nginx module: fix applying recommended proxy headers
Previously, if proxy_set_header would be used in an extraConfig of a location, the headers defined in the http block by recommendedProxySettings would be cleared. As this is not the intended behaviour, these settings are now included from a separate file if needed.
This commit is contained in:
parent
0371f2b5cc
commit
530282eebe
@ -19,6 +19,16 @@ let
|
||||
) cfg.virtualHosts;
|
||||
enableIPv6 = config.networking.enableIPv6;
|
||||
|
||||
recommendedProxyConfig = pkgs.writeText "nginx-recommended-proxy-headers.conf" ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header Accept-Encoding "";
|
||||
'';
|
||||
|
||||
configFile = pkgs.writeText "nginx.conf" ''
|
||||
user ${cfg.user} ${cfg.group};
|
||||
error_log stderr;
|
||||
@ -74,19 +84,12 @@ let
|
||||
''}
|
||||
|
||||
${optionalString (cfg.recommendedProxySettings) ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header Accept-Encoding "";
|
||||
|
||||
proxy_redirect off;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_send_timeout 90;
|
||||
proxy_read_timeout 90;
|
||||
proxy_http_version 1.0;
|
||||
include ${recommendedProxyConfig};
|
||||
''}
|
||||
|
||||
client_max_body_size ${cfg.clientMaxBodySize};
|
||||
@ -206,7 +209,10 @@ let
|
||||
) virtualHosts);
|
||||
mkLocations = locations: concatStringsSep "\n" (mapAttrsToList (location: config: ''
|
||||
location ${location} {
|
||||
${optionalString (config.proxyPass != null) "proxy_pass ${config.proxyPass};"}
|
||||
${optionalString (config.proxyPass != null) ''
|
||||
proxy_pass ${config.proxyPass};
|
||||
${optionalString cfg.recommendedProxySettings "include ${recommendedProxyConfig};"}
|
||||
''}
|
||||
${optionalString (config.index != null) "index ${config.index};"}
|
||||
${optionalString (config.tryFiles != null) "try_files ${config.tryFiles};"}
|
||||
${optionalString (config.root != null) "root ${config.root};"}
|
||||
|
@ -14,7 +14,8 @@ with lib;
|
||||
default = null;
|
||||
example = "http://www.example.org/";
|
||||
description = ''
|
||||
Adds proxy_pass directive.
|
||||
Adds proxy_pass directive and sets recommended proxy headers if
|
||||
recommendedProxySettings is enabled.
|
||||
'';
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user