Jappie Klooster
e576c3b385
doc: Fix insecure nginx docs ( #51840 )
2018-12-11 11:02:56 +00:00
Izorkin
af8ae49395
nginx: add custom options
2018-10-23 21:04:07 +03:00
Franz Pletz
ebd38185c8
nixos/nextcloud: init
...
Co-authored-by: Franz Pletz <fpletz@fnordicwalking.de>
Co-authored-by: Robin Gloster <mail@glob.in>
Co-authored-by: Janne Heß <janne@hess.ooo>
Co-authored-by: Florian Klink <flokli@flokli.de>
2018-10-01 02:07:43 +09:30
Uli Baum
15e6e1ff6f
nixos/nginx: fix type of sslTrustedCertificate option
...
The option was added in 1251b34b5b
with type `types.path` but default `null`, so eval failed with
the default setting. This broke the acme and certmgr tests.
cc: @vincentbernat @fpletz
2018-09-02 01:35:59 +02:00
Vincent Bernat
1251b34b5b
nixos/nginx: ensure TLS OCSP stapling works out of the box with LE
...
The recommended TLS configuration comes with `ssl_stapling on` and
`ssl_stapling_verify on`. However, this last directive also requires
the use of `ssl_trusted_certificate` to verify the received answer.
When using `enableACME` or similar, we can help the user by providing
the correct value for the directive.
The result can be tested with:
openssl s_client -connect web.example.com:443 -status 2> /dev/null
Without OCSP stapling, we get:
OCSP response: no response sent
After this change, we get:
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
Produced At: Aug 30 20:46:00 2018 GMT
2018-08-30 22:47:41 +02:00
Vincent Bernat
bd075eb914
nginx: add more gzipped MIME types
...
The additions are:
- image/svg+xml for SVG images
- application/atom+xml for Atom feeds
These types are also present in mime.types. For better readability,
the list is sorted and formatted with one type per line.
2018-08-26 21:48:55 +02:00
Vincent Bernat
06a5fb2ada
nginx: use a compression level of 5 in recommended configuration
...
While there is little gain of space to use a compression level of 9,
the CPU usage is significant. Many experiments point to use something
between 4 and 6. For example:
- https://mjanja.ch/2015/03/finding-the-nginx-gzip_comp_level-sweet-spot/
- 3bda5b93ed/nginx.conf (L93)
2018-08-26 21:43:34 +02:00
volth
2e979e8ceb
[bot] nixos/*: remove unused arguments in lambdas
2018-07-20 20:56:59 +00:00
Florian Klink
fff5923686
nixos/modules: users.(extraUsers|extraGroup->users|group)
2018-06-30 03:02:58 +02:00
Jan Tojnar
bd648f321c
nixos/nginx: emphasize that useACMEHost does not create certs
...
It was not entirely clean that `services.nginx.virtualHosts.<name>.useACMEHost` does not create certificates, see https://github.com/NixOS/nixpkgs/issues/40593
2018-05-17 20:48:02 +02:00
Nikolay Amiantov
a08645e9be
nginx module: add upstream extraConfig
2018-05-08 16:32:11 +03:00
Ben Wolsieffer
4d40adb86d
nginx: allow basic auth passwords to be specified in a file
2018-04-25 15:37:09 +02:00
gnidorah
9029ed933c
nixos/gitweb: add gitwebTheme option
2018-04-17 20:07:01 +03:00
Jörg Thalheim
41ec2c2223
Merge pull request #38362 from orbekk/acme-path
...
fix: nixos/nginx certificate location
2018-04-09 09:02:51 +01:00
gnidorah
073089914e
nixos/nginx: fix gitweb submodule
2018-04-06 22:36:03 +03:00
Kjetil Ørbekk
8614e22297
fix: nixos/nginx certificate location
...
Fix issue when using a cert location other than the default.
2018-04-02 20:34:01 -04:00
gnidorah
05b535c850
git: add more deps to gitweb
2018-03-29 16:46:11 +03:00
gnidorah
2821d3fed7
gitweb: use common options
2018-03-29 16:45:32 +03:00
gnidorah
69a0c9721e
nixos/nginx: add gitweb sub-service
2018-03-29 09:06:54 +03:00
Niklas Hambüchen
f00a1514f9
nixos/nginx: validate config syntax in preStart ( #24664 )
2018-02-17 09:45:25 +00:00
Jan Tojnar
41d252d7a4
nixos/nginx: allow using existing ACME certificate
...
When a domain has a lot of subdomains, it is quite easy to hit the rate limit:
https://letsencrypt.org/docs/rate-limits/
Instead you can define the certificate manually in `security.acme.certs` and list the subdomains in the `extraDomains` option.
2018-01-15 13:48:45 +01:00
Christoph Hrdinka
d890212ac8
nginx module: only turn on HTTP2 when SSL is enabled
...
Signed-off-by: Christoph Hrdinka <c.github@hrdinka.at>
2017-12-28 00:32:24 +01:00
Niklas Hambüchen
afa97cb981
nginx service: Make http2 an option.
