2014-04-14 15:26:48 +01:00
|
|
|
{ config, lib, pkgs, ... }:
|
2007-12-12 13:58:15 +00:00
|
|
|
|
2014-04-14 15:26:48 +01:00
|
|
|
with lib;
|
2009-03-06 12:26:41 +00:00
|
|
|
|
2009-07-15 12:19:11 +01:00
|
|
|
let
|
2007-12-12 13:58:15 +00:00
|
|
|
|
2008-04-24 12:56:38 +01:00
|
|
|
mainCfg = config.services.httpd;
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2012-07-24 00:01:48 +01:00
|
|
|
httpd = mainCfg.package;
|
2012-07-23 20:48:21 +01:00
|
|
|
|
2012-10-17 16:47:30 +01:00
|
|
|
version24 = !versionOlder httpd.version "2.4";
|
|
|
|
|
2012-07-23 20:48:21 +01:00
|
|
|
httpdConf = mainCfg.configFile;
|
2007-12-12 13:58:15 +00:00
|
|
|
|
2012-07-06 22:28:46 +01:00
|
|
|
php = pkgs.php.override { apacheHttpd = httpd; };
|
2007-12-12 13:58:15 +00:00
|
|
|
|
2009-11-06 16:23:25 +00:00
|
|
|
getPort = cfg: if cfg.port != 0 then cfg.port else if cfg.enableSSL then 443 else 80;
|
2008-09-14 02:30:45 +01:00
|
|
|
|
2009-07-15 12:19:11 +01:00
|
|
|
extraModules = attrByPath ["extraModules"] [] mainCfg;
|
2013-11-12 12:48:19 +00:00
|
|
|
extraForeignModules = filter isAttrs extraModules;
|
|
|
|
extraApacheModules = filter isString extraModules;
|
2007-12-12 13:58:15 +00:00
|
|
|
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2008-02-14 13:20:26 +00:00
|
|
|
makeServerInfo = cfg: {
|
2008-02-11 11:51:51 +00:00
|
|
|
# Canonical name must not include a trailing slash.
|
|
|
|
canonicalName =
|
2008-04-24 12:56:38 +01:00
|
|
|
(if cfg.enableSSL then "https" else "http") + "://" +
|
|
|
|
cfg.hostName +
|
2008-04-24 19:32:05 +01:00
|
|
|
(if getPort cfg != (if cfg.enableSSL then 443 else 80) then ":${toString (getPort cfg)}" else "");
|
2008-02-19 14:54:19 +00:00
|
|
|
|
|
|
|
# Admin address: inherit from the main server if not specified for
|
|
|
|
# a virtual host.
|
2013-10-29 13:03:39 +00:00
|
|
|
adminAddr = if cfg.adminAddr != null then cfg.adminAddr else mainCfg.adminAddr;
|
2008-02-19 14:54:19 +00:00
|
|
|
|
2008-02-19 17:37:05 +00:00
|
|
|
vhostConfig = cfg;
|
|
|
|
serverConfig = mainCfg;
|
2008-02-14 09:54:25 +00:00
|
|
|
fullConfig = config; # machine config
|
2008-02-11 11:51:51 +00:00
|
|
|
};
|
|
|
|
|
2009-11-06 16:23:25 +00:00
|
|
|
|
2013-10-28 20:58:32 +00:00
|
|
|
allHosts = [mainCfg] ++ mainCfg.virtualHosts;
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2009-11-06 16:23:25 +00:00
|
|
|
|
2008-02-14 13:20:26 +00:00
|
|
|
callSubservices = serverInfo: defs:
|
2008-02-14 09:54:25 +00:00
|
|
|
let f = svc:
|
2011-09-14 19:20:50 +01:00
|
|
|
let
|
2009-11-06 16:23:25 +00:00
|
|
|
svcFunction =
|
|
|
|
if svc ? function then svc.function
|
2013-10-29 00:20:33 +00:00
|
|
|
else import (toString "${toString ./.}/${if svc ? serviceType then svc.serviceType else svc.serviceName}.nix");
|
2013-10-28 21:09:16 +00:00
|
|
|
config = (evalModules
|
|
|
|
{ modules = [ { options = res.options; config = svc.config or svc; } ];
|
|
|
|
check = false;
|
|
|
|
}).config;
|
2009-11-06 16:23:25 +00:00
|
|
|
defaults = {
|
|
|
|
extraConfig = "";
|
|
|
|
extraModules = [];
|
|
|
|
extraModulesPre = [];
|
|
|
|
extraPath = [];
|
|
|
|
extraServerPath = [];
|
|
|
|
globalEnvVars = [];
|
|
|
|
robotsEntries = "";
|
|
|
|
startupScript = "";
|
2010-07-14 13:58:38 +01:00
|
|
|
enablePHP = false;
|
2010-02-15 19:02:42 +00:00
|
|
|
phpOptions = "";
|
2009-11-06 16:23:25 +00:00
|
|
|
options = {};
|
2014-02-25 12:44:45 +00:00
|
|
|
documentRoot = null;
|
2009-11-06 16:23:25 +00:00
|
|
|
};
|
2014-04-14 15:26:48 +01:00
|
|
|
res = defaults // svcFunction { inherit config lib pkgs serverInfo php; };
|
2009-11-06 16:23:25 +00:00
|
|
|
in res;
|
2008-02-14 13:20:26 +00:00
|
|
|
in map f defs;
|
|
|
|
|
|
|
|
|
2011-09-14 19:20:50 +01:00
|
|
|
# !!! callSubservices is expensive
|
2008-02-19 17:37:05 +00:00
|
|
|
subservicesFor = cfg: callSubservices (makeServerInfo cfg) cfg.extraSubservices;
|
2008-02-14 14:14:39 +00:00
|
|
|
|
2008-02-19 17:37:05 +00:00
|
|
|
mainSubservices = subservicesFor mainCfg;
|
|
|
|
|
2013-10-28 20:58:32 +00:00
|
|
|
allSubservices = mainSubservices ++ concatMap subservicesFor mainCfg.virtualHosts;
|
2008-02-05 16:25:07 +00:00
|
|
|
|
|
|
|
|
2008-02-14 07:42:52 +00:00
|
|
|
# !!! should be in lib
|
2008-02-05 16:25:07 +00:00
|
|
|
writeTextInDir = name: text:
|
2014-06-30 13:56:10 +01:00
|
|
|
pkgs.runCommand name {inherit text;} "mkdir -p $out; echo -n \"$text\" > $out/$name";
|
2008-04-24 12:56:38 +01:00
|
|
|
|
|
|
|
|
2009-07-15 12:19:11 +01:00
|
|
|
enableSSL = any (vhost: vhost.enableSSL) allHosts;
