diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix
index df7035c03cc2..17cfdfb24462 100644
--- a/nixos/modules/services/web-servers/apache-httpd/default.nix
+++ b/nixos/modules/services/web-servers/apache-httpd/default.nix
@@ -36,11 +36,12 @@ let
dependentCertNames = unique (map (hostOpts: hostOpts.certName) acmeEnabledVhosts);
mkListenInfo = hostOpts:
- if hostOpts.listen != [] then hostOpts.listen
- else (
- optional (hostOpts.onlySSL || hostOpts.addSSL || hostOpts.forceSSL) { ip = "*"; port = 443; ssl = true; } ++
- optional (!hostOpts.onlySSL) { ip = "*"; port = 80; ssl = false; }
- );
+ if hostOpts.listen != [] then
+ hostOpts.listen
+ else
+ optionals (hostOpts.onlySSL || hostOpts.addSSL || hostOpts.forceSSL) (map (addr: { ip = addr; port = 443; ssl = true; }) hostOpts.listenAddresses) ++
+ optionals (!hostOpts.onlySSL) (map (addr: { ip = addr; port = 80; ssl = false; }) hostOpts.listenAddresses)
+ ;
listenInfo = unique (concatMap mkListenInfo vhosts);
diff --git a/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix b/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix
index 394f9a305546..3f732a5c9f33 100644
--- a/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix
+++ b/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix
@@ -47,12 +47,29 @@ in
];
description = ''
Listen addresses and ports for this virtual host.
-
+
+
This option overrides addSSL, forceSSL and onlySSL.
-
+
+
+ If you only want to set the addresses manually and not the ports, take a look at listenAddresses.
+
+
'';
};
+ listenAddresses = mkOption {
+ type = with types; nonEmptyListOf str;
+
+ description = ''
+ Listen addresses for this virtual host.
+ Compared to listen this only sets the addreses
+ and the ports are chosen automatically.
+ '';
+ default = [ "*" ];
+ example = [ "127.0.0.1" ];
+ };
+
enableSSL = mkOption {
type = types.bool;
visible = false;