1"
-SLOT="2"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
-IUSE=""
-
-PATCHES=(
-	"${FILESDIR}/${PN}-asf-httpoxy.patch"
-)
-
-src_configure() {
-	# Brain dead check.
-	tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no"
-
-	apache-2_src_configure
-}
-
-src_install() {
-	apache-2_src_install
-
-	# install apxs in /usr/bin (bug #502384) and put a symlink into the
-	# old location until all ebuilds and eclasses have been modified to
-	# use the new location.
-	local apxs_dir="/usr/bin"
-	dodir ${apxs_dir}
-	mv "${D}"/usr/sbin/apxs "${D}"${apxs_dir} || die
-	ln -s ../bin/apxs "${D}"/usr/sbin/apxs || die
-
-	systemd_newunit "${FILESDIR}/apache2.2.service" "apache2.service"
-	systemd_dotmpfilesd "${FILESDIR}/apache.conf"
-}
diff --git a/www-servers/apache/apache-2.2.34.ebuild b/www-servers/apache/apache-2.2.34.ebuild
index c19fb787a6de..f04b7862026c 100644
--- a/www-servers/apache/apache-2.2.34.ebuild
+++ b/www-servers/apache/apache-2.2.34.ebuild
@@ -88,7 +88,7 @@ HOMEPAGE="https://httpd.apache.org/"
 # some helper scripts are Apache-1.1, thus both are here
 LICENSE="Apache-2.0 Apache-1.1"
 SLOT="2"
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
 IUSE=""
 
 src_configure() {
diff --git a/www-servers/apache/apache-2.4.29.ebuild b/www-servers/apache/apache-2.4.29.ebuild
new file mode 100644
index 000000000000..b4dc41e3f33b
--- /dev/null
+++ b/www-servers/apache/apache-2.4.29.ebuild
@@ -0,0 +1,238 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+# latest gentoo apache files
+GENTOO_PATCHSTAMP="20160303"
+GENTOO_DEVELOPER="polynomial-c"
+GENTOO_PATCHNAME="gentoo-apache-2.4.18-r1"
+
+# IUSE/USE_EXPAND magic
+IUSE_MPMS_FORK="prefork"
+IUSE_MPMS_THREAD="event worker"
+
+# << obsolete modules:
+# authn_default authz_default mem_cache
+# mem_cache is replaced by cache_disk
+# ?? buggy modules
+# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found
+# >> added modules for reason:
+# compat: compatibility with 2.2 access control
+# authz_host: new module for access control
+# authn_core: functionality provided by authn_alias in previous versions
+# authz_core: new module, provides core authorization capabilities
+# cache_disk: replacement for mem_cache
+# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3
+# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3
+# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3
+# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3
+# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests).
+# socache_shmcb: shared object cache provider. Default config with ssl needs it
+# unixd: fixes startup error: Invalid command 'User'
+IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest
+authn_alias authn_anon authn_core authn_dbd authn_dbm authn_file authz_core
+authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex
+cache cache_disk cache_socache cern_meta charset_lite cgi cgid dav dav_fs dav_lock
+dbd deflate dir dumpio env expires ext_filter file_cache filter headers http2
+ident imagemap include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness
+lbmethod_heartbeat log_config log_forensic logio macro mime mime_magic negotiation
+proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_html proxy_http proxy_scgi
+proxy_fcgi  proxy_wstunnel rewrite ratelimit remoteip reqtimeout setenvif
+slotmem_shm speling socache_shmcb status substitute unique_id userdir usertrack
+unixd version vhost_alias watchdog xml2enc"
+# The following are also in the source as of this version, but are not available
+# for user selection:
+# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
+# optional_fn_import optional_hook_export optional_hook_import
+
+# inter-module dependencies
+# TODO: this may still be incomplete
+MODULE_DEPENDS="
+	dav_fs:dav
+	dav_lock:dav
+	deflate:filter
+	cache_disk:cache
+	ext_filter:filter
+	file_cache:cache
+	lbmethod_byrequests:proxy_balancer
+	lbmethod_byrequests:slotmem_shm
+	lbmethod_bytraffic:proxy_balancer
+	lbmethod_bybusyness:proxy_balancer
+	lbmethod_heartbeat:proxy_balancer
+	log_forensic:log_config
+	logio:log_config
+	cache_disk:cache
+	cache_socache:cache
+	mime_magic:mime
+	proxy_ajp:proxy
+	proxy_balancer:proxy
+	proxy_balancer:slotmem_shm
+	proxy_connect:proxy
+	proxy_ftp:proxy
+	proxy_html:proxy
+	proxy_html:xml2enc
+	proxy_http:proxy
+	proxy_scgi:proxy
+	proxy_fcgi:proxy
+	proxy_wstunnel:proxy
+	substitute:filter
+"
+
+# module<->define mappings
+MODULE_DEFINES="
+	auth_digest:AUTH_DIGEST
+	authnz_ldap:AUTHNZ_LDAP
+	cache:CACHE
+	cache_disk:CACHE
+	cache_socache:CACHE
+	dav:DAV
+	dav_fs:DAV
+	dav_lock:DAV
+	file_cache:CACHE
+	http2:HTTP2
+	info:INFO
+	ldap:LDAP
+	proxy:PROXY
+	proxy_ajp:PROXY
+	proxy_balancer:PROXY
+	proxy_connect:PROXY
+	proxy_ftp:PROXY
+	proxy_html:PROXY
+	proxy_http:PROXY
+	proxy_fcgi:PROXY
+	proxy_scgi:PROXY
+	proxy_wstunnel:PROXY
+	socache_shmcb:SSL
+	ssl:SSL
+	status:STATUS
+	suexec:SUEXEC
+	userdir:USERDIR
+"
+
+# critical modules for the default config
+MODULE_CRITICAL="
+	authn_core
+	authz_core
+	authz_host
+	dir
+	mime
+	unixd
+"
+inherit eutils apache-2 systemd toolchain-funcs
+
+DESCRIPTION="The Apache Web Server"
+HOMEPAGE="https://httpd.apache.org/"
+
+# some helper scripts are Apache-1.1, thus both are here
+LICENSE="Apache-2.0 Apache-1.1"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x64-macos ~x86-macos ~m68k-mint ~sparc64-solaris ~x64-solaris"
+
+DEPEND+="apache2_modules_http2? ( >=net-libs/nghttp2-1.2.1 )"
+
+REQUIRED_USE="apache2_modules_http2? ( ssl )"
+
+pkg_setup() {
+	# dependend critical modules which are not allowed in global scope due
+	# to USE flag conditionals (bug #499260)
+	use ssl && MODULE_CRITICAL+=" socache_shmcb"
+	use doc && MODULE_CRITICAL+=" alias negotiation setenvif"
+	apache-2_pkg_setup
+}
+
+src_configure() {
+	# Brain dead check.
+	tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no"
+
+	apache-2_src_configure
+}
+
+src_compile() {
+	if tc-is-cross-compiler; then
+		# This header is the same across targets, so use the build compiler.
+		pushd server >/dev/null
+		emake gen_test_char
+		tc-export_build_env BUILD_CC
+		${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \
+			gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die
+		popd >/dev/null
+	fi
+
+	default
+}
+
+src_install() {
+	apache-2_src_install
+	for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do
+		rm "${ED}"/$i || die "Failed to prune apache-tools bits"
+	done
+	for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do
+		rm "${ED}"/$i || die "Failed to prune apache-tools bits"
+	done
+	for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do
+		rm "${ED}"/$i || die "Failed to prune apache-tools bits"
+	done
+	for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do
+		rm "${ED}/"$i || die "Failed to prune apache-tools bits"
+	done
+
+	# install apxs in /usr/bin (bug #502384) and put a symlink into the
+	# old location until all ebuilds and eclasses have been modified to
+	# use the new location.
+	local apxs="/usr/bin/apxs"
+	cp "${S}"/support/apxs "${ED%/}/${apxs}" || die "Failed to install apxs"
+	ln -s ../bin/apxs "${ED%/}/usr/sbin/apxs" || die
+	chmod 0755 "${ED%/}${apxs}" || die
+
+	# Note: wait for mod_systemd to be included in some forthcoming release,
+	# Then apache2.4.service can be used and systemd support controlled
+	# through --enable-systemd
+	systemd_newunit "${FILESDIR}/apache2.2-hardened.service" "apache2.service"
+	systemd_dotmpfilesd "${FILESDIR}/apache.conf"
+	#insinto /etc/apache2/modules.d
+	#doins "${FILESDIR}/00_systemd.conf"
+
+	# Install http2 module config
+	insinto /etc/apache2/modules.d
+	doins "${FILESDIR}"/41_mod_http2.conf
+}
+
+pkg_postinst() {
+	apache-2_pkg_postinst || die "apache-2_pkg_postinst failed"
+	# warnings that default config might not work out of the box
+	for mod in $MODULE_CRITICAL; do
+		if ! use "apache2_modules_${mod}"; then
+			echo
+			ewarn "Warning: Critical module not installed!"
+			ewarn "Modules 'authn_core', 'authz_core' and 'unixd'"
+			ewarn "are highly recomended but might not be in the base profile yet."
+			ewarn "Default config for ssl needs module 'socache_shmcb'."