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2008-02-05 16:25:07 +00:00
|
|
|
|
2007-12-12 13:58:15 +00:00
|
|
|
# Names of modules from ${httpd}/modules that we want to load.
|
2011-09-14 19:20:50 +01:00
|
|
|
apacheModules =
|
2007-12-12 13:58:15 +00:00
|
|
|
[ # HTTP authentication mechanisms: basic and digest.
|
|
|
|
"auth_basic" "auth_digest"
|
|
|
|
|
|
|
|
# Authentication: is the user who he claims to be?
|
2012-10-17 14:11:53 +01:00
|
|
|
"authn_file" "authn_dbm" "authn_anon"
|
2012-10-17 16:47:30 +01:00
|
|
|
(if version24 then "authn_core" else "authn_alias")
|
2007-12-12 13:58:15 +00:00
|
|
|
|
|
|
|
# Authorization: is the user allowed access?
|
|
|
|
"authz_user" "authz_groupfile" "authz_host"
|
|
|
|
|
2014-11-12 12:18:02 +00:00
|
|
|
# For compatibility with old configurations, the new module mod_access_compat is provided.
|
|
|
|
(if version24 then "access_compat" else "")
|
|
|
|
|
2007-12-12 13:58:15 +00:00
|
|
|
# Other modules.
|
|
|
|
"ext_filter" "include" "log_config" "env" "mime_magic"
|
2008-01-03 17:11:36 +00:00
|
|
|
"cern_meta" "expires" "headers" "usertrack" /* "unique_id" */ "setenvif"
|
2012-07-06 19:23:55 +01:00
|
|
|
"mime" "dav" "status" "autoindex" "asis" "info" "dav_fs"
|
2007-12-12 13:58:15 +00:00
|
|
|
"vhost_alias" "negotiation" "dir" "imagemap" "actions" "speling"
|
2008-02-18 15:00:26 +00:00
|
|
|
"userdir" "alias" "rewrite" "proxy" "proxy_http"
|
2011-09-14 19:20:50 +01:00
|
|
|
]
|
2012-10-17 16:47:30 +01:00
|
|
|
++ optionals version24 [
|
2012-10-17 14:21:32 +01:00
|
|
|
"mpm_${mainCfg.multiProcessingModule}"
|
2012-10-17 15:57:18 +01:00
|
|
|
"authz_core"
|
2012-10-17 14:21:32 +01:00
|
|
|
"unixd"
|
2014-11-06 13:27:02 +00:00
|
|
|
"cache" "cache_disk"
|
|
|
|
"slotmem_shm"
|
2014-11-06 20:58:26 +00:00
|
|
|
"socache_shmcb"
|
2012-10-17 14:21:32 +01:00
|
|
|
]
|
2012-07-06 19:23:55 +01:00
|
|
|
++ (if mainCfg.multiProcessingModule == "prefork" then [ "cgi" ] else [ "cgid" ])
|
2010-07-14 13:58:38 +01:00
|
|
|
++ optional enableSSL "ssl"
|
|
|
|
++ extraApacheModules;
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2007-12-12 13:58:15 +00:00
|
|
|
|
2012-10-17 16:47:30 +01:00
|
|
|
allDenied = if version24 then ''
|
|
|
|
Require all denied
|
|
|
|
'' else ''
|
2012-10-17 15:57:18 +01:00
|
|
|
Order deny,allow
|
|
|
|
Deny from all
|
|
|
|
'';
|
|
|
|
|
2012-10-17 16:47:30 +01:00
|
|
|
allGranted = if version24 then ''
|
|
|
|
Require all granted
|
|
|
|
'' else ''
|
2012-10-17 15:57:18 +01:00
|
|
|
Order allow,deny
|
|
|
|
Allow from all
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
2014-07-10 13:32:08 +01:00
|
|
|
loggingConf = (if mainCfg.logFormat != "none" then ''
|
2008-04-24 12:56:38 +01:00
|
|
|
ErrorLog ${mainCfg.logDir}/error_log
|
2007-12-12 13:58:15 +00:00
|
|
|
|
|
|
|
LogLevel notice
|
|
|
|
|
|
|
|
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
|
|
|
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
|
|
|
LogFormat "%{Referer}i -> %U" referer
|
|
|
|
LogFormat "%{User-agent}i" agent
|
|
|
|
|
2009-10-22 15:36:54 +01:00
|
|
|
CustomLog ${mainCfg.logDir}/access_log ${mainCfg.logFormat}
|
2014-07-10 13:32:08 +01:00
|
|
|
'' else ''
|
|
|
|
ErrorLog /dev/null
|
|
|
|
'');
|
2007-12-12 13:58:15 +00:00
|
|
|
|
|
|
|
|
|
|
|
browserHacks = ''
|
|
|
|
BrowserMatch "Mozilla/2" nokeepalive
|
|
|
|
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
|
|
|
|
BrowserMatch "RealPlayer 4\.0" force-response-1.0
