cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
161903 commits 1 branch 0 tags 3.7 GiB
Commit graph

89 commits

Author SHA1 Message Date
Izorkin
af8ae49395 nginx: add custom options 2018-10-23 21:04:07 +03:00
Franz Pletz
ebd38185c8 nixos/nextcloud: init 
Co-authored-by: Franz Pletz <fpletz@fnordicwalking.de>
Co-authored-by: Robin Gloster <mail@glob.in>
Co-authored-by: Janne Heß <janne@hess.ooo>
Co-authored-by: Florian Klink <flokli@flokli.de>
 2018-10-01 02:07:43 +09:30
Vincent Bernat
1251b34b5b nixos/nginx: ensure TLS OCSP stapling works out of the box with LE 
The recommended TLS configuration comes with `ssl_stapling on` and
`ssl_stapling_verify on`. However, this last directive also requires
the use of `ssl_trusted_certificate` to verify the received answer.
When using `enableACME` or similar, we can help the user by providing
the correct value for the directive.

The result can be tested with:

    openssl s_client -connect web.example.com:443 -status 2> /dev/null

Without OCSP stapling, we get:

    OCSP response: no response sent

After this change, we get:

    OCSP Response Data:
        OCSP Response Status: successful (0x0)
        Response Type: Basic OCSP Response
        Version: 1 (0x0)
        Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Produced At: Aug 30 20:46:00 2018 GMT
 2018-08-30 22:47:41 +02:00
Vincent Bernat
bd075eb914 nginx: add more gzipped MIME types 
The additions are:

 - image/svg+xml for SVG images
 - application/atom+xml for Atom feeds

These types are also present in mime.types. For better readability,
the list is sorted and formatted with one type per line.
 2018-08-26 21:48:55 +02:00
Vincent Bernat
06a5fb2ada nginx: use a compression level of 5 in recommended configuration 
While there is little gain of space to use a compression level of 9,
the CPU usage is significant. Many experiments point to use something
between 4 and 6. For example:

 - https://mjanja.ch/2015/03/finding-the-nginx-gzip_comp_level-sweet-spot/
 - 3bda5b93ed/nginx.conf (L93)
 2018-08-26 21:43:34 +02:00
Florian Klink
fff5923686 nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
Nikolay Amiantov
a08645e9be nginx module: add upstream extraConfig 2018-05-08 16:32:11 +03:00
Ben Wolsieffer
4d40adb86d nginx: allow basic auth passwords to be specified in a file 2018-04-25 15:37:09 +02:00
Kjetil Ørbekk
8614e22297 fix: nixos/nginx certificate location 
Fix issue when using a cert location other than the default.
 2018-04-02 20:34:01 -04:00
Niklas Hambüchen
f00a1514f9 nixos/nginx: validate config syntax in preStart (#24664) 2018-02-17 09:45:25 +00:00
Jan Tojnar
41d252d7a4
nixos/nginx: allow using existing ACME certificate 
When a domain has a lot of subdomains, it is quite easy to hit the rate limit:

https://letsencrypt.org/docs/rate-limits/

Instead you can define the certificate manually in `security.acme.certs` and list the subdomains in the `extraDomains` option.
 2018-01-15 13:48:45 +01:00
Christoph Hrdinka
d890212ac8 nginx module: only turn on HTTP2 when SSL is enabled 
Signed-off-by: Christoph Hrdinka <c.github@hrdinka.at>
 2017-12-28 00:32:24 +01:00
Niklas Hambüchen
afa97cb981 nginx service: Make http2 an option. 
HTTP 2 can break some things, for example due to this Chrome bug:

  https://bugs.chromium.org/p/chromium/issues/detail?id=796199

So the service hardcoding it to be enabled is not helpful.

This commit adds an option so you can turn it off.
 2017-12-19 19:59:15 +01:00
Robin Gloster
97a2cd0748
nginx: module fix example 
Closes #28926
 2017-09-03 14:05:32 +02:00
Robin Gloster
7cd46a0594
nginx module: add proxyResolveWhileRunning option 2017-08-30 21:01:53 +02:00
Robin Gloster
4ffa9ddb30
nginx module: allow basic configuration of upstreams 2017-08-30 21:01:53 +02:00
Franz Pletz
759daba980
nginx module: first proxy_set_header takes precendence 2017-08-30 21:01:52 +02:00
Franz Pletz
65c2203ffc
nginx module: add option for proxying websocket requests 2017-08-30 21:01:52 +02:00
Franz Pletz
530282eebe
nginx module: fix applying recommended proxy headers 
Previously, if proxy_set_header would be used in an extraConfig of
a location, the headers defined in the http block by
recommendedProxySettings would be cleared. As this is not the intended
behaviour, these settings are now included from a separate file if
needed.
 2017-08-30 21:01:52 +02:00
Robin Gloster
0371f2b5cc
nginx module: clean up SSL/listen handling 2017-08-30 21:01:52 +02:00
Wout Mertens
339330b322 Merge pull request #27426 from rnhmjoj/nginx 
nginx: make enabling SSL port-specific
 2017-08-07 16:46:28 +02:00
Robin Gloster
94a2cba8d9
nginx module: add resolver config 2017-08-04 02:15:46 +02:00
Robin Gloster
75bbcd4215
nginx module: include uwsgi_params 2017-08-04 02:15:01 +02:00
rnhmjoj
a912a6a291
nginx: make enabling SSL port-specific 2017-07-27 03:45:53 +02:00
Wout Mertens
c4783a982b nginx: add gzip_vary to recommended settings 
Google PageSpeed recommends turning this on to allow proxies to cache
 2017-07-17 20:15:59 +02:00
rnhmjoj
e40f3bea3e
nginx: make listen addresses configurable 2017-07-14 21:26:54 +02:00
Domen Kožar
02129a8788 Merge pull request #23672 from edanaher/nginx-alias 
Nginx alias directive
 2017-03-21 15:04:02 +01:00
Franz Pletz
c13922f012
nginx: explicitly use stable version 
Also updates the documention of the NixOS option `services.nginx.package`
that upstream recommends using the mainline version instead.