+			ewarn "Enabling the following flags is highly recommended:"
+			for cmod in $MODULE_CRITICAL; do
+				use "apache2_modules_${cmod}" || \
+					ewarn "+ apache2_modules_${cmod}"
+			done
+			echo
+			break
+		fi
+	done
+	# warning for proxy_balancer and missing load balancing scheduler
+	if use apache2_modules_proxy_balancer; then
+		local lbset=
+		for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do
+			if use "apache2_modules_${mod}"; then
+				lbset=1 && break
+			fi
+		done
+		if [ ! ${lbset} ] ; then
+			echo
+			ewarn "Info: Missing load balancing scheduler algorithm module"
+			ewarn "(They were split off from proxy_balancer in 2.3)"
+			ewarn "In order to get the ability of load balancing, at least"
+			ewarn "one of these modules has to be present:"
+			ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat"
+			echo
+		fi
+	fi
+}
diff --git a/www-servers/h2o/Manifest b/www-servers/h2o/Manifest
index e73453ca24ee..dac948f7af7b 100644
--- a/www-servers/h2o/Manifest
+++ b/www-servers/h2o/Manifest
@@ -2,7 +2,7 @@ AUX h2o.conf 673 SHA256 e22bffda48ad6519d071d5de7afa6ea7acd6fba21c879d5c0b2e2f0b
 AUX h2o.initd 1137 SHA256 4a2ab08c15b8c5d10cf538862f0cd48419e2968061f0e6ce56c1540ce064954b SHA512 2509b1b6996be25bba158b626c8eb260aae2400d76dc0edcee38869eb1124ae9ed125fb1887bf85f3c96db189b68c77706c7a9aeb9f4be2d2dfd998606d3a763 WHIRLPOOL 7ec5716442283b56f294016c211bd23a8d3d3c09cb667f72915f33e01bc59d5cdadba920938a8e5943d82afcdf68d696e6cc46df15ed228e1e1464a2484e1135
 AUX h2o.logrotate 176 SHA256 31749cf8fbc34c73c8fd439579cbd07bf9d0c3c2d0db8f7fb32f340727131e13 SHA512 e7e15bb7813b45342a9d435d07eea0627b802a4c03c6f4204b533a7bfac9566152f875965e4ea761572324a278e7b85c507729210d92ca4bede3ef9b9d2ac305 WHIRLPOOL 2ab1cbffcebddb2a7e8ca9cefd124670b1b11be0e9bf4202727201aef9d25ffbc893ce5e9903c92aca4b5787a6d46c344e5445721d6f1bbcfac7a5441001b9cb
 AUX h2o.service 290 SHA256 9eae3d4b08f22e2b140e736d36b347bcb5d817c60faff72804c80f5ccc660954 SHA512 e1acd226a5e333538be782f5d47c8debf418966c86eaa5d7464431ecc399821e336c9539e90370b9f8041c023f876815050e5ad5a7d29288b6f87bd3adbe0e95 WHIRLPOOL 1bd06fdcefb4bd35c02b0294af395efa172390114dbda375fcb136fec63d9bccf621850d4348caf77b24835b8b47e8c4bfb06ea38c2604667ed0df215cef0903
-DIST h2o-2.2.2.tar.gz 16192602 SHA256 cf45780058566bd63d90ad0b52b1d15f8515519090753398b9bcf770162a0433 SHA512 b5cc08f2be7056bbac4370f9b6ccb1ba0ad4ea61ce67e946a4f26b8f9c0a575f603c899b1a88f17d1065e0e72e1d1094199200ed24b4f3644a3c7df34aa04b51 WHIRLPOOL d9aff2d3e7caa0334efbac86a807fe8ecd5f146ae56315a5194b8de653ae4f91d33cad754714cd38fadd1c59d87cafe30c1f5f6cb2102362a7647ebd3f18dc84
-EBUILD h2o-2.2.2.ebuild 1353 SHA256 f3552a7bc90334d0d4dbb02cdfa39f97e683dca9ac077a6ea08ff3a83729bc30 SHA512 6595f5bd5f3ce4dec83ad9b6cc3a58d721f76ef6ec806340ceea6da0ed33d923ac813f91c380d41c751b7fe8abae575f0c0b270640cbd52c52db1d3c2446521c WHIRLPOOL 80fdbb82b1ceab4c32952bdc958d9fd6ff68ce0d0a20a7541940d2d4ca033234d27a1dd17cb555bcbdf0e9b021624ae95c9eabfec861a8ed869cdb335bb81130
-EBUILD h2o-9999.ebuild 1322 SHA256 011d3398ae8068e30406c5cb75289fe195f7fbce92a51488bf0be5da9f84b1b7 SHA512 16e9b6619038055c9e32b4acbced26a8d4c24f17d56638947ed8ef636e9e75ef36efb87ac9e1fb8574af46d35f9f8f4e60022e694f283545b49f2d6d0a6a2f3b WHIRLPOOL 77e30e65a2dc56a08a31047ee978fa1cd1f2e1eee7c678f370f195946a5298a76e83e4aad814321954aebfa463534e9deb43c89d9c391b8533496248372bf47e
+DIST h2o-2.2.3.tar.gz 16207150 SHA256 d40401ca714d00ca5204e8d22148dbaa9cae3407e3b4b6b62bd208543901ea51 SHA512 f138667e8e4370102028da469e09e8b2ee2e5dc92f4513b35467aa2a2fb7b02bbda2b2d158bbf3198b26faeea48d5ec07a7ebab1d0cb3032c532d4e6323630f1 WHIRLPOOL 0a5b498c7568b07af9e475eec00fd8db0122608843c5918616857ec96479a180a89d7a4274c98107129efa784b0d3714dd687a9f1463606be65e12987dc89303
+EBUILD h2o-2.2.3.ebuild 1339 SHA256 e05eaf68d9645ad17d6e0a669a8274e20e267a9ad864bfd00f5aebeaa3daad45 SHA512 25e445607b751a3f0cbc911e659e9f8610af67f924e36d0193e11d44679933bba3b053b3d5f58cd5c8affde6de6de8c47626f44b06d285737d29e22e59eb44fd WHIRLPOOL f8a94b7ca48eafe7a516f65e297a8d895fb9341acaedfcee7fc7242fbff6a20ea6fb415e5221f6875e27f82352eef12c2f91c4a5a663ad91647ae054313dfba3
+EBUILD h2o-9999.ebuild 1131 SHA256 e29ee7d39c70751231506485da4b75e6e354c61c300f8818fb757bac09448464 SHA512 c11d644f2dc377bc2f6f29de73b10c5125273a0a64c2ee544430dc604cb37defde7371b739fb64581f2ac382d323317573d65d763821258b54d4fdc19a2b19ac WHIRLPOOL 46914f866ac53fa1cfa2fd98135f40286889b019ecb0d47a6a485071b19b28caa7f48b6d9e5eaa794a69415719472fe23ba280b816dbcdb7202c4acc168d3a76
 MISC metadata.xml 728 SHA256 1531440761f65dcd9833c08638bb78488c9a151e6adacc2209e5baf4e5907838 SHA512 ae4a00e6c50ef7930e264cb3a747e14e656908fab0e3da4673c6719dda3744b34451361cd118feaaa6eebf3980c56ec297df9306e9ffa56c56df6c150e27707b WHIRLPOOL fdbe147f6fe521123e68c847a829074bc7b5c9838d055f317b16e774769c78e8a0103c179086edec35abdb05f27694c91fd6c9fedad2e29467a089f0e2ba7c10
diff --git a/www-servers/h2o/h2o-2.2.2.ebuild b/www-servers/h2o/h2o-2.2.3.ebuild
index fef33e05d6fc..1ad169707581 100644
--- a/www-servers/h2o/h2o-2.2.2.ebuild
+++ b/www-servers/h2o/h2o-2.2.3.ebuild
@@ -3,7 +3,9 @@
 
 EAPI=6
 
-inherit cmake-utils systemd user
+USE_RUBY="ruby22 ruby23 ruby24"
+
+inherit cmake-utils ruby-single systemd user
 
 DESCRIPTION="An optimized HTTP server with support for HTTP/1.x and HTTP/2"
 HOMEPAGE="https://h2o.examp1e.net"
@@ -20,11 +22,7 @@ RDEPEND="
 DEPEND="${RDEPEND}
 	mruby? (
 		sys-devel/bison
-		|| (
-			dev-lang/ruby:2.4
-			dev-lang/ruby:2.3
-			dev-lang/ruby:2.2
-		)
+		${RUBY_DEPS}
 	)"
 
 pkg_setup() {
diff --git a/www-servers/h2o/h2o-9999.ebuild b/www-servers/h2o/h2o-9999.ebuild
index 761de2c20b03..0db4fc4f8f77 100644
--- a/www-servers/h2o/h2o-9999.ebuild
+++ b/www-servers/h2o/h2o-9999.ebuild
@@ -3,7 +3,9 @@
 
 EAPI=6
 
-inherit cmake-utils git-r3 systemd user
+USE_RUBY="ruby22 ruby23 ruby24"
+
+inherit cmake-utils git-r3 ruby-single systemd user
 
 DESCRIPTION="An optimized HTTP server with support for HTTP/1.x and HTTP/2"
 HOMEPAGE="https://h2o.examp1e.net"
@@ -20,11 +22,7 @@ RDEPEND="
 DEPEND="${RDEPEND}
 	mruby? (
 		sys-devel/bison
-		|| (
-			dev-lang/ruby:2.4
-			dev-lang/ruby:2.3
-			dev-lang/ruby:2.2
-		)
+		${RUBY_DEPS}
 	)"
 
 pkg_setup() {
@@ -32,14 +30,6 @@ pkg_setup() {
 	enewuser h2o -1 -1 -1 h2o
 }
 
-src_prepare() {
-	# Leave optimization level to user CFLAGS
-	sed -i 's/-O2 -g ${CC_WARNING_FLAGS} //g' ./CMakeLists.txt \
-		|| die "sed fix failed!"
-
-	cmake-utils_src_prepare
-}
-
 src_configure() {
 	local mycmakeargs=(
 		-DCMAKE_INSTALL_SYSCONFDIR="${EPREFIX}"/etc/h2o
diff --git a/www-servers/lighttpd/Manifest b/www-servers/lighttpd/Manifest
index 992bee7609de..3f5459d3bb43 100644
--- a/www-servers/lighttpd/Manifest
+++ b/www-servers/lighttpd/Manifest
@@ -12,10 +12,12 @@ DIST lighttpd-1.4.42.tar.xz 652140 SHA256 b2c9069ed0bade9362c27b469a9b884641786a
 DIST lighttpd-1.4.43.tar.xz 656248 SHA256 fe0c4a06dd2408a83ee7a2bfedc45e09597f3313cbda82485507573ae8fa948a SHA512 131e1d96276a6b5ca597bae9ff78df20bfc9907e9c832b6fdea8b86d493764a5dce24cfc3bb2e931755af18a26b0e8c6fd21714fca7d6c6a402c85f7fe4a588a WHIRLPOOL 90110b2b06c3579c435cd5a0539371bba8f0b70f7c1ee344ed98b9a55d6dd07c38d11430589b11257385815183bf208aed3c115554c6822056a7cedf5047341c
 DIST lighttpd-1.4.44.tar.xz 660304 SHA256 adb66ca985651957feb209c91c55ebbf917d23630bfc3a216a2f70043c7b5422 SHA512 b7481482bc130c80f076002b2853e1b0ecb2af5d6c6f5428854ae7a60bda591cf96f23e9f3a24cfb36ada3ba97ebff449e102895f7eb4b0aa50ec275eb44725b WHIRLPOOL 69431f5626ca64a8bd4f4e3ada01a22cfa4516e54a11d3050943696aafcb01d0c62db71259054ca24378b1b21b4c33f0a1521e676bff6b37c7bdf661edad6a99
 DIST lighttpd-1.4.45.tar.xz 660432 SHA256 1c97225deea33eefba6d4158c2cef27913d47553263516bbe9d2e2760fc43a3f SHA512 d030674a8c55aab12d32ac75f8df2628ba2332a5263c8bd2dd4f39342530080edc6ba2a6fee749c1301d601ab766a265d3c630b04d38bb26bba3cf045935573d WHIRLPOOL 8bf52ab4a33a1ede77185d6bb1a420cc61333bff67cc641625efb5e5c101eeb55ce1a177a5bd273408c857675c7ed91aeccffe5bc2109be145430e32979052c8
+DIST lighttpd-1.4.47.tar.xz 703012 SHA256 e47e64a9cc2b824c45792a6b1a5542945956e77ede3454845f42548495946c1c SHA512 9fac3acc428d9faf69fca2768578dca619f778889e8a3779c429038eec7aff6b3dd497d5437152a070df850861fe2132042fa4418e31c1aab89df23a1c544f99 WHIRLPOOL 2ca894a091130b5c23e4a32a6178371aff050d2de90d18cef6535caa65e87095c91789a83ce5791f168f1951f0dcc10c2e17a506b374d9daad0fc1de1f94c943
 EBUILD lighttpd-1.4.42.ebuild 6071 SHA256 370b883602d941ad465f471277dfea74277050e653bc189491854c7a4d0ee22f SHA512 10e645c61a008469af635b4449e1f26cc3425671f12b65dcc4d4f64501225185d9fd74d59a167980ca6a513effd9c3634ecbdc0b609b9a81b93b7e155d4f9257 WHIRLPOOL d7bd593a5ba38965ef8ad1facbfdd6628569bc542784cfcc00802be9d97ab69478ee4e65e86fd5921104599c6dc7e7a5b44fafc4b9910c543eeb528ca187aaaa