|
|
|
|
BrowserMatch "Java/1\.0" force-response-1.0
|
|
|
|
BrowserMatch "JDK/1\.0" force-response-1.0
|
|
|
|
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
|
|
|
|
BrowserMatch "^WebDrive" redirect-carefully
|
|
|
|
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
|
|
|
|
BrowserMatch "^gnome-vfs" redirect-carefully
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
|
|
sslConf = ''
|
2014-11-06 20:58:26 +00:00
|
|
|
SSLSessionCache ${if version24 then "shmcb" else "shm"}:${mainCfg.stateDir}/ssl_scache(512000)
|
2007-12-12 13:58:15 +00:00
|
|
|
|
2014-11-06 20:58:26 +00:00
|
|
|
${if version24 then "Mutex" else "SSLMutex"} posixsem
|
2007-12-12 13:58:15 +00:00
|
|
|
|
|
|
|
SSLRandomSeed startup builtin
|
|
|
|
SSLRandomSeed connect builtin
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
|
|
mimeConf = ''
|
|
|
|
TypesConfig ${httpd}/conf/mime.types
|
|
|
|
|
|
|
|
AddType application/x-x509-ca-cert .crt
|
|
|
|
AddType application/x-pkcs7-crl .crl
|
2008-02-05 16:25:07 +00:00
|
|
|
AddType application/x-httpd-php .php .phtml
|
2007-12-12 13:58:15 +00:00
|
|
|
|
|
|
|
<IfModule mod_mime_magic.c>
|
|
|
|
MIMEMagicFile ${httpd}/conf/magic
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
AddEncoding x-compress Z
|
|
|
|
AddEncoding x-gzip gz tgz
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
2008-02-14 13:20:26 +00:00
|
|
|
perServerConf = isMainServer: cfg: let
|
2007-12-12 13:58:15 +00:00
|
|
|
|
2008-02-14 13:20:26 +00:00
|
|
|
serverInfo = makeServerInfo cfg;
|
2007-12-12 13:58:15 +00:00
|
|
|
|
2008-02-14 13:20:26 +00:00
|
|
|
subservices = callSubservices serverInfo cfg.extraSubservices;
|
2008-02-05 16:25:07 +00:00
|
|
|
|
2014-02-25 12:44:45 +00:00
|
|
|
maybeDocumentRoot = fold (svc: acc:
|
|
|
|
if acc == null then svc.documentRoot else assert svc.documentRoot == null; acc
|
|
|
|
) null ([ cfg ] ++ subservices);
|
|
|
|
|
|
|
|
documentRoot = if maybeDocumentRoot != null then maybeDocumentRoot else
|
2014-06-30 13:56:10 +01:00
|
|
|
pkgs.runCommand "empty" {} "mkdir -p $out";
|
2008-02-14 13:20:26 +00:00
|
|
|
|
|
|
|
documentRootConf = ''
|
|
|
|
DocumentRoot "${documentRoot}"
|
|
|
|
|
|
|
|
<Directory "${documentRoot}">
|
|
|
|
Options Indexes FollowSymLinks
|
|
|
|
AllowOverride None
|
2012-10-17 15:57:18 +01:00
|
|
|
${allGranted}
|
2008-02-14 13:20:26 +00:00
|
|
|
</Directory>
|
|
|
|
'';
|
|
|
|
|
2014-09-18 17:48:28 +01:00
|
|
|
robotsTxt =
|
2014-09-18 18:04:59 +01:00
|
|
|
concatStringsSep "\n" (filter (x: x != "") (
|
2014-09-18 17:48:28 +01:00
|
|
|
# If this is a vhost, the include the entries for the main server as well.
|
2014-09-18 18:04:59 +01:00
|
|
|
(if isMainServer then [] else [mainCfg.robotsEntries] ++ map (svc: svc.robotsEntries) mainSubservices)
|
|
|
|
++ [cfg.robotsEntries]
|
|
|
|
++ (map (svc: svc.robotsEntries) subservices)));
|
2008-02-14 13:20:26 +00:00
|
|
|
|
|
|
|
in ''
|
|
|
|
ServerName ${serverInfo.canonicalName}
|
|
|
|
|
2008-02-19 14:41:20 +00:00
|
|
|
${concatMapStrings (alias: "ServerAlias ${alias}\n") cfg.serverAliases}
|
|
|
|
|
2013-10-29 13:03:39 +00:00
|
|
|
${if cfg.sslServerCert != null then ''
|
2008-04-24 12:56:38 +01:00
|
|
|
SSLCertificateFile ${cfg.sslServerCert}
|
|
|
|
SSLCertificateKeyFile ${cfg.sslServerKey}
|
|
|
|
'' else ""}
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2008-04-24 12:56:38 +01:00
|
|
|
${if cfg.enableSSL then ''
|
|
|
|