Fixes #21665.
 2017-03-20 20:04:09 +01:00
Evan Danaher
a09246948c nginx: disallow alias directive on server level; it doesn't work. 2017-03-09 16:54:44 -05:00
Evan Danaher
e7358b192a nginx: Assert that either root or alias is null. 
If both are set, nginx won't start.  More error checking is certainly in
order, but this seems like a reasonable start.
 2017-03-09 13:02:49 -05:00
Evan Danaher
ff2e2e82cc nginx: Add alias configuration option for hosts and locations. 
It's like root, but doesn't keep the prefix.
 2017-03-09 13:02:29 -05:00
Susan Potter
251b9ca0e7
nginx service: add commonHttpConfig option 2017-02-28 09:36:56 -06:00
Franz Pletz
26a2822cf0
nginx service: restart instead of stop to reduce downtime 
cc #23127
 2017-02-25 20:12:37 +01:00
Franz Pletz
3a4dd97c55
nginx module: fix acme if vhost name != serverName 
cc #21931 @bobvanderlinden
 2017-02-25 08:04:38 +01:00
Robin Gloster
6e12406e30
Revert "nginx: Format the config file" 
This reverts commit e362a3d5c9.

See #22883
 2017-02-16 22:45:00 +01:00
Franz Pletz
65a1762a9b
nginx module: make acme group overrideable easily 2017-02-08 23:50:59 +01:00
Svein Ove Aas
e362a3d5c9 nginx: Format the config file 2017-02-07 16:19:11 +01:00
Bob van der Linden
d9987f360a nginx: added serverName option for virtualHosts 
This allows overriding the `server_name` attribute of virtual
hosts. By doing so it is possible to have multiple virtualHost
definitions that share the same `server_name`. This is useful in
particular when you need a HTTP as well as a HTTPS virtualhost: same
server_name, different port.
 2017-01-25 14:55:55 +01:00
tv
de44544ceb nginx service: use default_server parameter instead of default (#21371) 2016-12-23 11:52:44 +01:00
Felix Richter
d8478c7912 services.nginx: allow startup with ipv6 disabled (#21360) 
currently services.nginx does not start up if `networking.enableIPv6 = false`
the commit changes the nginx behavior to handle this case accordingly.
The commit resolves #21308
 2016-12-23 11:49:35 +01:00
Philipp Hausmann
632282300a nginx service: Add missing port toString conversion (#20252) 2016-11-08 13:34:04 +01:00
Robin Gloster
d05d063572
nginx: set correct acme permissions 2016-10-20 11:18:25 +02:00
Franz Pletz
a3ec0f1593
nixos/nginx: reload on acme cert renewal 2016-10-09 12:55:24 +02:00
Wilhelm Schuster
54c5154b90 nginx module: Add option to configure events block 2016-09-26 12:16:53 +02:00
Alexander Ried
e84b803300 security.acme: remove loop when no fallbackHost is given 2016-09-06 17:47:00 +02:00
Robin Gloster
c011aa86ab
nginx module: add index and tryFiles 2016-08-25 23:27:56 +00:00
Robin Gloster
3cf5d5ebed nginx module: fixup events in config 2016-08-09 17:11:28 +00:00
Robin Gloster
b0b0a45bb1 nginx module: fix cfg.config backwards compatibility 
fixes #17604
 2016-08-09 12:02:21 +00:00
Robin Gloster
a193fecf0e nginx module: improve statusPage generated code 
Adds ::1 as allowed host and turns of access_log for the status page.
 2016-07-28 11:59:13 +00:00
Robin Gloster
3ccfca7d6b nginx module: httpConfig backward compatibility 
Revert httpConfig its old behaviour and make it mutually exclusive to
the new structured configuration. Adds appendHttpConfig to have the
ability to write custom config in the generated http block.
 2016-07-28 11:59:13 +00:00