 EBUILD lighttpd-1.4.43.ebuild 6080 SHA256 dbc189710a2a360de1a3d981cd468bad30135fd049031c63d13a00904edc6888 SHA512 b17ab4887776c304a1584d4ed79776ec14d7f9fac0bdafc9ddf32b4f427bc71ef2a9d12c5f36849c3c2de7eae4f59d46402a63f4826569ec224e0d64919ed1ec WHIRLPOOL 92ca023ff5e43aa4fbe65df006780f523cd4c958a23fed5b2d56ce3761cd93da5bdad5faa8684a2970312ddf4d564537c7a3e690b0b859ddf432242289b53d9a
 EBUILD lighttpd-1.4.44.ebuild 6080 SHA256 0920bd50fb0f7a1decb7d3fa2915e47f9ff885b982a315c72506e28228095981 SHA512 e6d29f7d6617733f9c7260ffd4549b63b3630314fbdf9c2ee2a264febabbe498c289c8693f0118c3fb4f5e2054a00d0d6209fb853e114e6ddc883c70dd4c8f02 WHIRLPOOL ac6a58369e29cb33cb80deca7f4093036fceb3b261ccc03979d8621c72dfbd57a4be74acfafaeeca9f158f4717bab488d7a9753d8e79f399ac5a107ea7f0b7a2
 EBUILD lighttpd-1.4.45.ebuild 6079 SHA256 bbcd11ac3b5f7e49e1124be04c8401125c788e02597c7eba56a43a6246aeaaea SHA512 3f22286876882bbb2eaef844e00466b8d290ce1afd7c000bf4e7387d0e96f25c274fdc53f6ac1cde4433c66dc0a9e352a7e48ea8a016de48e1d2dd2f79156208 WHIRLPOOL 41e8427540379feee038a9ceb1d0e6724f2b28759feebe85aba81cf00b9e84cc08296e04e7edda92a6566dcaa94baa2b61855cb32af7c01ef7fdd69373f2293a
+EBUILD lighttpd-1.4.47.ebuild 6087 SHA256 db7c9e3d6fb1964c284c3cbd8fa3b5c9482c61c4c70719d016f4a6b58c1ef121 SHA512 6e333e8a5ed9d580b88a9005ba65290ce0817230f9e8006ec2d5c08b9a400b1f3b0ab845537e6b14cf3bc1b1e73bc29326018c88a79813b2047de281473af389 WHIRLPOOL 080089b3d44ace54f59c13ed2055e9a4c798e4cf359de5bcbd828e944800e82c74f8c82025851834796030d087fc5f5973e550764c00c6bd06452f52857281f6
 EBUILD lighttpd-9999.ebuild 6097 SHA256 6cd03e52014e85149a459a421abe57877fb7990baf7de117a49fdba12a565100 SHA512 f1898fb6b9b9331d206119bd3ca0cec00d8cce4836dda65829d7d82c79ba4a38b8a55cd5e08dedd1780a29f78e0deb7ecbb546826a182202fa1c009a3a794bc9 WHIRLPOOL 8141eb819762dd7a9b5ed683d5241d76c3c5095a99d1724c1d2e1b33e53f3ba1764590e3d7837276cbc0fd596eee41f2943a40022acdbf443eb943532af9b709
 MISC ChangeLog 6969 SHA256 98caae3758751b6ac130263038f7713d728701422c2f5b50347049f66dc53f7d SHA512 dfebc0e6ffa9d2ca30c21167b3a1f7458f6c7ffc189e41bfe714e09bdfc648d6830955f3b5bf19fafd4030a7924048d6d356e261b8a8351b09c59d43af4286db WHIRLPOOL 3f5d71548c717b1b419fba2b4138ed87ae76818eb97cf7a4b1f2f71d4254c8d85869fde46d6b305fe7e98ff671776e6e40583cb653634936334989fc6b1197e0
 MISC ChangeLog-2015 68066 SHA256 e7fefb5620b11f07ecfb5d88b3419a982bf4032fab68f6dab74898c6c33167aa SHA512 4f13902c1d561e94d30511b7aa305bebf2bca96b8f841667d77a69bdcfb08511c7a837a08c694ee8287e747456182c9c201dce63c46be14a3eecde1598fe7c96 WHIRLPOOL 62440fda0dce63a1ba2fcfa512099110cbde210b2f5f5a3f3b23faf28c2d339f59becba15e4ef5797688b992273ff58e08173eab65bc7d53bf70b65bbe718c1c
diff --git a/www-servers/lighttpd/lighttpd-1.4.47.ebuild b/www-servers/lighttpd/lighttpd-1.4.47.ebuild
new file mode 100644
index 000000000000..69a3db322f69
--- /dev/null
+++ b/www-servers/lighttpd/lighttpd-1.4.47.ebuild
@@ -0,0 +1,216 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+inherit autotools eutils readme.gentoo-r1 user systemd
+
+DESCRIPTION="Lightweight high-performance web server"
+HOMEPAGE="http://www.lighttpd.net/"
+SRC_URI="http://download.lighttpd.net/lighttpd/releases-1.4.x/${P}.tar.xz"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE="bzip2 doc fam gdbm ipv6 kerberos ldap libev libressl lua minimal mmap memcached mysql pcre php rrdtool selinux ssl test webdav xattr zlib"
+
+REQUIRED_USE="kerberos? ( ssl !libressl )"
+
+CDEPEND="
+	bzip2?    ( app-arch/bzip2 )
+	fam?      ( virtual/fam )
+	gdbm?     ( sys-libs/gdbm )
+	ldap?     ( >=net-nds/openldap-2.1.26 )
+	libev?    ( >=dev-libs/libev-4.01 )
+	lua?      ( >=dev-lang/lua-5.1:= )
+	memcached? ( dev-libs/libmemcache )
+	mysql?    ( >=virtual/mysql-4.0 )
+	pcre?     ( >=dev-libs/libpcre-3.1 )
+	php?      ( dev-lang/php:*[cgi] )
+	rrdtool?  ( net-analyzer/rrdtool )
+	ssl? (
+		!libressl? ( >=dev-libs/openssl-0.9.7:0=[kerberos?] )
+		libressl? ( dev-libs/libressl:= )
+	)
+	webdav? (
+		dev-libs/libxml2
+		>=dev-db/sqlite-3
+		sys-fs/e2fsprogs
+	)
+	xattr? ( kernel_linux? ( sys-apps/attr ) )
+	zlib? ( >=sys-libs/zlib-1.1 )"
+
+DEPEND="${CDEPEND}
+	virtual/pkgconfig
+	doc?  ( dev-python/docutils )
+	test? (
+		virtual/perl-Test-Harness
+		dev-libs/fcgi
+	)"
+
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-apache )
+"
+
+# update certain parts of lighttpd.conf based on conditionals
+update_config() {
+	local config="${D}/etc/lighttpd/lighttpd.conf"
+
+	# enable php/mod_fastcgi settings
+	use php && { sed -i -e 's|#.*\(include.*fastcgi.*$\)|\1|' ${config} || die; }
+
+	# enable stat() caching
+	use fam && { sed -i -e 's|#\(.*stat-cache.*$\)|\1|' ${config} || die; }
+
+	# automatically listen on IPv6 if built with USE=ipv6. Bug #234987
+	use ipv6 && { sed -i -e 's|# server.use-ipv6|server.use-ipv6|' ${config} || die; }
+}
+
+# remove non-essential stuff (for USE=minimal)
+remove_non_essential() {
+	local libdir="${D}/usr/$(get_libdir)/${PN}"
+
+	# text docs
+	use doc || rm -fr "${D}"/usr/share/doc/${PF}/txt
+
+	# non-essential modules
+	rm -f \
+		${libdir}/mod_{compress,evhost,expire,proxy,scgi,secdownload,simple_vhost,status,setenv,trigger*,usertrack}.*
+
+	# allow users to keep some based on USE flags
+	use pcre    || rm -f ${libdir}/mod_{ssi,re{direct,write}}.*
+	use webdav  || rm -f ${libdir}/mod_webdav.*
+	use mysql   || rm -f ${libdir}/mod_mysql_vhost.*
+	use lua     || rm -f ${libdir}/mod_{cml,magnet}.*
+	use rrdtool || rm -f ${libdir}/mod_rrdtool.*
+	use zlib    || rm -f ${libdir}/mod_compress.*
+}
+
+pkg_setup() {
+	if ! use pcre ; then
+		ewarn "It is highly recommended that you build ${PN}"
+		ewarn "with perl regular expressions support via USE=pcre."
+		ewarn "Otherwise you lose support for some core options such"
+		ewarn "as conditionals and modules such as mod_re{write,direct}"
+		ewarn "and mod_ssi."
+	fi
+	if use mmap; then
+		ewarn "You have enabled the mmap option. This option may allow"
+		ewarn "local users to trigger SIGBUG crashes. Use this option"
+		ewarn "with EXTRA care."
+	fi
+	enewgroup lighttpd
+	enewuser lighttpd -1 -1 /var/www/localhost/htdocs lighttpd
+
+	DOC_CONTENTS="IPv6 migration guide:\n
+		http://redmine.lighttpd.net/projects/lighttpd/wiki/IPv6-Config"
+}
+
+src_prepare() {
+	default
+	#dev-python/docutils installs rst2html.py not rst2html
+	sed -i -e 's|\(rst2html\)|\1.py|g' doc/outdated/Makefile.am || \
+		die "sed doc/Makefile.am failed"
+	eautoreconf
+}
+
+src_configure() {
+	econf --libdir=/usr/$(get_libdir)/${PN} \
+		--enable-lfs \
+		$(use_enable ipv6) \
+		$(use_enable mmap) \
+		$(use_with bzip2) \
+		$(use_with fam) \
+		$(use_with gdbm) \
+		$(use_with kerberos krb5) \
+		$(use_with ldap) \
+		$(use_with libev) \
+		$(use_with lua) \
+		$(use_with memcached) \
+		$(use_with mysql) \
+		$(use_with pcre) \
+		$(use_with ssl openssl) \
+		$(use_with webdav webdav-props) \
+		$(use_with webdav webdav-locks) \
+		$(use_with xattr attr) \
+		$(use_with zlib)
+}
+
+src_compile() {
+	emake
+
+	if use doc ; then
+		einfo "Building HTML documentation"
+		cd doc || die
+		emake html
+	fi
+}
+
+src_test() {
+	if [[ ${EUID} -eq 0 ]]; then
+		default_src_test
+	else
+		ewarn "test skipped, please re-run as root if you wish to test ${PN}"
+	fi
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	# init script stuff
+	newinitd "${FILESDIR}"/lighttpd.initd lighttpd
+	newconfd "${FILESDIR}"/lighttpd.confd lighttpd
+	use fam && has_version app-admin/fam && \
+		{ sed -i 's/after famd/need famd/g' "${D}"/etc/init.d/lighttpd || die; }
+
+	# configs
+	insinto /etc/lighttpd
+	doins "${FILESDIR}"/conf/lighttpd.conf
+	doins "${FILESDIR}"/conf/mime-types.conf
+	doins "${FILESDIR}"/conf/mod_cgi.conf
+	doins "${FILESDIR}"/conf/mod_fastcgi.conf
+
+	# update lighttpd.conf directives based on conditionals
+	update_config
+
+	# docs
+	dodoc AUTHORS README NEWS doc/scripts/*.sh
+	newdoc doc/config//lighttpd.conf lighttpd.conf.distrib
+	use ipv6 && readme.gentoo_create_doc
+
+	use doc && dohtml -r doc/*
+
+	docinto txt
+	dodoc doc/outdated/*.txt
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/lighttpd.logrotate-r1 lighttpd
+
+	keepdir /var/l{ib,og}/lighttpd /var/www/localhost/htdocs
+	fowners lighttpd:lighttpd /var/l{ib,og}/lighttpd
+	fperms 0750 /var/l{ib,og}/lighttpd
+
+	#spawn-fcgi may optionally be installed via www-servers/spawn-fcgi
+	rm -f "${D}"/usr/bin/spawn-fcgi "${D}"/usr/share/man/man1/spawn-fcgi.*
+
+	use minimal && remove_non_essential
+
+	systemd_dounit "${FILESDIR}/${PN}.service"
+	systemd_dotmpfilesd "${FILESDIR}/${PN}.tmpfiles.conf"
+}
+
+pkg_postinst () {
+	use ipv6 && readme.gentoo_print_elog
+
+	if [[ -f ${ROOT}etc/conf.d/spawn-fcgi.conf ]] ; then
+		einfo "spawn-fcgi is now provided by www-servers/spawn-fcgi."