SSLEngine on
|
|
|
|
'' else if enableSSL then /* i.e., SSL is enabled for some host, but not this one */
|
|
|
|
''
|
|
|
|
SSLEngine off
|
|
|
|
'' else ""}
|
|
|
|
|
2013-10-29 13:03:39 +00:00
|
|
|
${if isMainServer || cfg.adminAddr != null then ''
|
2008-02-14 13:20:26 +00:00
|
|
|
ServerAdmin ${cfg.adminAddr}
|
|
|
|
'' else ""}
|
|
|
|
|
2008-02-20 13:29:08 +00:00
|
|
|
${if !isMainServer && mainCfg.logPerVirtualHost then ''
|
|
|
|
ErrorLog ${mainCfg.logDir}/error_log-${cfg.hostName}
|
2012-05-12 00:14:05 +01:00
|
|
|
CustomLog ${mainCfg.logDir}/access_log-${cfg.hostName} ${cfg.logFormat}
|
2008-02-20 13:29:08 +00:00
|
|
|
'' else ""}
|
|
|
|
|
2014-09-18 17:48:28 +01:00
|
|
|
${optionalString (robotsTxt != "") ''
|
|
|
|
Alias /robots.txt ${pkgs.writeText "robots.txt" robotsTxt}
|
|
|
|
''}
|
2008-02-14 13:20:26 +00:00
|
|
|
|
2014-02-25 12:44:45 +00:00
|
|
|
${if isMainServer || maybeDocumentRoot != null then documentRootConf else ""}
|
2008-02-14 13:20:26 +00:00
|
|
|
|
2008-04-24 12:56:38 +01:00
|
|
|
${if cfg.enableUserDir then ''
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2008-04-24 12:56:38 +01:00
|
|
|
UserDir public_html
|
|
|
|
UserDir disabled root
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2008-04-24 12:56:38 +01:00
|
|
|
<Directory "/home/*/public_html">
|
|
|
|
AllowOverride FileInfo AuthConfig Limit Indexes
|
|
|
|
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
|
|
|
|
<Limit GET POST OPTIONS>
|
2012-10-17 15:57:18 +01:00
|
|
|
${allGranted}
|
2008-04-24 12:56:38 +01:00
|
|
|
</Limit>
|
|
|
|
<LimitExcept GET POST OPTIONS>
|
2012-10-17 15:57:18 +01:00
|
|
|
${allDenied}
|
2008-04-24 12:56:38 +01:00
|
|
|
</LimitExcept>
|
|
|
|
</Directory>
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2008-04-24 12:56:38 +01:00
|
|
|
'' else ""}
|
|
|
|
|
2013-11-11 07:18:46 +00:00
|
|
|
${if cfg.globalRedirect != null && cfg.globalRedirect != "" then ''
|
2008-04-24 12:56:38 +01:00
|
|
|
RedirectPermanent / ${cfg.globalRedirect}
|
|
|
|
'' else ""}
|
|
|
|
|
|
|
|
${
|
|
|
|
let makeFileConf = elem: ''
|
|
|
|
Alias ${elem.urlPath} ${elem.file}
|
|
|
|
'';
|
|
|
|
in concatMapStrings makeFileConf cfg.servedFiles
|
|
|
|
}
|
|
|
|
|
2008-02-14 13:20:26 +00:00
|
|
|
${
|
|
|
|
let makeDirConf = elem: ''
|
|
|
|
Alias ${elem.urlPath} ${elem.dir}/
|
|
|
|
<Directory ${elem.dir}>
|
2008-04-24 12:56:38 +01:00
|
|
|
Options +Indexes
|
2012-10-17 15:57:18 +01:00
|
|
|
${allGranted}
|
2008-04-24 12:56:38 +01:00
|
|
|
AllowOverride All
|
2008-02-14 13:20:26 +00:00
|
|
|
</Directory>
|
|
|
|
'';
|
|
|
|
in concatMapStrings makeDirConf cfg.servedDirs
|
|
|
|
}
|
|
|
|
|
|
|
|
${concatMapStrings (svc: svc.extraConfig) subservices}
|
2008-02-18 15:00:26 +00:00
|
|
|
|
|
|
|
${cfg.extraConfig}
|
2008-02-05 16:25:07 +00:00
|
|
|
'';
|
|
|
|
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2012-07-23 20:48:21 +01:00
|
|
|
confFile = pkgs.writeText "httpd.conf" ''
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2007-12-12 13:58:15 +00:00
|
|
|
ServerRoot ${httpd}
|
|
|
|
|
2012-10-17 16:47:30 +01:00
|
|
|
${optionalString version24 ''
|
2012-10-17 16:38:43 +01:00
|
|
|
DefaultRuntimeDir ${mainCfg.stateDir}/runtime
|
|
|
|
''}
|
|
|
|
|
2008-04-24 12:56:38 +01:00
|
|
|
PidFile ${mainCfg.stateDir}/httpd.pid
|
2007-12-12 13:58:15 +00:00
|
|
|
|
2012-07-06 19:23:55 +01:00
|
|
|
${optionalString (mainCfg.multiProcessingModule != "prefork") ''
