movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

nginx: make listen addresses configurable

Browse source
This commit is contained in:
rnhmjoj 2017-07-14 19:25:13 +02:00
parent eb28340bac
commit e40f3bea3e
No known key found for this signature in database
GPG key ID: 91BE884FBA4B591A
2 changed files with 48 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

52
nixos/modules/services/web-servers/nginx/default.nix
View file

@ -123,45 +123,49 @@ let
vhosts = concatStringsSep "\n" (mapAttrsToList (vhostName: vhost: vhosts = concatStringsSep "\n" (mapAttrsToList (vhostName: vhost:
let let
serverName = vhost.serverName;
ssl = vhost.enableSSL || vhost.forceSSL; ssl = vhost.enableSSL || vhost.forceSSL;
port = if vhost.port != null then vhost.port else (if ssl then 443 else 80); defaultPort = if ssl then 443 else 80;
listenString = toString port + optionalString ssl " ssl http2"
+ optionalString vhost.default " default_server"; listenString = { addr, port, ... }:
acmeLocation = optionalString vhost.enableACME ('' "listen ${addr}:${toString (if port != null then port else defaultPort)} "
+ optionalString ssl "ssl http2 "
+ optionalString vhost.default "default_server"
+ ";";
redirectListenString = { addr, ... }:
"listen ${addr}:80 ${optionalString vhost.default "default_server"};";
acmeLocation = ''
location /.well-known/acme-challenge { location /.well-known/acme-challenge {
${optionalString (vhost.acmeFallbackHost != null) "try_files $uri @acme-fallback;"} ${optionalString (vhost.acmeFallbackHost != null) "try_files $uri @acme-fallback;"}
root ${vhost.acmeRoot}; root ${vhost.acmeRoot};
auth_basic off; auth_basic off;
} }
'' + (optionalString (vhost.acmeFallbackHost != null) '' ${optionalString (vhost.acmeFallbackHost != null) ''
location @acme-fallback { location @acme-fallback {
auth_basic off; auth_basic off;
proxy_pass http://${vhost.acmeFallbackHost}; proxy_pass http://${vhost.acmeFallbackHost};
} }
'')); ''}
'';
in '' in ''
${optionalString vhost.forceSSL '' ${optionalString vhost.forceSSL ''
server { server {
listen 80 ${optionalString vhost.default "default_server"}; ${concatMapStringsSep "\n" redirectListenString vhost.listen}
${optionalString enableIPv6
''listen [::]:80 ${optionalString vhost.default "default_server"};''
}
server_name ${serverName} ${concatStringsSep " " vhost.serverAliases}; server_name ${vhost.serverName} ${concatStringsSep " " vhost.serverAliases};
${acmeLocation} ${optionalString vhost.enableACME acmeLocation}
location / { location / {
return 301 https://$host${optionalString (port != 443) ":${toString port}"}$request_uri; return 301 https://$host$request_uri;
} }
} }
''} ''}
server { server {
listen ${listenString}; ${concatMapStringsSep "\n" listenString vhost.listen}
${optionalString enableIPv6 "listen [::]:${listenString};"} server_name ${vhost.serverName} ${concatStringsSep " " vhost.serverAliases};
${optionalString vhost.enableACME acmeLocation}
server_name ${serverName} ${concatStringsSep " " vhost.serverAliases};
${acmeLocation}
${optionalString (vhost.root != null) "root ${vhost.root};"} ${optionalString (vhost.root != null) "root ${vhost.root};"}
${optionalString (vhost.globalRedirect != null) '' ${optionalString (vhost.globalRedirect != null) ''
return 301 http${optionalString ssl "s"}://${vhost.globalRedirect}$request_uri; return 301 http${optionalString ssl "s"}://${vhost.globalRedirect}$request_uri;
@ -380,7 +384,7 @@ in
virtualHosts = mkOption { virtualHosts = mkOption {
type = types.attrsOf (types.submodule (import ./vhost-options.nix { type = types.attrsOf (types.submodule (import ./vhost-options.nix {
inherit lib; inherit config lib;
})); }));
default = { default = {
localhost = {}; localhost = {};

26
nixos/modules/services/web-servers/nginx/vhost-options.nix
View file

@ -3,7 +3,7 @@
# has additional options that affect the web server as a whole, like # has additional options that affect the web server as a whole, like
# the user/group to run under.) # the user/group to run under.)
{ lib }: { config, lib }:
with lib; with lib;
{ {
@ -26,12 +26,26 @@ with lib;
''; '';
}; };
port = mkOption { listen = mkOption {
type = types.nullOr types.int; type = with types; listOf (submodule {
default = null; options = {
addr = mkOption { type = str; description = "IP address."; };
port = mkOption { type = nullOr int; description = "Port number."; };
};
});
default =
[ { addr = "0.0.0.0"; port = null; } ]
++ optional config.networking.enableIPv6
{ addr = "[::]"; port = null; };
example = [
{ addr = "195.154.1.1"; port = 443; }
{ addr = "192.168.1.2"; port = 443; }
];
description = '' description = ''
Port for the server. Defaults to 80 for http Listen addresses and ports for this virtual host.
and 443 for https (i.e. when enableSSL is set). IPv6 addresses must be enclosed in square brackets.
Setting the port to <literal>null</literal> defaults
to 80 for http and 443 for https (i.e. when enableSSL is set).
''; '';
}; };