+		einfo "spawn-fcgi's init script configuration is now located"
+		einfo "at /etc/conf.d/spawn-fcgi."
+	fi
+
+	if [[ -f ${ROOT}etc/lighttpd.conf ]] ; then
+		elog "Gentoo has a customized configuration,"
+		elog "which is now located in /etc/lighttpd.  Please migrate your"
+		elog "existing configuration."
+	fi
+}
diff --git a/www-servers/nginx/Manifest b/www-servers/nginx/Manifest
index 43abc56a5aa7..bfdd2f82b4c6 100644
--- a/www-servers/nginx/Manifest
+++ b/www-servers/nginx/Manifest
@@ -1,3 +1,4 @@
+AUX http_cache_purge-1.11.6+.patch 615 SHA256 42b302ef9f69f81fa92d5e9670453b2983582dd5931fde6188691baaca7ae825 SHA512 a3f45d8121d89a5c41783306577e146990404ff0e3691454e99cd6270ab02dfc7fd8718b3781666373ea6784ed2c06cec0b40315486a6a138185ca1548c04b60 WHIRLPOOL a782063d15c92190637385b44368ca75ec259293b5f9f12dcba8935da9aca3f5d824a96c389766bb766a28602af3a8c5115febaeaf140ae0280f610b3b93fe3f
 AUX http_echo-nginx-1.11.11+.patch 1920 SHA256 96b83fa02d977f3eeb8af73f065a4ba359515f098722988693ac824384a09f12 SHA512 fb86dd9a17a1ed6d99609a9e024971749569bfa108e1bae86e9e9f72792e2e6767ad710330bcc81cc67deca7fdaabe8dbb63a5ae3a519481c8ffab1e8c446f34 WHIRLPOOL 1a04d6b967fb3b35db1ebfc6a145966607830132eaa1cdc1f7a9f9a0bcd2651492b26504f4c444519bf0ffdd376ce88c228813ad767de4e48e5cb11d801bb1ca
 AUX http_lua_nginx-1.11.11+-r1.patch 6790 SHA256 57867eda9eeee7fe5b55d8916047c8e5ffd156cfed4ca2d64470ae4132784261 SHA512 bbd9f97d598482212887ebfa62b6037e2c5d89087ff761925399ef3ff6a35970a88b42e4d59f54ee59fd5402b37a40640599257e61bcb9ac49ec7fa857a674f2 WHIRLPOOL 01be216559482007c1fc1095b59e290a4ccd96271786e639de9c0a99741f5d7a2ba70869878a4c673a07662d2f82bd37604506f5b429edb57bc16a3a27e82c89
 AUX http_security-pr_1158.patch 3045 SHA256 7ed9980ad98aa76924f2122f2d08102be28315d1d36b8367e99b5750f4de432c SHA512 7bb5a1c1feabd81279b7fb40df470b0d496f68b7c45e72d26afe1ef4c911de979ea9f5f30c5cbfe93b05971232885246bfab807d04f6943f772118af21ecf4ab WHIRLPOOL cd25c1a757c3c41c70247e5e612dc87f5f2175a8354fba761c5460c1a671aa6663a6407524b5dfce5040b4e389a9ea4fa16eff3fc4c1ae1a1d9be05324ff1502
@@ -44,10 +45,12 @@ DIST ngx_metrics-0.1.1.tar.gz 2964 SHA256 1c62ebb31e3caafad91720962770b0e7a4287f
 DIST ngx_mogilefs_module-1.0.4.tar.gz 11208 SHA256 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae SHA512 b8cb7eaf6274f4e2247dbcb39db05072d2b2d4361256a325fafab5533d7ce0c4ae9e2905b954dfcfa4789c9cab5cccf2ac1c3a1f02f6a327ed95b562d7773ed1 WHIRLPOOL 64c9b11ad938e6dbe5ba31298f1cd46f6e6bb4ba039c96b1e43bd85919d1606326f74b677f789ecabe0b0f4e0f08ac5aaf8148bf820de65aaa1e9966a28b9f61
 DIST ngx_rtmp-1.2.0.tar.gz 519895 SHA256 a8026f5ade30b178a06f12c46dff053cfe12256016ad465a46646183086b16b0 SHA512 8965d9bee91a46375516ccd012d1c43cd23f15c0630d11ed01472b9a84504574b476f22c5584f43c972a8f923e9ae025b9b60c64aace0ed159c7279bcbd376c8 WHIRLPOOL ea18f30cac7310a9b9be92178266afab5403f9e2e52cf89142c3c8bd20c05b12390ae90bdb50ceabef7ba869ef95502fee2f046716daea95de10527acba826c8
 EBUILD nginx-1.12.1.ebuild 37447 SHA256 2477ca64039f20ac1bca067199a20beea17ee7db62f91036133dbbf8d7c74c3f SHA512 dad602d21ce679a674455f478efad66d1532862d277e65797279c476d24242c4f4b04bd03168a14eee171148d3d2d6488b80a86b001036b087a02630d9ad6642 WHIRLPOOL 7fbb98e1a096b0c0709c49959e98601f7486960cdce075d93dd741849d805249c72c6ea26e53884198cbad1e2e9e97261728ff2ee77a421008062b05352038a4
+EBUILD nginx-1.12.2-r1.ebuild 37152 SHA256 bba2af8fea23b778cc9cbea164f1529eaeedcc0e274f95adfd786dcd922d7880 SHA512 7eb259800e7e39664e8ee688dd3371d7b57d7695476534c96ef8bed67b734d73b76c002c5d89c25ebabc9f95803707386b65d0574b5d32afb12755009a2d0791 WHIRLPOOL 5ba62761c07f028ae13b4ef32c2ee6397795d6c4fcb33637710b80b935ceba67a4eee245161bdae26bbad76e79863d9e7721c9955f5a5c1917988cb393401679
 EBUILD nginx-1.12.2.ebuild 36985 SHA256 12ff14ac86b149692b4e2dca55c75c2c403afe9b3207d9b1b61f2e54ad3be322 SHA512 aec7cca518e74f298568faace878394c787d6d97bdbad3f031f2a7238138e1d02354b1aa1027f13f1e5d36d2328c900232f9fd0148abe641063ec06bb77e0e17 WHIRLPOOL b8afffb93229e40271b099138ce6abf2b2288e2fb102436b5829f54390725c4bbe131d152c004398009a62c0e9f5f8c7e31defdaa16bfebcfc1e41232501e554
 EBUILD nginx-1.13.3.ebuild 37449 SHA256 32838376e6479d1f23bd1d0f500129df8d6c9bac8306fdf0c78bbc0829fc1ea6 SHA512 0adc9b68fb63bf90773fbc08d9a8c9f358cf447b54ff122f6069ffcf725af9dbf34deefa23fe8b4817044578cf1f47c0ca1857e4208bc30761c45a67ef964fe1 WHIRLPOOL d8548150c12049999f515657a91e645a249ad4eaca51485b8900f9e8bfbc633b08ec3d1e34855a3df2779054474782f531d7097fe78ec2617dc1ed54bf4d3b79
 EBUILD nginx-1.13.4.ebuild 36979 SHA256 3bcaaf3a338d9f835a123972ceb5c850d65f4202a344eff387e3585db8e59d6c SHA512 e37db661b34783e2888a1dbb41dc056a4dde164e98679f64d79bea49b8241186cd845429bd025b31787d81a8ba464325955607490335d125529e8c82ff84f381 WHIRLPOOL 39da88134ed266beec030be3504630b22d1d5b8291223b82821ca2dfc0599285f78b682140f003ac93755f79d386b56d8d209ff6d639942deeb07e2d8c539320
 EBUILD nginx-1.13.5.ebuild 36986 SHA256 2776b48e3377e64310dd3a27a0a7073c309ef2b6420a02ef7286f7f5dad9c676 SHA512 38717303b8e653edcabcfa080b3afa8188c5f6fed6b7c7f4ee512f05b2c572be99bf1ed91c1ee9b80958103eea1a91192faed3cd7c1d42bb80a02e8370226c4f WHIRLPOOL 339b305c223c2fd7ef7a11d614d871cecec7125c60e322dc4126c04222e7569f2434e2f8b1a0b99fcde72dc25ea623bba74ea195cb5d154270e5825ceacdb991
+EBUILD nginx-1.13.6-r1.ebuild 37167 SHA256 e83c844bc62f906641375d0711dfb03fa6ae3fa28a69f3e035b4b187bb497d05 SHA512 1dde3c47fceb674e00ba834f8e229b4c8fb11ec8593f93bb84f03f99c75e5aec58be217b7bc353c8a69bce16bb3adc940adf2019feb49af395625818f30ba7a7 WHIRLPOOL 8e3fdfa3c518ed12398e7496d53db96db56cb1c69390b4e8a594c0170bbac7d67abc52d99a22bc91b76bf839bb8bee8fff8c8830ffbbf5cfeaa8451cf1c665f7
 EBUILD nginx-1.13.6.ebuild 37000 SHA256 ee6ff2cf5b365059c2f5fe410d33761bc96bada332a07ce9fb687a9634d4c971 SHA512 c235a260e17c68ba15596e79c1b12086aaaeb21a7f179821c20292cb29366c26fa0c31a847ac3792de07bbc60ec9810b03b205c8cd05a76a56e069e67cd1f376 WHIRLPOOL 06531ff19d00a2c8126ac391f3af8c963a725aa20f66c5abc52575178092e44b8fce64ca6e934bf805c121ed1a23b1f3ac9f8211db903f84eb744265ed5de682
 MISC ChangeLog 20921 SHA256 6daa8e175ce89e3bcc1d0ce14ca52fd82bda991200624c46830e680614e494d6 SHA512 f3f2d93714c35d1ebc04d9aa2e0b6605334bcae88cc8a58c24eed9d479292d9288801dcbf224144914f8715092be69617b6e4c5fe837eeea87e8d499c4e91366 WHIRLPOOL bbb44c9e3e3e8a7ea93b358054266b593083ce38dbdac404dc54f8fdfdf83ef5ab54b5e3978a0c1597e6ed0a0005f064a271f83c3abc27e4598066efede3c563
 MISC ChangeLog-2015 69680 SHA256 10720899590f9065076fca43d949a1fc45b04562b93ca1b47f8bce211bc26a50 SHA512 2c149e4a9a2d37127b9520aa09fe789216a1498d73351b0563c45d8838abdc7788ad3d34ccddfd8b27d7eb386a1344e1726f2ee93a29c886e018057d0ade5546 WHIRLPOOL fcb612cb6854cd2644344220c0fabd8cffeb548008327920eb535986af33c7ad3ae4c31ac57497d9f35bfeabb10cbca1e9897d42009dcfd8a8a7b1dfc0fb9d30
diff --git a/www-servers/nginx/files/http_cache_purge-1.11.6+.patch b/www-servers/nginx/files/http_cache_purge-1.11.6+.patch
new file mode 100644
index 000000000000..c4596bf97ad1
--- /dev/null
+++ b/www-servers/nginx/files/http_cache_purge-1.11.6+.patch
@@ -0,0 +1,22 @@
+Fix compatibility with nginx-1.11.6+
+
+https://github.com/FRiCKLE/ngx_cache_purge/pull/51
+
+---
+ ngx_cache_purge_module.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/ngx_cache_purge_module.c
++++ b/ngx_cache_purge_module.c
+@@ -492,7 +492,11 @@ typedef struct {
+     ngx_str_t                      body_source;
+ #  endif /* nginx_version < 1007008 */
+ 
++#  if (nginx_version >= 1011006)
++    ngx_http_complex_value_t      *method;
++#  else
+     ngx_str_t                      method;
++#  endif /* nginx_version >= 1011006 */
+     ngx_str_t                      location;
+     ngx_str_t                      url;
+ 
diff --git a/www-servers/nginx/nginx-1.12.2-r1.ebuild b/www-servers/nginx/nginx-1.12.2-r1.ebuild
new file mode 100644
index 000000000000..fdf52f005cc0
--- /dev/null
+++ b/www-servers/nginx/nginx-1.12.2-r1.ebuild