|
|
|
|
# mod_cgid requires this.
|
|
|
|
ScriptSock ${mainCfg.stateDir}/cgisock
|
|
|
|
''}
|
|
|
|
|
2007-12-12 13:58:15 +00:00
|
|
|
<IfModule prefork.c>
|
2010-04-21 21:55:57 +01:00
|
|
|
MaxClients ${toString mainCfg.maxClients}
|
|
|
|
MaxRequestsPerChild ${toString mainCfg.maxRequestsPerChild}
|
2007-12-12 13:58:15 +00:00
|
|
|
</IfModule>
|
|
|
|
|
2008-04-19 11:21:42 +01:00
|
|
|
${let
|
2008-04-24 12:56:38 +01:00
|
|
|
ports = map getPort allHosts;
|
2009-07-15 12:19:11 +01:00
|
|
|
uniquePorts = uniqList {inputList = ports;};
|
2008-04-24 12:56:38 +01:00
|
|
|
in concatMapStrings (port: "Listen ${toString port}\n") uniquePorts
|
2008-04-19 11:21:42 +01:00
|
|
|
}
|
2007-12-12 13:58:15 +00:00
|
|
|
|
2008-04-24 12:56:38 +01:00
|
|
|
User ${mainCfg.user}
|
|
|
|
Group ${mainCfg.group}
|
2007-12-12 13:58:15 +00:00
|
|
|
|
2008-02-05 16:25:07 +00:00
|
|
|
${let
|
|
|
|
load = {name, path}: "LoadModule ${name}_module ${path}\n";
|
|
|
|
allModules =
|
2010-07-14 13:58:38 +01:00
|
|
|
concatMap (svc: svc.extraModulesPre) allSubservices
|
|
|
|
++ map (name: {inherit name; path = "${httpd}/modules/mod_${name}.so";}) apacheModules
|
2012-07-06 22:28:46 +01:00
|
|
|
++ optional enablePHP { name = "php5"; path = "${php}/modules/libphp5.so"; }
|
2011-09-14 19:20:50 +01:00
|
|
|
++ concatMap (svc: svc.extraModules) allSubservices
|
2010-07-14 13:58:38 +01:00
|
|
|
++ extraForeignModules;
|
2008-02-14 13:20:26 +00:00
|
|
|
in concatMapStrings load allModules
|
2007-12-12 13:58:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
AddHandler type-map var
|
|
|
|
|
|
|
|
<Files ~ "^\.ht">
|
2012-10-17 15:57:18 +01:00
|
|
|
${allDenied}
|
2007-12-12 13:58:15 +00:00
|
|
|
</Files>
|
|
|
|
|
|
|
|
${mimeConf}
|
|
|
|
${loggingConf}
|
|
|
|
${browserHacks}
|
|
|
|
|
2007-12-12 15:30:17 +00:00
|
|
|
Include ${httpd}/conf/extra/httpd-default.conf
|
2007-12-12 13:58:15 +00:00
|
|
|
Include ${httpd}/conf/extra/httpd-autoindex.conf
|
|
|
|
Include ${httpd}/conf/extra/httpd-multilang-errordoc.conf
|
|
|
|
Include ${httpd}/conf/extra/httpd-languages.conf
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2008-04-24 12:56:38 +01:00
|
|
|
${if enableSSL then sslConf else ""}
|
2007-12-12 13:58:15 +00:00
|
|
|
|
2008-02-05 16:25:07 +00:00
|
|
|
# Fascist default - deny access to everything.
|
2007-12-12 13:58:15 +00:00
|
|
|
<Directory />
|
|
|
|
Options FollowSymLinks
|
|
|
|
AllowOverride None
|
2012-10-17 15:57:18 +01:00
|
|
|
${allDenied}
|
2008-02-14 07:42:52 +00:00
|
|
|
</Directory>
|
|
|
|
|
|
|
|
# But do allow access to files in the store so that we don't have
|
|
|
|
# to generate <Directory> clauses for every generated file that we
|
|
|
|
# want to serve.
|
2011-10-30 15:19:58 +00:00
|
|
|
<Directory /nix/store>
|
2012-10-17 15:57:18 +01:00
|
|
|
${allGranted}
|
2007-12-12 13:58:15 +00:00
|
|
|
</Directory>
|
|
|
|
|
2008-02-14 13:20:26 +00:00
|
|
|
# Generate directives for the main server.
|
2008-04-24 12:56:38 +01:00
|
|
|
${perServerConf true mainCfg}
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2008-02-14 13:20:26 +00:00
|
|
|
# Always enable virtual hosts; it doesn't seem to hurt.
|
2008-04-24 19:32:05 +01:00
|
|
|
${let
|
|
|
|
ports = map getPort allHosts;
|
2009-07-15 12:19:11 +01:00
|
|
|
uniquePorts = uniqList {inputList = ports;};
|
2012-10-17 16:03:50 +01:00
|
|
|
directives = concatMapStrings (port: "NameVirtualHost *:${toString port}\n") uniquePorts;
|
2012-10-17 16:47:30 +01:00
|
|
|
in optionalString (!version24) directives
|
2008-04-24 19:32:05 +01:00
|
|
|
}
|
2007-12-12 15:30:17 +00:00
|
|
|
|
2008-02-14 13:20:26 +00:00
|
|
|
${let
|
2008-04-24 12:56:38 +01:00
|
|
|
makeVirtualHost = vhost: ''
|
|
|
|
<VirtualHost *:${toString (getPort vhost)}>
|
|
|
|
${perServerConf false vhost}
|
2008-04-19 11:21:42 +01:00
|
|
|
</VirtualHost>
|
2008-04-24 12:56:38 +01:00
|
|
|
'';
|
2013-10-28 20:58:32 +00:00
|
|
|
in concatMapStrings makeVirtualHost mainCfg.virtualHosts
|
2008-04-24 12:56:38 +01:00
|
|
|
}
|
2007-12-12 13:58:15 +00:00
|
|
|
'';
|
|
|
|
|
2010-02-15 19:02:42 +00:00
|
|
|
|
2014-05-20 10:50:39 +01:00
|
|
|
enablePHP = mainCfg.enablePHP || any (svc: svc.enablePHP) allSubservices;
|
2010-07-14 13:58:38 +01:00
|
|
|
|
|
|
|
|
2010-02-15 19:02:42 +00:00
|
|
|
# Generate the PHP configuration file. Should probably be factored
|
|
|
|
# out into a separate module.
|
|
|
|
phpIni = pkgs.runCommand "php.ini"
|
|
|
|
{ options = concatStringsSep "\n"
|
|
|
|
([ mainCfg.phpOptions ] ++ (map (svc: svc.phpOptions) allSubservices));
|
|
|
|
}
|
|
|
|
''
|
2012-07-06 22:28:46 +01:00
|
|
|
cat ${php}/etc/php-recommended.ini > $out
|
2010-02-15 19:02:42 +00:00
|
|
|
echo "$options" >> $out
|
|
|
|
'';
|
|
|
|
|
2007-12-12 13:58:15 +00:00
|
|
|
in
|
|
|
|
|
|
|
|
|
2009-07-15 12:19:11 +01:00
|
|
|
{
|
|
|
|
|
|
|
|
###### interface
|
|
|
|
|
|
|
|
options = {
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2009-07-15 12:19:11 +01:00
|
|
|
services.httpd = {
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2009-07-15 12:19:11 +01:00
|
|
|
enable = mkOption {
|
2013-10-29 13:03:39 +00:00
|
|
|
type = types.bool;
|
2009-07-15 12:19:11 +01:00
|
|
|
default = false;
|
2013-10-29 13:03:39 +00:00
|
|
|
description = "Whether to enable the Apache HTTP Server.";
|
2009-07-15 12:19:11 +01:00
|
|
|
};
|
|
|
|
|
2012-07-24 00:01:48 +01:00
|
|
|
package = mkOption {
|
2014-02-27 12:22:04 +00:00
|
|
|
type = types.package;
|
2014-11-06 13:27:02 +00:00
|
|
|
default = pkgs.apacheHttpd;
|
2013-10-29 13:03:39 +00:00
|
|
|
description = ''
|
2012-07-23 20:48:21 +01:00
|
|
|
Overridable attribute of the Apache HTTP Server package to use.
