nixpkgs

Author	SHA1	Message	Date
Silvan Mosberger	f8de52a2fe	Revert "nixos/nginx: support h2c"	2019-03-15 14:31:11 +01:00
Jordan Johnson-Doyle	04425c6223	nixos/nginx: support h2c	2019-03-08 17:50:46 +00:00
Janne Heß	3de5726e9b	nixos/nginx: Support additional listen parameters (#56835 )	2019-03-06 11:42:46 +02:00
Andreas Rammhold	768336a74b	Merge pull request #56233 from jtojnar/nginx-tlsv13 nixos/nginx: Enable TLS 1.3 support	2019-03-03 14:19:38 +01:00
Jan Tojnar	f93ff28c62	nixos/nginx: Enable TLS 1.3 support	2019-02-25 16:47:19 +01:00
Izorkin	569248b3c2	nginx: fix formating the config file	2019-02-24 19:50:58 +03:00
Izorkin	0394b177c7	nginx: formating the config file	2019-02-24 10:17:11 +03:00
Jappie Klooster	e576c3b385	doc: Fix insecure nginx docs (#51840 )	2018-12-11 11:02:56 +00:00
Izorkin	af8ae49395	nginx: add custom options	2018-10-23 21:04:07 +03:00
Franz Pletz	ebd38185c8	nixos/nextcloud: init Co-authored-by: Franz Pletz <fpletz@fnordicwalking.de> Co-authored-by: Robin Gloster <mail@glob.in> Co-authored-by: Janne Heß <janne@hess.ooo> Co-authored-by: Florian Klink <flokli@flokli.de>	2018-10-01 02:07:43 +09:30
Uli Baum	15e6e1ff6f	nixos/nginx: fix type of sslTrustedCertificate option The option was added in `1251b34b5b` with type `types.path` but default `null`, so eval failed with the default setting. This broke the acme and certmgr tests. cc: @vincentbernat @fpletz	2018-09-02 01:35:59 +02:00
Vincent Bernat	1251b34b5b	nixos/nginx: ensure TLS OCSP stapling works out of the box with LE The recommended TLS configuration comes with `ssl_stapling on` and `ssl_stapling_verify on`. However, this last directive also requires the use of `ssl_trusted_certificate` to verify the received answer. When using `enableACME` or similar, we can help the user by providing the correct value for the directive. The result can be tested with: openssl s_client -connect web.example.com:443 -status 2> /dev/null Without OCSP stapling, we get: OCSP response: no response sent After this change, we get: OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 Produced At: Aug 30 20:46:00 2018 GMT	2018-08-30 22:47:41 +02:00
Vincent Bernat	bd075eb914	nginx: add more gzipped MIME types The additions are: - image/svg+xml for SVG images - application/atom+xml for Atom feeds These types are also present in mime.types. For better readability, the list is sorted and formatted with one type per line.	2018-08-26 21:48:55 +02:00
Vincent Bernat	06a5fb2ada	nginx: use a compression level of 5 in recommended configuration While there is little gain of space to use a compression level of 9, the CPU usage is significant. Many experiments point to use something between 4 and 6. For example: - https://mjanja.ch/2015/03/finding-the-nginx-gzip_comp_level-sweet-spot/ - `3bda5b93ed/nginx.conf (L93)`	2018-08-26 21:43:34 +02:00
volth	2e979e8ceb	[bot] nixos/*: remove unused arguments in lambdas	2018-07-20 20:56:59 +00:00
Florian Klink	fff5923686	nixos/modules: users.(extraUsers\|extraGroup->users\|group)	2018-06-30 03:02:58 +02:00
Jan Tojnar	bd648f321c	nixos/nginx: emphasize that useACMEHost does not create certs It was not entirely clean that `services.nginx.virtualHosts.<name>.useACMEHost` does not create certificates, see https://github.com/NixOS/nixpkgs/issues/40593	2018-05-17 20:48:02 +02:00
Nikolay Amiantov	a08645e9be	nginx module: add upstream extraConfig	2018-05-08 16:32:11 +03:00
Ben Wolsieffer	4d40adb86d	nginx: allow basic auth passwords to be specified in a file	2018-04-25 15:37:09 +02:00
gnidorah	9029ed933c	nixos/gitweb: add gitwebTheme option	2018-04-17 20:07:01 +03:00
Jörg Thalheim	41ec2c2223	Merge pull request #38362 from orbekk/acme-path fix: nixos/nginx certificate location	2018-04-09 09:02:51 +01:00
gnidorah	073089914e	nixos/nginx: fix gitweb submodule	2018-04-06 22:36:03 +03:00
Kjetil Ørbekk	8614e22297	fix: nixos/nginx certificate location Fix issue when using a cert location other than the default.	2018-04-02 20:34:01 -04:00