@@ -0,0 +1,1005 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.10"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.0"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached proxy referer
+	rewrite scgi ssi split_clients upstream_hash upstream_ip_hash
+	upstream_keepalive upstream_least_conn upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:mainline"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}
diff --git a/www-servers/nginx/nginx-1.13.6-r1.ebuild b/www-servers/nginx/nginx-1.13.6-r1.ebuild
new file mode 100644
index 000000000000..98e2bf7e78a5
--- /dev/null
+++ b/www-servers/nginx/nginx-1.13.6-r1.ebuild
@@ -0,0 +1,1006 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+# Maintainer notes:
+# - http_rewrite-independent pcre-support makes sense for matching locations without an actual rewrite
+# - any http-module activates the main http-functionality and overrides USE=-http
+# - keep the following requirements in mind before adding external modules:
+#	* alive upstream
+#	* sane packaging
+#	* builds cleanly
+#	* does not need a patch for nginx core
+# - TODO: test the google-perftools module (included in vanilla tarball)
+
+# prevent perl-module from adding automagic perl DEPENDs
+GENTOO_DEPEND_ON_PERL="no"
+
+# devel_kit (https://github.com/simpl/ngx_devel_kit, BSD license)
+DEVEL_KIT_MODULE_PV="0.3.0"
+DEVEL_KIT_MODULE_P="ngx_devel_kit-${DEVEL_KIT_MODULE_PV}-r1"
+DEVEL_KIT_MODULE_URI="https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_MODULE_PV}.tar.gz"
+DEVEL_KIT_MODULE_WD="${WORKDIR}/ngx_devel_kit-${DEVEL_KIT_MODULE_PV}"
+
+# http_uploadprogress (https://github.com/masterzen/nginx-upload-progress-module, BSD-2 license)
+HTTP_UPLOAD_PROGRESS_MODULE_PV="0.9.2"
+HTTP_UPLOAD_PROGRESS_MODULE_P="ngx_http_upload_progress-${HTTP_UPLOAD_PROGRESS_MODULE_PV}-r1"
+HTTP_UPLOAD_PROGRESS_MODULE_URI="https://github.com/masterzen/nginx-upload-progress-module/archive/v${HTTP_UPLOAD_PROGRESS_MODULE_PV}.tar.gz"
+HTTP_UPLOAD_PROGRESS_MODULE_WD="${WORKDIR}/nginx-upload-progress-module-${HTTP_UPLOAD_PROGRESS_MODULE_PV}"
+
+# http_headers_more (https://github.com/agentzh/headers-more-nginx-module, BSD license)
+HTTP_HEADERS_MORE_MODULE_PV="0.32"
+HTTP_HEADERS_MORE_MODULE_P="ngx_http_headers_more-${HTTP_HEADERS_MORE_MODULE_PV}"
+HTTP_HEADERS_MORE_MODULE_URI="https://github.com/agentzh/headers-more-nginx-module/archive/v${HTTP_HEADERS_MORE_MODULE_PV}.tar.gz"
+HTTP_HEADERS_MORE_MODULE_WD="${WORKDIR}/headers-more-nginx-module-${HTTP_HEADERS_MORE_MODULE_PV}"
+
+# http_cache_purge (http://labs.frickle.com/nginx_ngx_cache_purge/, https://github.com/FRiCKLE/ngx_cache_purge, BSD-2 license)
+HTTP_CACHE_PURGE_MODULE_PV="2.3"
+HTTP_CACHE_PURGE_MODULE_P="ngx_http_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+HTTP_CACHE_PURGE_MODULE_URI="http://labs.frickle.com/files/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}.tar.gz"
+HTTP_CACHE_PURGE_MODULE_WD="${WORKDIR}/ngx_cache_purge-${HTTP_CACHE_PURGE_MODULE_PV}"
+
+# http_slowfs_cache (http://labs.frickle.com/nginx_ngx_slowfs_cache/, BSD-2 license)
+HTTP_SLOWFS_CACHE_MODULE_PV="1.10"
+HTTP_SLOWFS_CACHE_MODULE_P="ngx_http_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+HTTP_SLOWFS_CACHE_MODULE_URI="http://labs.frickle.com/files/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}.tar.gz"
+HTTP_SLOWFS_CACHE_MODULE_WD="${WORKDIR}/ngx_slowfs_cache-${HTTP_SLOWFS_CACHE_MODULE_PV}"
+
+# http_fancyindex (https://github.com/aperezdc/ngx-fancyindex, BSD license)
+HTTP_FANCYINDEX_MODULE_PV="0.4.2"
+HTTP_FANCYINDEX_MODULE_P="ngx_http_fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+HTTP_FANCYINDEX_MODULE_URI="https://github.com/aperezdc/ngx-fancyindex/archive/v${HTTP_FANCYINDEX_MODULE_PV}.tar.gz"
+HTTP_FANCYINDEX_MODULE_WD="${WORKDIR}/ngx-fancyindex-${HTTP_FANCYINDEX_MODULE_PV}"
+
+# http_lua (https://github.com/openresty/lua-nginx-module, BSD license)
+HTTP_LUA_MODULE_PV="0.10.10"
+HTTP_LUA_MODULE_P="ngx_http_lua-${HTTP_LUA_MODULE_PV}"
+HTTP_LUA_MODULE_URI="https://github.com/openresty/lua-nginx-module/archive/v${HTTP_LUA_MODULE_PV}.tar.gz"
+HTTP_LUA_MODULE_WD="${WORKDIR}/lua-nginx-module-${HTTP_LUA_MODULE_PV}"
+
+# http_auth_pam (https://github.com/stogh/ngx_http_auth_pam_module/, http://web.iti.upv.es/~sto/nginx/, BSD-2 license)
+HTTP_AUTH_PAM_MODULE_PV="1.5.1"
+HTTP_AUTH_PAM_MODULE_P="ngx_http_auth_pam-${HTTP_AUTH_PAM_MODULE_PV}"
+HTTP_AUTH_PAM_MODULE_URI="https://github.com/stogh/ngx_http_auth_pam_module/archive/v${HTTP_AUTH_PAM_MODULE_PV}.tar.gz"
+HTTP_AUTH_PAM_MODULE_WD="${WORKDIR}/ngx_http_auth_pam_module-${HTTP_AUTH_PAM_MODULE_PV}"
+
+# http_upstream_check (https://github.com/yaoweibin/nginx_upstream_check_module, BSD license)
+HTTP_UPSTREAM_CHECK_MODULE_PV="31b1b42873fa56620d8a873ac13f5f26b52d0cd6"
+HTTP_UPSTREAM_CHECK_MODULE_P="ngx_http_upstream_check-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+HTTP_UPSTREAM_CHECK_MODULE_URI="https://github.com/yaoweibin/nginx_upstream_check_module/archive/${HTTP_UPSTREAM_CHECK_MODULE_PV}.tar.gz"
+HTTP_UPSTREAM_CHECK_MODULE_WD="${WORKDIR}/nginx_upstream_check_module-${HTTP_UPSTREAM_CHECK_MODULE_PV}"
+
+# http_metrics (https://github.com/zenops/ngx_metrics, BSD license)
+HTTP_METRICS_MODULE_PV="0.1.1"
+HTTP_METRICS_MODULE_P="ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+HTTP_METRICS_MODULE_URI="https://github.com/madvertise/ngx_metrics/archive/v${HTTP_METRICS_MODULE_PV}.tar.gz"
+HTTP_METRICS_MODULE_WD="${WORKDIR}/ngx_metrics-${HTTP_METRICS_MODULE_PV}"
+
+# naxsi-core (https://github.com/nbs-system/naxsi, GPLv2+)
+HTTP_NAXSI_MODULE_PV="0.55.3"
+HTTP_NAXSI_MODULE_P="ngx_http_naxsi-${HTTP_NAXSI_MODULE_PV}"
+HTTP_NAXSI_MODULE_URI="https://github.com/nbs-system/naxsi/archive/${HTTP_NAXSI_MODULE_PV}.tar.gz"
+HTTP_NAXSI_MODULE_WD="${WORKDIR}/naxsi-${HTTP_NAXSI_MODULE_PV}/naxsi_src"
+
+# nginx-rtmp-module (https://github.com/arut/nginx-rtmp-module, BSD license)
+RTMP_MODULE_PV="1.2.0"
+RTMP_MODULE_P="ngx_rtmp-${RTMP_MODULE_PV}"
+RTMP_MODULE_URI="https://github.com/arut/nginx-rtmp-module/archive/v${RTMP_MODULE_PV}.tar.gz"
+RTMP_MODULE_WD="${WORKDIR}/nginx-rtmp-module-${RTMP_MODULE_PV}"
+
+# nginx-dav-ext-module (https://github.com/arut/nginx-dav-ext-module, BSD license)
+HTTP_DAV_EXT_MODULE_PV="0.1.0"
+HTTP_DAV_EXT_MODULE_P="ngx_http_dav_ext-${HTTP_DAV_EXT_MODULE_PV}"
+HTTP_DAV_EXT_MODULE_URI="https://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
+HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
+
+# echo-nginx-module (https://github.com/openresty/echo-nginx-module, BSD license)
+HTTP_ECHO_MODULE_PV="0.61"
+HTTP_ECHO_MODULE_P="ngx_http_echo-${HTTP_ECHO_MODULE_PV}"
+HTTP_ECHO_MODULE_URI="https://github.com/openresty/echo-nginx-module/archive/v${HTTP_ECHO_MODULE_PV}.tar.gz"
+HTTP_ECHO_MODULE_WD="${WORKDIR}/echo-nginx-module-${HTTP_ECHO_MODULE_PV}"
+
+# mod_security for nginx (https://modsecurity.org/, Apache-2.0)
+# keep the MODULE_P here consistent with upstream to avoid tarball duplication
+HTTP_SECURITY_MODULE_PV="2.9.2"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/${HTTP_SECURITY_MODULE_PV}/${HTTP_SECURITY_MODULE_P}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/${HTTP_SECURITY_MODULE_P}"
+
+# push-stream-module (http://www.nginxpushstream.com, https://github.com/wandenberg/nginx-push-stream-module, GPL-3)
+HTTP_PUSH_STREAM_MODULE_PV="0.5.2"
+HTTP_PUSH_STREAM_MODULE_P="ngx_http_push_stream-${HTTP_PUSH_STREAM_MODULE_PV}"
+HTTP_PUSH_STREAM_MODULE_URI="https://github.com/wandenberg/nginx-push-stream-module/archive/${HTTP_PUSH_STREAM_MODULE_PV}.tar.gz"
+HTTP_PUSH_STREAM_MODULE_WD="${WORKDIR}/nginx-push-stream-module-${HTTP_PUSH_STREAM_MODULE_PV}"
+
+# sticky-module (https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng, BSD-2)
+HTTP_STICKY_MODULE_PV="1.2.6-10-g08a395c66e42"
+HTTP_STICKY_MODULE_P="nginx_http_sticky_module_ng-${HTTP_STICKY_MODULE_PV}"