|
2013-10-29 13:03:39 +00:00
|
|
|
'';
|
2012-07-23 20:48:21 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
configFile = mkOption {
|
2013-10-29 13:03:39 +00:00
|
|
|
type = types.path;
|
2012-07-23 20:48:21 +01:00
|
|
|
default = confFile;
|
2013-10-28 20:58:32 +00:00
|
|
|
example = literalExample ''pkgs.writeText "httpd.conf" "# my custom config file ...";'';
|
2013-10-29 13:03:39 +00:00
|
|
|
description = ''
|
|
|
|
Override the configuration file used by Apache. By default,
|
|
|
|
NixOS generates one automatically.
|
|
|
|
'';
|
2012-07-23 20:48:21 +01:00
|
|
|
};
|
|
|
|
|
2009-11-06 16:23:25 +00:00
|
|
|
extraConfig = mkOption {
|
2013-10-29 13:03:39 +00:00
|
|
|
type = types.lines;
|
2009-11-06 16:23:25 +00:00
|
|
|
default = "";
|
2013-10-29 13:03:39 +00:00
|
|
|
description = ''
|
|
|
|
Cnfiguration lines appended to the generated Apache
|
|
|
|
configuration file. Note that this mechanism may not work
|
|
|
|
when <option>configFile</option> is overridden.
|
|
|
|
'';
|
2009-11-06 16:23:25 +00:00
|
|
|
};
|
|
|
|
|
2009-07-15 12:19:11 +01:00
|
|
|
extraModules = mkOption {
|
2013-10-29 13:03:39 +00:00
|
|
|
type = types.listOf types.unspecified;
|
2009-07-15 12:19:11 +01:00
|
|
|
default = [];
|
2014-04-19 21:59:25 +01:00
|
|
|
example = literalExample ''[ "proxy_connect" { name = "php5"; path = "''${pkgs.php}/modules/libphp5.so"; } ]'';
|
2009-07-15 12:19:11 +01:00
|
|
|
description = ''
|
2013-10-29 13:03:39 +00:00
|
|
|
Additional Apache modules to be used. These can be
|
|
|
|
specified as a string in the case of modules distributed
|
|
|
|
with Apache, or as an attribute set specifying the
|
2009-07-15 12:19:11 +01:00
|
|
|
<varname>name</varname> and <varname>path</varname> of the
|
|
|
|
module.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
logPerVirtualHost = mkOption {
|
2013-10-29 13:03:39 +00:00
|
|
|
type = types.bool;
|
2009-07-15 12:19:11 +01:00
|
|
|
default = false;
|
2013-10-29 13:03:39 +00:00
|
|
|
description = ''
|
2009-07-15 12:19:11 +01:00
|
|
|
If enabled, each virtual host gets its own
|
|
|
|
<filename>access_log</filename> and
|
|
|
|
<filename>error_log</filename>, namely suffixed by the
|
|
|
|
<option>hostName</option> of the virtual host.
|
2013-10-29 13:03:39 +00:00
|
|
|
'';
|
2009-07-15 12:19:11 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
user = mkOption {
|
2013-10-29 13:03:39 +00:00
|
|
|
type = types.str;
|
2009-07-15 12:19:11 +01:00
|
|
|
default = "wwwrun";
|
2013-10-29 13:03:39 +00:00
|
|
|
description = ''
|
2009-07-15 12:19:11 +01:00
|
|
|
User account under which httpd runs. The account is created
|
|
|
|
automatically if it doesn't exist.
|
2013-10-29 13:03:39 +00:00
|
|
|
'';
|
2009-07-15 12:19:11 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
group = mkOption {
|
2013-10-29 13:03:39 +00:00
|
|
|
type = types.str;
|
2009-07-15 12:19:11 +01:00
|
|
|
default = "wwwrun";
|
2013-10-29 13:03:39 +00:00
|
|
|
description = ''
|
2009-07-15 12:19:11 +01:00
|
|
|
Group under which httpd runs. The account is created
|
|
|
|
automatically if it doesn't exist.
|
2013-10-29 13:03:39 +00:00
|
|
|
'';
|
2009-07-15 12:19:11 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
logDir = mkOption {
|
2013-10-29 13:03:39 +00:00
|
|
|
type = types.path;
|
2009-07-15 12:19:11 +01:00
|
|
|
default = "/var/log/httpd";
|
2013-10-29 13:03:39 +00:00
|
|
|
description = ''
|
2009-07-15 12:19:11 +01:00
|
|
|
Directory for Apache's log files. It is created automatically.
|
2013-10-29 13:03:39 +00:00
|
|
|
'';
|
2009-07-15 12:19:11 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
stateDir = mkOption {
|
2013-10-29 13:03:39 +00:00
|
|
|
type = types.path;
|
|
|
|
default = "/run/httpd";
|
|
|
|
description = ''
|
2009-07-15 12:19:11 +01:00
|
|
|
Directory for Apache's transient runtime state (such as PID
|
|
|
|
files). It is created automatically. Note that the default,
|
2013-10-29 13:03:39 +00:00
|
|
|
<filename>/run/httpd</filename>, is deleted at boot time.