gnidorah	05b535c850	git: add more deps to gitweb	2018-03-29 16:46:11 +03:00
gnidorah	2821d3fed7	gitweb: use common options	2018-03-29 16:45:32 +03:00
gnidorah	69a0c9721e	nixos/nginx: add gitweb sub-service	2018-03-29 09:06:54 +03:00
Niklas Hambüchen	f00a1514f9	nixos/nginx: validate config syntax in preStart (#24664 )	2018-02-17 09:45:25 +00:00
Jan Tojnar	41d252d7a4	nixos/nginx: allow using existing ACME certificate When a domain has a lot of subdomains, it is quite easy to hit the rate limit: https://letsencrypt.org/docs/rate-limits/ Instead you can define the certificate manually in `security.acme.certs` and list the subdomains in the `extraDomains` option.	2018-01-15 13:48:45 +01:00
Christoph Hrdinka	d890212ac8	nginx module: only turn on HTTP2 when SSL is enabled Signed-off-by: Christoph Hrdinka <c.github@hrdinka.at>	2017-12-28 00:32:24 +01:00
Niklas Hambüchen	afa97cb981	nginx service: Make http2 an option. HTTP 2 can break some things, for example due to this Chrome bug: https://bugs.chromium.org/p/chromium/issues/detail?id=796199 So the service hardcoding it to be enabled is not helpful. This commit adds an option so you can turn it off.	2017-12-19 19:59:15 +01:00
Jan Tojnar	3c48a1e06d	nixos/services.nginx: Fix globalRedirect example Virtual host globalRedirect attribute accepts a hostname not a URL `09a9a472ee/nixos/modules/services/web-servers/nginx/default.nix (L167)`	2017-10-22 15:38:08 +02:00
Robin Gloster	97a2cd0748	nginx: module fix example Closes #28926	2017-09-03 14:05:32 +02:00
Robin Gloster	7cd46a0594	nginx module: add proxyResolveWhileRunning option	2017-08-30 21:01:53 +02:00
Robin Gloster	4ffa9ddb30	nginx module: allow basic configuration of upstreams	2017-08-30 21:01:53 +02:00
Franz Pletz	759daba980	nginx module: first proxy_set_header takes precendence	2017-08-30 21:01:52 +02:00
Franz Pletz	65c2203ffc	nginx module: add option for proxying websocket requests	2017-08-30 21:01:52 +02:00
Franz Pletz	530282eebe	nginx module: fix applying recommended proxy headers Previously, if proxy_set_header would be used in an extraConfig of a location, the headers defined in the http block by recommendedProxySettings would be cleared. As this is not the intended behaviour, these settings are now included from a separate file if needed.	2017-08-30 21:01:52 +02:00
Robin Gloster	0371f2b5cc	nginx module: clean up SSL/listen handling	2017-08-30 21:01:52 +02:00
Wout Mertens	339330b322	Merge pull request #27426 from rnhmjoj/nginx nginx: make enabling SSL port-specific	2017-08-07 16:46:28 +02:00
Robin Gloster	94a2cba8d9	nginx module: add resolver config	2017-08-04 02:15:46 +02:00
Robin Gloster	75bbcd4215	nginx module: include uwsgi_params	2017-08-04 02:15:01 +02:00
rnhmjoj	a912a6a291	nginx: make enabling SSL port-specific	2017-07-27 03:45:53 +02:00
Wout Mertens	c4783a982b	nginx: add gzip_vary to recommended settings Google PageSpeed recommends turning this on to allow proxies to cache	2017-07-17 20:15:59 +02:00
rnhmjoj	e40f3bea3e	nginx: make listen addresses configurable	2017-07-14 21:26:54 +02:00
Domen Kožar	02129a8788	Merge pull request #23672 from edanaher/nginx-alias Nginx alias directive	2017-03-21 15:04:02 +01:00
Franz Pletz	c13922f012	nginx: explicitly use stable version Also updates the documention of the NixOS option `services.nginx.package` that upstream recommends using the mainline version instead. Fixes #21665.	2017-03-20 20:04:09 +01:00
Evan Danaher	a09246948c	nginx: disallow alias directive on server level; it doesn't work.	2017-03-09 16:54:44 -05:00
Evan Danaher	e7358b192a	nginx: Assert that either root or alias is null. If both are set, nginx won't start. More error checking is certainly in order, but this seems like a reasonable start.	2017-03-09 13:02:49 -05:00
Evan Danaher	ff2e2e82cc	nginx: Add alias configuration option for hosts and locations. It's like root, but doesn't keep the prefix.	2017-03-09 13:02:29 -05:00
Susan Potter	251b9ca0e7	nginx service: add commonHttpConfig option	2017-02-28 09:36:56 -06:00

1 2 3

108 Commits