+HTTP_STICKY_MODULE_URI="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/${HTTP_STICKY_MODULE_PV}.tar.bz2"
+HTTP_STICKY_MODULE_WD="${WORKDIR}/nginx-goodies-nginx-sticky-module-ng-08a395c66e42"
+
+# mogilefs-module (https://github.com/vkholodkov/nginx-mogilefs-module, BSD-2)
+HTTP_MOGILEFS_MODULE_PV="1.0.4"
+HTTP_MOGILEFS_MODULE_P="ngx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+HTTP_MOGILEFS_MODULE_URI="https://github.com/vkholodkov/nginx-mogilefs-module/archive/${HTTP_MOGILEFS_MODULE_PV}.tar.gz"
+HTTP_MOGILEFS_MODULE_WD="${WORKDIR}/nginx_mogilefs_module-${HTTP_MOGILEFS_MODULE_PV}"
+
+# memc-module (https://github.com/openresty/memc-nginx-module, BSD-2)
+HTTP_MEMC_MODULE_PV="0.18"
+HTTP_MEMC_MODULE_P="ngx_memc_module-${HTTP_MEMC_MODULE_PV}"
+HTTP_MEMC_MODULE_URI="https://github.com/openresty/memc-nginx-module/archive/v${HTTP_MEMC_MODULE_PV}.tar.gz"
+HTTP_MEMC_MODULE_WD="${WORKDIR}/memc-nginx-module-${HTTP_MEMC_MODULE_PV}"
+
+# nginx-ldap-auth-module (https://github.com/kvspb/nginx-auth-ldap, BSD-2)
+HTTP_LDAP_MODULE_PV="49a8b4d28fc4a518563c82e0b52821e5f37db1fc"
+HTTP_LDAP_MODULE_P="nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+HTTP_LDAP_MODULE_URI="https://github.com/kvspb/nginx-auth-ldap/archive/${HTTP_LDAP_MODULE_PV}.tar.gz"
+HTTP_LDAP_MODULE_WD="${WORKDIR}/nginx-auth-ldap-${HTTP_LDAP_MODULE_PV}"
+
+# We handle deps below ourselves
+SSL_DEPS_SKIP=1
+AUTOTOOLS_AUTO_DEPEND="no"
+
+inherit autotools ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator multilib
+
+DESCRIPTION="Robust, small and high performance http and reverse proxy server"
+HOMEPAGE="https://nginx.org"
+SRC_URI="https://nginx.org/download/${P}.tar.gz
+	${DEVEL_KIT_MODULE_URI} -> ${DEVEL_KIT_MODULE_P}.tar.gz
+	nginx_modules_http_upload_progress? ( ${HTTP_UPLOAD_PROGRESS_MODULE_URI} -> ${HTTP_UPLOAD_PROGRESS_MODULE_P}.tar.gz )
+	nginx_modules_http_headers_more? ( ${HTTP_HEADERS_MORE_MODULE_URI} -> ${HTTP_HEADERS_MORE_MODULE_P}.tar.gz )
+	nginx_modules_http_cache_purge? ( ${HTTP_CACHE_PURGE_MODULE_URI} -> ${HTTP_CACHE_PURGE_MODULE_P}.tar.gz )
+	nginx_modules_http_slowfs_cache? ( ${HTTP_SLOWFS_CACHE_MODULE_URI} -> ${HTTP_SLOWFS_CACHE_MODULE_P}.tar.gz )
+	nginx_modules_http_fancyindex? ( ${HTTP_FANCYINDEX_MODULE_URI} -> ${HTTP_FANCYINDEX_MODULE_P}.tar.gz )
+	nginx_modules_http_lua? ( ${HTTP_LUA_MODULE_URI} -> ${HTTP_LUA_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_pam? ( ${HTTP_AUTH_PAM_MODULE_URI} -> ${HTTP_AUTH_PAM_MODULE_P}.tar.gz )
+	nginx_modules_http_upstream_check? ( ${HTTP_UPSTREAM_CHECK_MODULE_URI} -> ${HTTP_UPSTREAM_CHECK_MODULE_P}.tar.gz )
+	nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
+	nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
+	rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
+	nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+	nginx_modules_http_echo? ( ${HTTP_ECHO_MODULE_URI} -> ${HTTP_ECHO_MODULE_P}.tar.gz )
+	nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )
+	nginx_modules_http_push_stream? ( ${HTTP_PUSH_STREAM_MODULE_URI} -> ${HTTP_PUSH_STREAM_MODULE_P}.tar.gz )
+	nginx_modules_http_sticky? ( ${HTTP_STICKY_MODULE_URI} -> ${HTTP_STICKY_MODULE_P}.tar.bz2 )
+	nginx_modules_http_mogilefs? ( ${HTTP_MOGILEFS_MODULE_URI} -> ${HTTP_MOGILEFS_MODULE_P}.tar.gz )
+	nginx_modules_http_memc? ( ${HTTP_MEMC_MODULE_URI} -> ${HTTP_MEMC_MODULE_P}.tar.gz )
+	nginx_modules_http_auth_ldap? ( ${HTTP_LDAP_MODULE_URI} -> ${HTTP_LDAP_MODULE_P}.tar.gz )"
+
+LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+
+	nginx_modules_http_security? ( Apache-2.0 )
+	nginx_modules_http_push_stream? ( GPL-3 )"
+
+SLOT="mainline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Package doesn't provide a real test suite
+RESTRICT="test"
+
+NGINX_MODULES_STD="access auth_basic autoindex browser charset empty_gif
+	fastcgi geo gzip limit_req limit_conn map memcached mirror proxy
+	referer rewrite scgi ssi split_clients upstream_hash
+	upstream_ip_hash upstream_keepalive upstream_least_conn
+	upstream_zone userid uwsgi"
+NGINX_MODULES_OPT="addition auth_request dav degradation flv geoip gunzip
+	gzip_static image_filter mp4 perl random_index realip secure_link
+	slice stub_status sub xslt"
+NGINX_MODULES_STREAM_STD="access geo limit_conn map return split_clients
+	upstream_hash upstream_least_conn upstream_zone"
+NGINX_MODULES_STREAM_OPT="geoip realip ssl_preread"
+NGINX_MODULES_MAIL="imap pop3 smtp"
+NGINX_MODULES_3RD="
+	http_upload_progress
+	http_headers_more
+	http_cache_purge
+	http_slowfs_cache
+	http_fancyindex
+	http_lua
+	http_auth_pam
+	http_upstream_check
+	http_metrics
+	http_naxsi
+	http_dav_ext
+	http_echo
+	http_security
+	http_push_stream
+	http_sticky
+	http_mogilefs
+	http_memc
+	http_auth_ldap"
+
+IUSE="aio debug +http +http2 +http-cache +ipv6 libatomic libressl luajit +pcre
+	pcre-jit rtmp selinux ssl threads userland_GNU vim-syntax"
+
+for mod in $NGINX_MODULES_STD; do
+	IUSE="${IUSE} +nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_OPT; do
+	IUSE="${IUSE} nginx_modules_http_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_STD; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_STREAM_OPT; do
+	IUSE="${IUSE} nginx_modules_stream_${mod}"
+done
+
+for mod in $NGINX_MODULES_MAIL; do
+	IUSE="${IUSE} nginx_modules_mail_${mod}"
+done
+
+for mod in $NGINX_MODULES_3RD; do
+	IUSE="${IUSE} nginx_modules_${mod}"
+done
+
+# Add so we can warn users updating about config changes
+# @TODO: jbergstroem: remove on next release series
+IUSE="${IUSE} nginx_modules_http_spdy"
+
+CDEPEND="
+	pcre? ( dev-libs/libpcre:= )
+	pcre-jit? ( dev-libs/libpcre:=[jit] )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http2? (
+		!libressl? ( >=dev-libs/openssl-1.0.1c:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	http-cache? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_geoip? ( dev-libs/geoip )
+	nginx_modules_http_gunzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip? ( sys-libs/zlib )
+	nginx_modules_http_gzip_static? ( sys-libs/zlib )
+	nginx_modules_http_image_filter? ( media-libs/gd:=[jpeg,png] )
+	nginx_modules_http_perl? ( >=dev-lang/perl-5.8:= )
+	nginx_modules_http_rewrite? ( dev-libs/libpcre:= )
+	nginx_modules_http_secure_link? (
+		userland_GNU? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:= )
+		)
+	)
+	nginx_modules_http_xslt? ( dev-libs/libxml2:= dev-libs/libxslt )
+	nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:2= ) )
+	nginx_modules_http_auth_pam? ( virtual/pam )
+	nginx_modules_http_metrics? ( dev-libs/yajl:= )
+	nginx_modules_http_dav_ext? ( dev-libs/expat )
+	nginx_modules_http_security? (
+		dev-libs/apr:=
+		dev-libs/apr-util:=
+		dev-libs/libxml2:=
+		net-misc/curl
+		www-servers/apache
+	)
+	nginx_modules_http_auth_ldap? ( net-nds/openldap[ssl?] )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-nginx )
+	!www-servers/nginx:0"
+DEPEND="${CDEPEND}
+	nginx_modules_http_security? ( ${AUTOTOOLS_DEPEND} )
+	arm? ( dev-libs/libatomic_ops )
+	libatomic? ( dev-libs/libatomic_ops )"
+PDEPEND="vim-syntax? ( app-vim/nginx-syntax )"
+
+REQUIRED_USE="pcre-jit? ( pcre )
+	nginx_modules_http_lua? ( nginx_modules_http_rewrite )
+	nginx_modules_http_naxsi? ( pcre )
+	nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+	nginx_modules_http_metrics? ( nginx_modules_http_stub_status )
+	nginx_modules_http_security? ( pcre )
+	nginx_modules_http_push_stream? ( ssl )"
+
+pkg_setup() {
+	NGINX_HOME="/var/lib/nginx"
+	NGINX_HOME_TMP="${NGINX_HOME}/tmp"
+
+	ebegin "Creating nginx user and group"
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 "${NGINX_HOME}" ${PN}
+	eend $?
+
+	if use libatomic; then
+		ewarn "GCC 4.1+ features built-in atomic operations."
+		ewarn "Using libatomic_ops is only needed if using"
+		ewarn "a different compiler or a GCC prior to 4.1"
+	fi
+
+	if [[ -n $NGINX_ADD_MODULES ]]; then
+		ewarn "You are building custom modules via \$NGINX_ADD_MODULES!"