|
|
|
|
'';
|
2009-07-15 12:19:11 +01:00
|
|
|
};
|
|
|
|
|
2009-11-06 16:23:25 +00:00
|
|
|
virtualHosts = mkOption {
|
2013-10-28 20:58:32 +00:00
|
|
|
type = types.listOf (types.submodule (
|
|
|
|
{ options = import ./per-server-options.nix {
|
2014-04-14 15:26:48 +01:00
|
|
|
inherit lib;
|
2013-10-28 20:58:32 +00:00
|
|
|
forMainServer = false;
|
|
|
|
};
|
|
|
|
}));
|
2009-11-06 16:23:25 +00:00
|
|
|
default = [];
|
|
|
|
example = [
|
|
|
|
{ hostName = "foo";
|
|
|
|
documentRoot = "/data/webroot-foo";
|
|
|
|
}
|
|
|
|
{ hostName = "bar";
|
|
|
|
documentRoot = "/data/webroot-bar";
|
|
|
|
}
|
|
|
|
];
|
|
|
|
description = ''
|
|
|
|
Specification of the virtual hosts served by Apache. Each
|
|
|
|
element should be an attribute set specifying the
|
|
|
|
configuration of the virtual host. The available options
|
|
|
|
are the non-global options permissible for the main host.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2014-05-20 10:50:39 +01:00
|
|
|
enablePHP = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
|
|
|
description = "Whether to enable the PHP module.";
|
|
|
|
};
|
|
|
|
|
2010-02-15 19:02:42 +00:00
|
|
|
phpOptions = mkOption {
|
2013-10-29 13:03:39 +00:00
|
|
|
type = types.lines;
|
2010-02-15 19:02:42 +00:00
|
|
|
default = "";
|
|
|
|
example =
|
|
|
|
''
|
|
|
|
date.timezone = "CET"
|
|
|
|
'';
|
|
|
|
description =
|
|
|
|
"Options appended to the PHP configuration file <filename>php.ini</filename>.";
|
2010-01-07 09:01:40 +00:00
|
|
|
};
|
|
|
|
|
2012-07-06 19:23:55 +01:00
|
|
|
multiProcessingModule = mkOption {
|
2013-10-29 13:03:39 +00:00
|
|
|
type = types.str;
|
2012-07-06 19:23:55 +01:00
|
|
|
default = "prefork";
|
|
|
|
example = "worker";
|
|
|
|
description =
|
|
|
|
''
|
|
|
|
Multi-processing module to be used by Apache. Available
|
|
|
|
modules are <literal>prefork</literal> (the default;
|
|
|
|
handles each request in a separate child process),
|
|
|
|
<literal>worker</literal> (hybrid approach that starts a
|
|
|
|
number of child processes each running a number of
|
|
|
|
threads) and <literal>event</literal> (a recent variant of
|
|
|
|
<literal>worker</literal> that handles persistent
|
|
|
|
connections more efficiently).
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2010-04-21 21:55:57 +01:00
|
|
|
maxClients = mkOption {
|
2013-10-29 13:03:39 +00:00
|
|
|
type = types.int;
|
2010-04-21 21:55:57 +01:00
|
|
|
default = 150;
|
|
|
|
example = 8;
|
|
|
|
description = "Maximum number of httpd processes (prefork)";
|
|
|
|
};
|
|
|
|
|
|
|
|
maxRequestsPerChild = mkOption {
|
2013-10-29 13:03:39 +00:00
|
|
|
type = types.int;
|
2010-04-21 21:55:57 +01:00
|
|
|
default = 0;
|
|
|
|
example = 500;
|
|
|
|
description =
|
|
|
|
"Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited";
|
|
|
|
};
|
2009-11-06 16:23:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
# Include the options shared between the main server and virtual hosts.
|
|
|
|
// (import ./per-server-options.nix {
|
2014-04-14 15:26:48 +01:00
|
|
|
inherit lib;
|
2009-11-06 16:23:25 +00:00
|
|
|
forMainServer = true;
|
|
|
|
});
|
2009-07-15 12:19:11 +01:00
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
###### implementation
|
|
|
|
|
|
|
|
config = mkIf config.services.httpd.enable {
|
2014-11-06 13:27:02 +00:00
|
|
|
|
2013-11-06 01:32:22 +00:00
|
|
|
assertions = [ { assertion = mainCfg.enableSSL == true
|
2013-11-11 04:08:36 +00:00
|
|
|
-> mainCfg.sslServerCert != null
|
|
|
|
&& mainCfg.sslServerKey != null;
|
2014-11-06 13:27:02 +00:00
|
|
|
message = "SSL is enabled for httpd, but sslServerCert and/or sslServerKey haven't been specified."; }
|
2013-11-06 01:32:22 +00:00
|
|
|
];
|
2009-07-15 12:19:11 +01:00
|
|
|
|
2014-06-11 10:17:42 +01:00
|
|
|
users.extraUsers = optionalAttrs (mainCfg.user == "wwwrun") (singleton
|
2012-08-03 15:52:53 +01:00
|
|
|
{ name = "wwwrun";
|
2014-06-11 10:36:15 +01:00
|
|
|
group = mainCfg.group;
|
2009-03-06 12:26:41 +00:00
|
|
|
description = "Apache httpd user";
|
2012-08-03 16:05:25 +01:00
|
|
|
uid = config.ids.uids.wwwrun;
|
2014-06-11 10:17:42 +01:00
|
|
|
});
|
2009-07-15 12:19:11 +01:00
|
|
|
|
2014-06-11 10:17:42 +01:00
|
|
|
users.extraGroups = optionalAttrs (mainCfg.group == "wwwrun") (singleton
|
2012-08-03 15:52:53 +01:00
|
|
|
{ name = "wwwrun";
|
2012-08-03 16:05:25 +01:00
|
|
|
gid = config.ids.gids.wwwrun;
|
2014-06-11 10:17:42 +01:00
|
|
|
});
|
2007-12-12 13:58:15 +00:00
|
|
|
|
2009-07-15 12:19:11 +01:00
|
|
|
environment.systemPackages = [httpd] ++ concatMap (svc: svc.extraPath) allSubservices;
|
2009-03-06 12:26:41 +00:00
|
|
|
|
2010-02-15 19:02:42 +00:00
|
|
|
services.httpd.phpOptions =
|
|
|
|
''
|
|
|
|
; Needed for PHP's mail() function.