...
HTTP 2 can break some things, for example due to this Chrome bug:
https://bugs.chromium.org/p/chromium/issues/detail?id=796199
So the service hardcoding it to be enabled is not helpful.
This commit adds an option so you can turn it off.
2017-12-19 19:59:15 +01:00
Jan Tojnar
3c48a1e06d
nixos/services.nginx: Fix globalRedirect example
...
Virtual host globalRedirect attribute accepts a hostname not a URL
09a9a472ee/nixos/modules/services/web-servers/nginx/default.nix (L167)
2017-10-22 15:38:08 +02:00
Robin Gloster
97a2cd0748
nginx: module fix example
...
Closes #28926
2017-09-03 14:05:32 +02:00
Robin Gloster
7cd46a0594
nginx module: add proxyResolveWhileRunning option
2017-08-30 21:01:53 +02:00
Robin Gloster
4ffa9ddb30
nginx module: allow basic configuration of upstreams
2017-08-30 21:01:53 +02:00
Franz Pletz
759daba980
nginx module: first proxy_set_header takes precendence
2017-08-30 21:01:52 +02:00
Franz Pletz
65c2203ffc
nginx module: add option for proxying websocket requests
2017-08-30 21:01:52 +02:00
Franz Pletz
530282eebe
nginx module: fix applying recommended proxy headers
...
Previously, if proxy_set_header would be used in an extraConfig of
a location, the headers defined in the http block by
recommendedProxySettings would be cleared. As this is not the intended
behaviour, these settings are now included from a separate file if
needed.
2017-08-30 21:01:52 +02:00
Robin Gloster
0371f2b5cc
nginx module: clean up SSL/listen handling
2017-08-30 21:01:52 +02:00
Wout Mertens
339330b322
Merge pull request #27426 from rnhmjoj/nginx
...
nginx: make enabling SSL port-specific
2017-08-07 16:46:28 +02:00
Robin Gloster
94a2cba8d9
nginx module: add resolver config
2017-08-04 02:15:46 +02:00
Robin Gloster
75bbcd4215
nginx module: include uwsgi_params
2017-08-04 02:15:01 +02:00
rnhmjoj
a912a6a291
nginx: make enabling SSL port-specific
2017-07-27 03:45:53 +02:00
Wout Mertens
c4783a982b
nginx: add gzip_vary to recommended settings
...
Google PageSpeed recommends turning this on to allow proxies to cache
2017-07-17 20:15:59 +02:00
rnhmjoj
e40f3bea3e
nginx: make listen addresses configurable
2017-07-14 21:26:54 +02:00
Domen Kožar
02129a8788
Merge pull request #23672 from edanaher/nginx-alias
...
Nginx alias directive
2017-03-21 15:04:02 +01:00
Franz Pletz
c13922f012
nginx: explicitly use stable version
...
Also updates the documention of the NixOS option `services.nginx.package`
that upstream recommends using the mainline version instead.
Fixes #21665 .
2017-03-20 20:04:09 +01:00
Evan Danaher
a09246948c
nginx: disallow alias directive on server level; it doesn't work.
2017-03-09 16:54:44 -05:00
Evan Danaher
e7358b192a
nginx: Assert that either root or alias is null.
...
If both are set, nginx won't start. More error checking is certainly in
order, but this seems like a reasonable start.
2017-03-09 13:02:49 -05:00
Evan Danaher
ff2e2e82cc
nginx: Add alias configuration option for hosts and locations.
...
It's like root, but doesn't keep the prefix.
2017-03-09 13:02:29 -05:00
Susan Potter
251b9ca0e7
nginx service: add commonHttpConfig option
2017-02-28 09:36:56 -06:00
Franz Pletz
26a2822cf0
nginx service: restart instead of stop to reduce downtime
...
cc #23127
2017-02-25 20:12:37 +01:00
Franz Pletz
3a4dd97c55
nginx module: fix acme if vhost name != serverName
...
cc #21931 @bobvanderlinden
2017-02-25 08:04:38 +01:00
Robin Gloster
6e12406e30
Revert "nginx: Format the config file"
...
This reverts commit e362a3d5c9
.
See #22883
2017-02-16 22:45:00 +01:00
Franz Pletz
65a1762a9b
nginx module: make acme group overrideable easily
2017-02-08 23:50:59 +01:00
Svein Ove Aas
e362a3d5c9
nginx: Format the config file
2017-02-07 16:19:11 +01:00
Bob van der Linden
d9987f360a
nginx: added serverName option for virtualHosts
...
This allows overriding the `server_name` attribute of virtual
hosts. By doing so it is possible to have multiple virtualHost
definitions that share the same `server_name`. This is useful in
particular when you need a HTTP as well as a HTTPS virtualhost: same
server_name, different port.
2017-01-25 14:55:55 +01:00
tv
de44544ceb
nginx service: use default_server
parameter instead of default
( #21371 )
2016-12-23 11:52:44 +01:00