+		ewarn "This nginx installation is not supported!"
+		ewarn "Make sure you can reproduce the bug without those modules"
+		ewarn "_before_ reporting bugs."
+	fi
+
+	if use !http; then
+		ewarn "To actually disable all http-functionality you also have to disable"
+		ewarn "all nginx http modules."
+	fi
+
+	if use nginx_modules_http_mogilefs && use threads; then
+		eerror "mogilefs won't compile with threads support."
+		eerror "Please disable either flag and try again."
+		die "Can't compile mogilefs with threads support"
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-1.4.1-fix-perl-install-path.patch"
+	eapply "${FILESDIR}/${PN}-httpoxy-mitigation-r1.patch"
+
+	if use nginx_modules_http_upstream_check; then
+		#eapply -p0 "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.11.1+.patch
+		eapply -p0 "${FILESDIR}"/http_upstream_check-nginx-1.11.5+.patch
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		cd "${HTTP_CACHE_PURGE_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_cache_purge-1.11.6+.patch
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		eautoreconf
+
+		if use luajit ; then
+			sed -i \
+				-e 's|^\(LUA_PKGNAMES\)=.*|\1="luajit"|' \
+				configure || die
+		fi
+
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_upload_progress; then
+		cd "${HTTP_UPLOAD_PROGRESS_MODULE_WD}" || die
+		eapply "${FILESDIR}"/http_uploadprogress-issue_50-r1.patch
+		cd "${S}" || die
+	fi
+
+	find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
+	# We have config protection, don't rename etc files
+	sed -i 's:.default::' auto/install || die
+	# remove useless files
+	sed -i -e '/koi-/d' -e '/win-/d' auto/install || die
+
+	# don't install to /etc/nginx/ if not in use
+	local module
+	for module in fastcgi scgi uwsgi ; do
+		if ! use nginx_modules_http_${module}; then
+			sed -i -e "/${module}/d" auto/install || die
+		fi
+	done
+
+	eapply_user
+}
+
+src_configure() {
+	# mod_security needs to generate nginx/modsecurity/config before including it
+	if use nginx_modules_http_security; then
+		cd "${HTTP_SECURITY_MODULE_WD}" || die
+
+		./configure \
+			--enable-standalone-module \
+			--disable-mlogc \
+			--with-ssdeep=no \
+			$(use_enable pcre-jit) \
+			$(use_with nginx_modules_http_lua lua) || die "configure failed for mod_security"
+
+		cd "${S}" || die
+	fi
+
+	local myconf=() http_enabled= mail_enabled= stream_enabled=
+
+	use aio       && myconf+=( --with-file-aio )
+	use debug     && myconf+=( --with-debug )
+	use http2     && myconf+=( --with-http_v2_module )
+	use libatomic && myconf+=( --with-libatomic )
+	use pcre      && myconf+=( --with-pcre )
+	use pcre-jit  && myconf+=( --with-pcre-jit )
+	use threads   && myconf+=( --with-threads )
+
+	# HTTP modules
+	for mod in $NGINX_MODULES_STD; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+		else
+			myconf+=( --without-http_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_OPT; do
+		if use nginx_modules_http_${mod}; then
+			http_enabled=1
+			myconf+=( --with-http_${mod}_module )
+		fi
+	done
+
+	if use nginx_modules_http_fastcgi; then
+		myconf+=( --with-http_realip_module )
+	fi
+
+	# third-party modules
+	if use nginx_modules_http_upload_progress; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPLOAD_PROGRESS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_headers_more; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_HEADERS_MORE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_CACHE_PURGE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SLOWFS_CACHE_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_FANCYINDEX_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_lua; then
+		http_enabled=1
+		if use luajit; then
+			export LUAJIT_LIB=$(pkg-config --variable libdir luajit)
+			export LUAJIT_INC=$(pkg-config --variable includedir luajit)
+		else
+			export LUA_LIB=$(pkg-config --variable libdir lua)
+			export LUA_INC=$(pkg-config --variable includedir lua)
+		fi
+		myconf+=( --add-module=${DEVEL_KIT_MODULE_WD} )
+		myconf+=( --add-module=${HTTP_LUA_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_AUTH_PAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_UPSTREAM_CHECK_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_metrics; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_METRICS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_naxsi ; then
+		http_enabled=1
+		myconf+=(  --add-module=${HTTP_NAXSI_MODULE_WD} )
+	fi
+
+	if use rtmp ; then
+		http_enabled=1
+		myconf+=( --add-module=${RTMP_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_dav_ext ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_DAV_EXT_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_echo ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_ECHO_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_security ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity )
+	fi
+
+	if use nginx_modules_http_push_stream ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_PUSH_STREAM_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_sticky ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_STICKY_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_mogilefs ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MOGILEFS_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_memc ; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_MEMC_MODULE_WD} )
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		http_enabled=1
+		myconf+=( --add-module=${HTTP_LDAP_MODULE_WD} )
+	fi
+
+	if use http || use http-cache || use http2; then
+		http_enabled=1
+	fi
+
+	if [ $http_enabled ]; then
+		use http-cache || myconf+=( --without-http-cache )
+		use ssl && myconf+=( --with-http_ssl_module )
+	else
+		myconf+=( --without-http --without-http-cache )
+	fi
+
+	# Stream modules
+	for mod in $NGINX_MODULES_STREAM_STD; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+		else
+			myconf+=( --without-stream_${mod}_module )
+		fi
+	done
+
+	for mod in $NGINX_MODULES_STREAM_OPT; do
+		if use nginx_modules_stream_${mod}; then
+			stream_enabled=1
+			myconf+=( --with-stream_${mod}_module )
+		fi
+	done
+
+	if [ $stream_enabled ]; then
+		myconf+=( --with-stream )
+		use ssl && myconf+=( --with-stream_ssl_module )
+	fi
+
+	# MAIL modules
+	for mod in $NGINX_MODULES_MAIL; do
+		if use nginx_modules_mail_${mod}; then
+			mail_enabled=1
+		else
+			myconf+=( --without-mail_${mod}_module )
+		fi
+	done
+
+	if [ $mail_enabled ]; then
+		myconf+=( --with-mail )
+		use ssl && myconf+=( --with-mail_ssl_module )
+	fi
+
+	# custom modules
+	for mod in $NGINX_ADD_MODULES; do
+		myconf+=(  --add-module=${mod} )
+	done
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	tc-export CC
+
+	if ! use prefix; then
+		myconf+=( --user=${PN} )
+		myconf+=( --group=${PN} )
+	fi
+
+	local WITHOUT_IPV6=
+	if ! use ipv6; then
+		WITHOUT_IPV6=" -DNGX_HAVE_INET6=0"
+	fi
+
+	./configure \
+		--prefix="${EPREFIX}"/usr \
+		--conf-path="${EPREFIX}"/etc/${PN}/${PN}.conf \
+		--error-log-path="${EPREFIX}"/var/log/${PN}/error_log \
+		--pid-path="${EPREFIX}"/run/${PN}.pid \
+		--lock-path="${EPREFIX}"/run/lock/${PN}.lock \
+		--with-cc-opt="-I${EROOT}usr/include${WITHOUT_IPV6}" \
+		--with-ld-opt="-L${EROOT}usr/$(get_libdir)" \
+		--http-log-path="${EPREFIX}"/var/log/${PN}/access_log \
+		--http-client-body-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/client \
+		--http-proxy-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/proxy \
+		--http-fastcgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/fastcgi \
+		--http-scgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/scgi \
+		--http-uwsgi-temp-path="${EPREFIX}${NGINX_HOME_TMP}"/uwsgi \
+		--with-compat \
+		"${myconf[@]}" || die "configure failed"
+
+	# A purely cosmetic change that makes nginx -V more readable. This can be
+	# good if people outside the gentoo community would troubleshoot and
+	# question the users setup.
+	sed -i -e "s|${WORKDIR}|external_module|g" objs/ngx_auto_config.h || die
+}
+
+src_compile() {
+	use nginx_modules_http_security && emake -C "${HTTP_SECURITY_MODULE_WD}"
+
+	# https://bugs.gentoo.org/286772
+	export LANG=C LC_ALL=C
+	emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}"
+}
+
+src_install() {
+	emake DESTDIR="${D%/}" install
+
+	cp "${FILESDIR}"/nginx.conf-r2 "${ED}"etc/nginx/nginx.conf || die
+
+	newinitd "${FILESDIR}"/nginx.initd-r4 nginx
+	newconfd "${FILESDIR}"/nginx.confd nginx
+
+	systemd_newunit "${FILESDIR}"/nginx.service-r1 nginx.service
+
+	doman man/nginx.8
+	dodoc CHANGES* README
+
+	# just keepdir. do not copy the default htdocs files (bug #449136)
+	keepdir /var/www/localhost
+	rm -rf "${D}"usr/html || die
+
+	# set up a list of directories to keep
+	local keepdir_list="${NGINX_HOME_TMP}"/client
+	local module
+	for module in proxy fastcgi scgi uwsgi; do
+		use nginx_modules_http_${module} && keepdir_list+=" ${NGINX_HOME_TMP}/${module}"
+	done
+
+	keepdir /var/log/nginx ${keepdir_list}
+
+	# this solves a problem with SELinux where nginx doesn't see the directories
+	# as root and tries to create them as nginx
+	fperms 0750 "${NGINX_HOME_TMP}"
+	fowners ${PN}:0 "${NGINX_HOME_TMP}"
+
+	fperms 0700 ${keepdir_list}
+	fowners ${PN}:${PN} ${keepdir_list}
+
+	fperms 0710 /var/log/nginx
+	fowners 0:${PN} /var/log/nginx
+
+	# logrotate
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/nginx.logrotate-r1 nginx
+
+	if use nginx_modules_http_perl; then
+		cd "${S}"/objs/src/http/modules/perl/ || die
+		emake DESTDIR="${D}" INSTALLDIRS=vendor
+		perl_delete_localpod
+		cd "${S}" || die
+	fi
+
+	if use nginx_modules_http_cache_purge; then
+		docinto ${HTTP_CACHE_PURGE_MODULE_P}
+		dodoc "${HTTP_CACHE_PURGE_MODULE_WD}"/{CHANGES,README.md,TODO.md}
+	fi
+
+	if use nginx_modules_http_slowfs_cache; then
+		docinto ${HTTP_SLOWFS_CACHE_MODULE_P}
+		dodoc "${HTTP_SLOWFS_CACHE_MODULE_WD}"/{CHANGES,README.md}
+	fi
+
+	if use nginx_modules_http_fancyindex; then
+		docinto ${HTTP_FANCYINDEX_MODULE_P}
+		dodoc "${HTTP_FANCYINDEX_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_lua; then
+		docinto ${HTTP_LUA_MODULE_P}
+		dodoc "${HTTP_LUA_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_pam; then
+		docinto ${HTTP_AUTH_PAM_MODULE_P}
+		dodoc "${HTTP_AUTH_PAM_MODULE_WD}"/{README.md,ChangeLog}
+	fi
+
+	if use nginx_modules_http_upstream_check; then
+		docinto ${HTTP_UPSTREAM_CHECK_MODULE_P}
+		dodoc "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/{README,CHANGES}
+	fi
+
+	if use nginx_modules_http_naxsi; then
+		insinto /etc/nginx
+		doins "${HTTP_NAXSI_MODULE_WD}"/../naxsi_config/naxsi_core.rules
+	fi
+
+	if use rtmp; then
+		docinto ${RTMP_MODULE_P}
+		dodoc "${RTMP_MODULE_WD}"/{AUTHORS,README.md,stat.xsl}
+	fi
+
+	if use nginx_modules_http_dav_ext; then
+		docinto ${HTTP_DAV_EXT_MODULE_P}
+		dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README.rst
+	fi
+
+	if use nginx_modules_http_echo; then
+		docinto ${HTTP_ECHO_MODULE_P}
+		dodoc "${HTTP_ECHO_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_security; then
+		docinto ${HTTP_SECURITY_MODULE_P}
+		dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+	fi
+
+	if use nginx_modules_http_push_stream; then
+		docinto ${HTTP_PUSH_STREAM_MODULE_P}
+		dodoc "${HTTP_PUSH_STREAM_MODULE_WD}"/{AUTHORS,CHANGELOG.textile,README.textile}
+	fi
+
+	if use nginx_modules_http_sticky; then
+		docinto ${HTTP_STICKY_MODULE_P}
+		dodoc "${HTTP_STICKY_MODULE_WD}"/{README.md,Changelog.txt,docs/sticky.pdf}
+	fi
+
+	if use nginx_modules_http_memc; then
+		docinto ${HTTP_MEMC_MODULE_P}
+		dodoc "${HTTP_MEMC_MODULE_WD}"/README.markdown
+	fi
+
+	if use nginx_modules_http_auth_ldap; then
+		docinto ${HTTP_LDAP_MODULE_P}
+		dodoc "${HTTP_LDAP_MODULE_WD}"/example.conf
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		if [[ ! -f "${EROOT}"etc/ssl/${PN}/${PN}.key ]]; then
+			install_cert /etc/ssl/${PN}/${PN}
+			use prefix || chown ${PN}:${PN} "${EROOT}"etc/ssl/${PN}/${PN}.{crt,csr,key,pem}
+		fi
+	fi
+
+	if use nginx_modules_http_spdy; then
+		ewarn ""
+		ewarn "In nginx 1.9.5 the spdy module was superseded by http2."
