Lots of fixes to Apache HTTPD configuration. Net result: I can have SSL-only SVN repository on :12443 and SSL-enabled http server with userDirs.
svn path=/nixos/trunk/; revision=11660
This commit is contained in:
parent
02decddeb1
commit
8fd2404adf
@ -118,8 +118,6 @@ let
|
||||
|
||||
# !!! integrate with virtual hosting below
|
||||
sslConf = ''
|
||||
Listen ${toString cfg.httpsPort}
|
||||
|
||||
SSLSessionCache dbm:${cfg.stateDir}/ssl_scache
|
||||
|
||||
SSLMutex file:${cfg.stateDir}/ssl_mutex
|
||||
@ -127,6 +125,8 @@ let
|
||||
SSLRandomSeed startup builtin
|
||||
SSLRandomSeed connect builtin
|
||||
|
||||
NameVirtualHost *:${toString cfg.httpsPort}
|
||||
|
||||
<VirtualHost _default_:${toString cfg.httpsPort}>
|
||||
|
||||
SSLEngine on
|
||||
@ -246,7 +246,20 @@ let
|
||||
MaxRequestsPerChild 0
|
||||
</IfModule>
|
||||
|
||||
Listen ${toString cfg.httpPort}
|
||||
${let
|
||||
ports = pkgs.lib.uniqList {
|
||||
inputList=(concatMap (localCfg:
|
||||
(pkgs.lib.optional localCfg.enableHttp localCfg.httpPort)
|
||||
++
|
||||
(pkgs.lib.optional localCfg.enableHttps localCfg.httpsPort)
|
||||
) vhosts)
|
||||
++
|
||||
(pkgs.lib.optional cfg.enableSSL cfg.httpsPort)
|
||||
++
|
||||
[cfg.httpPort];
|
||||
};
|
||||
in concatMapStrings (port: "Listen ${toString port}\n") ports
|
||||
}
|
||||
|
||||
User ${cfg.user}
|
||||
Group ${cfg.group}
|
||||
@ -318,14 +331,23 @@ let
|
||||
${perServerConf true cfg}
|
||||
|
||||
# Always enable virtual hosts; it doesn't seem to hurt.
|
||||
NameVirtualHost *:*
|
||||
NameVirtualHost *:${toString cfg.httpPort}
|
||||
|
||||
${let
|
||||
makeVirtualHost = cfg: ''
|
||||
<VirtualHost *:*>
|
||||
${perServerConf false cfg}
|
||||
makeVirtualHost = localCfg: (if localCfg.enableHttp then ''
|
||||
<VirtualHost *:${toString localCfg.httpPort}>
|
||||
${perServerConf false localCfg}
|
||||
</VirtualHost>
|
||||
'';
|
||||
'' else "") + ( if localCfg.enableHttps then ''
|
||||
<VirtualHost *:${toString localCfg.httpsPort}>
|
||||
SSLEngine on
|
||||
|
||||
SSLCertificateFile ${sslServerCert}
|
||||
SSLCertificateKeyFile ${sslServerKey}
|
||||
|
||||
${perServerConf false localCfg}
|
||||
</VirtualHost>
|
||||
'' else "");
|
||||
in concatMapStrings makeVirtualHost vhosts}
|
||||
'';
|
||||
|
||||
|
@ -29,6 +29,27 @@
|
||||
";
|
||||
};
|
||||
|
||||
httpsPort = mkOption {
|
||||
default = 443;
|
||||
description = "
|
||||
Port for encrypted HTTPS requests.
|
||||
";
|
||||
};
|
||||
|
||||
enableHttp = mkOption {
|
||||
default = true;
|
||||
description = "
|
||||
Whether to listen on unencrypted HTTP.
|
||||
";
|
||||
};
|
||||
|
||||
enableHttps = mkOption {
|
||||
default = false;
|
||||
description = "
|
||||
Whether to listen on encrypted HTTPS.
|
||||
";
|
||||
};
|
||||
|
||||
adminAddr = mkOption ({
|
||||
example = "admin@example.org";
|
||||
description = "
|
||||
|
Loading…
Reference in New Issue
Block a user