movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

nixos/nginx: add option rejectSSL exposing ssl_reject_handshake

Browse source
This commit is contained in:
Naïm Favier 2021-04-11 19:43:39 +02:00
parent 4f51b501fe
commit 821ca7d4cc
No known key found for this signature in database
GPG key ID: 49B07322580B7EE2
2 changed files with 36 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

12
nixos/modules/services/web-servers/nginx/vhost-options.nix
View file

@ -118,6 +118,18 @@ with lib;
'';
};
rejectSSL = mkOption {
type = types.bool;
default = false;
description = ''
Whether to listen for and reject all HTTPS connections to this vhost. Useful in
<link linkend="opt-services.nginx.virtualHosts._name_.default">default</link>
server blocks to avoid serving the certificate for another vhost. Uses the
<literal>ssl_reject_handshake</literal> directive available in nginx versions
1.19.4 and above.
'';
};
sslCertificate = mkOption {
type = types.path;
example = "/var/host.cert";