|
|
|
|
sendmail_path = sendmail -t -i
|
|
|
|
|
|
|
|
; Apparently PHP doesn't use $TZ.
|
|
|
|
date.timezone = "${config.time.timeZone}"
|
|
|
|
'';
|
|
|
|
|
2013-01-16 11:33:18 +00:00
|
|
|
systemd.services.httpd =
|
2012-06-16 05:19:43 +01:00
|
|
|
{ description = "Apache HTTPD";
|
2009-10-12 18:09:38 +01:00
|
|
|
|
2012-08-14 23:15:37 +01:00
|
|
|
wantedBy = [ "multi-user.target" ];
|
2014-03-17 14:01:10 +00:00
|
|
|
wants = [ "keys.target" ];
|
2012-11-01 22:32:12 +00:00
|
|
|
after = [ "network.target" "fs.target" "postgresql.service" "keys.target" ];
|
2009-10-12 18:09:38 +01:00
|
|
|
|
2011-11-25 16:32:54 +00:00
|
|
|
path =
|
|
|
|
[ httpd pkgs.coreutils pkgs.gnugrep ]
|
|
|
|
++ # Needed for PHP's mail() function. !!! Probably the
|
|
|
|
# ssmtp module should export the path to sendmail in
|
|
|
|
# some way.
|
|
|
|
optional config.networking.defaultMailServer.directDelivery pkgs.ssmtp
|
|
|
|
++ concatMap (svc: svc.extraServerPath) allSubservices;
|
2011-08-09 15:07:44 +01:00
|
|
|
|
2011-11-25 16:32:54 +00:00
|
|
|
environment =
|
2014-01-31 20:18:24 +00:00
|
|
|
optionalAttrs enablePHP { PHPRC = phpIni; }
|
|
|
|
// (listToAttrs (concatMap (svc: svc.globalEnvVars) allSubservices));
|
2009-10-12 18:09:38 +01:00
|
|
|
|
|
|
|
preStart =
|
|
|
|
''
|
2012-07-09 15:27:39 +01:00
|
|
|
mkdir -m 0750 -p ${mainCfg.stateDir}
|
2013-11-18 16:00:24 +00:00
|
|
|
[ $(id -u) != 0 ] || chown root.${mainCfg.group} ${mainCfg.stateDir}
|
2012-10-17 16:47:30 +01:00
|
|
|
${optionalString version24 ''
|
2012-10-17 16:38:43 +01:00
|
|
|
mkdir -m 0750 -p "${mainCfg.stateDir}/runtime"
|
2013-11-18 16:00:24 +00:00
|
|
|
[ $(id -u) != 0 ] || chown root.${mainCfg.group} "${mainCfg.stateDir}/runtime"
|
2012-10-17 16:38:43 +01:00
|
|
|
''}
|
2009-10-12 18:09:38 +01:00
|
|
|
mkdir -m 0700 -p ${mainCfg.logDir}
|
|
|
|
|
2010-08-03 14:48:08 +01:00
|
|
|
${optionalString (mainCfg.documentRoot != null)
|
|
|
|
''
|
|
|
|
# Create the document root directory if does not exists yet
|
|
|
|
mkdir -p ${mainCfg.documentRoot}
|
|
|
|
''
|
|
|
|
}
|
|
|
|
|
2009-10-12 18:09:38 +01:00
|
|
|
# Get rid of old semaphores. These tend to accumulate across
|
|
|
|
# server restarts, eventually preventing it from restarting
|
2013-08-10 22:07:13 +01:00
|
|
|
# successfully.
|
2009-10-12 18:09:38 +01:00
|
|
|
for i in $(${pkgs.utillinux}/bin/ipcs -s | grep ' ${mainCfg.user} ' | cut -f2 -d ' '); do
|
|
|
|
${pkgs.utillinux}/bin/ipcrm -s $i
|
|
|
|
done
|
|
|
|
|
|
|
|
# Run the startup hooks for the subservices.
|
|
|
|
for i in ${toString (map (svn: svn.startupScript) allSubservices)}; do
|
|
|
|
echo Running Apache startup hook $i...
|
|
|
|
$i
|
|
|
|
done
|
|
|
|
'';
|
|
|
|
|
2013-07-09 14:08:48 +01:00
|
|
|
serviceConfig.ExecStart = "@${httpd}/bin/httpd httpd -f ${httpdConf}";
|
2012-11-01 22:32:12 +00:00
|
|
|
serviceConfig.ExecStop = "${httpd}/bin/httpd -f ${httpdConf} -k graceful-stop";
|
2013-07-09 14:08:48 +01:00
|
|
|
serviceConfig.Type = "forking";
|
2013-11-18 16:00:24 +00:00
|
|
|
serviceConfig.PIDFile = "${mainCfg.stateDir}/httpd.pid";
|
2012-11-01 22:32:12 +00:00
|
|
|
serviceConfig.Restart = "always";
|
2009-10-12 18:09:38 +01:00
|
|
|
};
|
|
|
|
|
2009-03-06 12:26:41 +00:00
|
|
|
};
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2007-12-12 13:58:15 +00:00
|
|
|
}
|