+		ewarn "Update your configs and package.use accordingly."
+	fi
+
+	if use nginx_modules_http_lua; then
+		ewarn ""
+		ewarn "While you can build lua 3rd party module against ${P}"
+		ewarn "the author warns that >=${PN}-1.11.11 is still not an"
+		ewarn "officially supported target yet. You are on your own."
+		ewarn "Expect runtime failures, memory leaks and other problems!"
+	fi
+
+	if use nginx_modules_http_lua && use http2; then
+		ewarn ""
+		ewarn "Lua 3rd party module author warns against using ${P} with"
+		ewarn "NGINX_MODULES_HTTP=\"lua http2\". For more info, see http://git.io/OldLsg"
+	fi
+
+	local _n_permission_layout_checks=0
+	local _has_to_adjust_permissions=0
+	local _has_to_show_permission_warning=0
+
+	# Defaults to 1 to inform people doing a fresh installation
+	# that we ship modified {scgi,uwsgi,fastcgi}_params files
+	local _has_to_show_httpoxy_mitigation_notice=1
+
+	local _replacing_version=
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		_n_permission_layout_checks=$((${_n_permission_layout_checks}+1))
+
+		if [[ ${_n_permission_layout_checks} -gt 1 ]]; then
+			# Should never happen:
+			# Package is abusing slots but doesn't allow multiple parallel installations.
+			# If we run into this situation it is unsafe to automatically adjust any
+			# permission...
+			_has_to_show_permission_warning=1
+
+			ewarn "Replacing multiple ${PN}' versions is unsupported! " \
+				"You will have to adjust permissions on your own."
+
+			break
+		fi
+
+		local _replacing_version_branch=$(get_version_component_range 1-2 "${_replacing_version}")
+		debug-print "Updating an existing installation (v${_replacing_version}; branch '${_replacing_version_branch}') ..."
+
+		# Do we need to adjust permissions to fix CVE-2013-0337 (bug #458726, #469094)?
+		# This was before we introduced multiple nginx versions so we
+		# do not need to distinguish between stable and mainline
+		local _need_to_fix_CVE2013_0337=1
+
+		if version_is_at_least "1.4.1-r2" "${_replacing_version}"; then
+			# We are updating an installation which should already be fixed
+			_need_to_fix_CVE2013_0337=0
+			debug-print "Skipping CVE-2013-0337 ... existing installation should not be affected!"
+		else
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2013-0337!"
+		fi
+
+		# Do we need to inform about HTTPoxy mitigation?
+		# In repository since commit 8be44f76d4ac02cebcd1e0e6e6284bb72d054b0f
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_show_httpoxy_mitigation_notice=1
+			debug-print "Need to inform about HTTPoxy mitigation!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.1-r2"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.3-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that the user has
+					# already seen the HTTPoxy mitigation notice because he/she is doing
+					# an update from previous version where we have already shown
+					# the warning. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation where we already informed
+				# that we are mitigating HTTPoxy per default
+				_has_to_show_httpoxy_mitigation_notice=0
+				debug-print "No need to inform about HTTPoxy mitigation ... information was already shown for existing installation!"
+			else
+				_has_to_show_httpoxy_mitigation_notice=1
+				debug-print "Need to inform about HTTPoxy mitigation!"
+			fi
+		fi
+
+		# Do we need to adjust permissions to fix CVE-2016-1247 (bug #605008)?
+		# All branches up to 1.11 are affected
+		local _need_to_fix_CVE2016_1247=1
+
+		if ! version_is_at_least "1.10" "${_replacing_version_branch}"; then
+			# Updating from <1.10
+			_has_to_adjust_permissions=1
+			debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+		else
+			# Updating from >=1.10
+			local _fixed_in_pvr=
+			case "${_replacing_version_branch}" in
+				"1.10")
+					_fixed_in_pvr="1.10.2-r3"
+					;;
+				"1.11")
+					_fixed_in_pvr="1.11.6-r1"
+					;;
+				*)
+					# This should be any future branch.
+					# If we run this code it is safe to assume that we have already
+					# adjusted permissions or were never affected because user is
+					# doing an update from previous version which was safe or did
+					# the adjustments. Otherwise, we wouldn't hit this code path ...
+					_fixed_in_pvr=
+			esac
+
+			if [[ -z "${_fixed_in_pvr}" ]] || version_is_at_least "${_fixed_in_pvr}" "${_replacing_version}"; then
+				# We are updating an installation which should already be adjusted
+				# or which was never affected
+				_need_to_fix_CVE2016_1247=0
+				debug-print "Skipping CVE-2016-1247 ... existing installation should not be affected!"
+			else
+				_has_to_adjust_permissions=1
+				debug-print "Need to adjust permissions to fix CVE-2016-1247!"
+			fi
+		fi
+	done
+
+	if [[ ${_has_to_adjust_permissions} -eq 1 ]]; then
+		# We do not DIE when chmod/chown commands are failing because
+		# package is already merged on user's system at this stage
+		# and we cannot retry without losing the information that
+		# the existing installation needs to adjust permissions.
+		# Instead we are going to a show a big warning ...
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2013_0337} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The world-readable bit (if set) has been removed from the"
+			ewarn "following directories to mitigate a security bug"
+			ewarn "(CVE-2013-0337, bug #458726):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn "  ${EPREFIX%/}${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi}"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			ewarn "Furthermore nginx' temp directories got moved to '${EPREFIX%/}${NGINX_HOME_TMP}'"
+			chmod o-rwx \
+				"${EPREFIX%/}"/var/log/nginx \
+				"${EPREFIX%/}"${NGINX_HOME_TMP}/{,client,proxy,fastcgi,scgi,uwsgi} || \
+				_has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 0 ]] && [[ ${_need_to_fix_CVE2016_1247} -eq 1 ]]; then
+			ewarn ""
+			ewarn "The permissions on the following directory have been reset in"
+			ewarn "order to mitigate a security bug (CVE-2016-1247, bug #605008):"
+			ewarn ""
+			ewarn "  ${EPREFIX%/}/var/log/nginx"
+			ewarn ""
+			ewarn "Check if this is correct for your setup before restarting nginx!"
+			ewarn "Also ensure that no other log directory used by any of your"
+			ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+			ewarn "used by nginx can be abused to escalate privileges!"
+			ewarn "This is a one-time change and will not happen on subsequent updates."
+			chown 0:nginx "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+			chmod 710 "${EPREFIX%/}"/var/log/nginx || _has_to_show_permission_warning=1
+		fi
+
+		if [[ ${_has_to_show_permission_warning} -eq 1 ]]; then
+			# Should never happen ...
+			ewarn ""
+			ewarn "*************************************************************"
+			ewarn "***************         W A R N I N G         ***************"
+			ewarn "*************************************************************"
+			ewarn "The one-time only attempt to adjust permissions of the"
+			ewarn "existing nginx installation failed. Be aware that we will not"
+			ewarn "try to adjust the same permissions again because now you are"
+			ewarn "using a nginx version where we expect that the permissions"
+			ewarn "are already adjusted or that you know what you are doing and"
+			ewarn "want to keep custom permissions."
+			ewarn ""
+		fi
+	fi
+
+	# Sanity check for CVE-2016-1247
+	# Required to warn users who received the warning above and thought
+	# they could fix it by unmerging and re-merging the package or have
+	# unmerged a affected installation on purpose in the past leaving
+	# /var/log/nginx on their system due to keepdir/non-empty folder
+	# and are now installing the package again.
+	local _sanity_check_testfile=$(mktemp --dry-run "${EPREFIX%/}"/var/log/nginx/.CVE-2016-1247.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_sanity_check_testfile}" nginx >&/dev/null
+	if [ $? -eq 0 ] ; then
+		# Cleanup -- no reason to die here!
+		rm -f "${_sanity_check_testfile}"
+
+		ewarn ""
+		ewarn "*************************************************************"
+		ewarn "***************         W A R N I N G         ***************"
+		ewarn "*************************************************************"
+		ewarn "Looks like your installation is vulnerable to CVE-2016-1247"
+		ewarn "(bug #605008) because nginx user is able to create files in"
+		ewarn ""
+		ewarn "  ${EPREFIX%/}/var/log/nginx"
+		ewarn ""
+		ewarn "Also ensure that no other log directory used by any of your"
+		ewarn "vhost(s) is not writeable for nginx user. Any of your log files"
+		ewarn "used by nginx can be abused to escalate privileges!"
+	fi
+
+	if [[ ${_has_to_show_httpoxy_mitigation_notice} -eq 1 ]]; then
+		# HTTPoxy mitigation
+		ewarn ""
+		ewarn "This nginx installation comes with a mitigation for the HTTPoxy"
+		ewarn "vulnerability for FastCGI, SCGI and uWSGI applications by setting"
+		ewarn "the HTTP_PROXY parameter to an empty string per default when you"
+		ewarn "are sourcing one of the default"
+		ewarn ""
+		ewarn "  - 'fastcgi_params' or 'fastcgi.conf'"
+		ewarn "  - 'scgi_params'"
+		ewarn "  - 'uwsgi_params'"
+		ewarn ""
+		ewarn "files in your server block(s)."
+		ewarn ""
+		ewarn "If this is causing any problems for you make sure that you are sourcing the"
+		ewarn "default parameters _before_ you set your own values."
+		ewarn "If you are relying on user-supplied proxy values you have to remove the"
+		ewarn "correlating lines from the file(s) mentioned above."
+		ewarn ""
+	fi
+}