JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nginx module: Enable http2

Browse Source
This commit is contained in:
Franz Pletz 2016-04-29 09:17:30 +02:00 committed by Robin Gloster
parent e982aeae6a
commit de8008a1b1
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -35,7 +35,7 @@ let
ssl_session_timeout 23m;
ssl_ciphers ${cfg.sslCiphers};
ssl_ecdh_curve secp521r1;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
${optionalString (cfg.sslDhparam != null) "ssl_dhparam ${cfg.sslDhparam};"}
@ -79,7 +79,7 @@ let
let
ssl = vhost.enableSSL || vhost.forceSSL;
port = if vhost.port != null then vhost.port else (if ssl then 443 else 80);
listenString = toString port + optionalString ssl " ssl spdy"
listenString = toString port + optionalString ssl " ssl http2"
+ optionalString vhost.default " default";
acmeLocation = optionalString vhost.enableACME ''
location /.well-known/acme-challenge {
@ -221,7 +221,7 @@ in
sslCiphers = mkOption {
type = types.str;
default = "EDH+CHACHA20:EDH+AES:EECDHE+CHACHA20:ECDHE+AES:+AES128:-DSS";
default = "EECDH+aRSA+AESGCM:EDH+aRSA:EECDH+aRSA:+AES256:+AES128:+SHA1:!CAMELLIA:!SEED:!3DES:!DES:!RC4:!eNULL";
description = "Ciphers to choose from when negotiating tls handshakes.";
};