From 178ec8974ff70ef0acffa4cc8f47f3234898ff3d Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Sat, 2 Jan 2021 08:55:12 +0000 Subject: [PATCH] nixos/nginx: allow overriding fastcgi params By default in Nginx, if you want to override a single fastcgi_param, you have to override all of them. This is less of a big deal if you're editing the Nginx configuration directly, but when you're generating the Nginx configuration with Nix it can be very annoying to bloat your configuration repeating the default values of FastCGI parameters every time. This patch adds a fastcgiParams option to Nginx locations. If any parameters are set through this, all the default values will be included as well, so only the ones that are changing need to be supplied. There's no way to use fastcgiParams to actually override all parameters if that's what you want, but I think that's a niche use case and it's still possible using extraConfig, which up until now was the only option Nginx allows the fastcgi_param directive in http and server scopes as well as location, but here I only support location. It would be possible to support the others, but I don't think it's worth it. It would be a possible future enhancement if somebody has a need for it. --- .../services/web-servers/nginx/default.nix | 31 +++++++++++++++++++ .../web-servers/nginx/location-options.nix | 10 ++++++ 2 files changed, 41 insertions(+) diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 62671e9d7484..7fcd61880ea8 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -27,6 +27,33 @@ let ) cfg.virtualHosts; enableIPv6 = config.networking.enableIPv6; + defaultFastcgiParams = { + SCRIPT_FILENAME = "$document_root$fastcgi_script_name"; + QUERY_STRING = "$query_string"; + REQUEST_METHOD = "$request_method"; + CONTENT_TYPE = "$content_type"; + CONTENT_LENGTH = "$content_length"; + + SCRIPT_NAME = "$fastcgi_script_name"; + REQUEST_URI = "$request_uri"; + DOCUMENT_URI = "$document_uri"; + DOCUMENT_ROOT = "$document_root"; + SERVER_PROTOCOL = "$server_protocol"; + REQUEST_SCHEME = "$scheme"; + HTTPS = "$https if_not_empty"; + + GATEWAY_INTERFACE = "CGI/1.1"; + SERVER_SOFTWARE = "nginx/$nginx_version"; + + REMOTE_ADDR = "$remote_addr"; + REMOTE_PORT = "$remote_port"; + SERVER_ADDR = "$server_addr"; + SERVER_PORT = "$server_port"; + SERVER_NAME = "$server_name"; + + REDIRECT_STATUS = "200"; + }; + recommendedProxyConfig = pkgs.writeText "nginx-recommended-proxy-headers.conf" '' proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -283,6 +310,10 @@ let proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; ''} + ${concatStringsSep "\n" + (mapAttrsToList (n: v: ''fastcgi_param ${n} "${v}";'') + (optionalAttrs (config.fastcgiParams != {}) + (defaultFastcgiParams // config.fastcgiParams)))} ${optionalString (config.index != null) "index ${config.index};"} ${optionalString (config.tryFiles != null) "try_files ${config.tryFiles};"} ${optionalString (config.root != null) "root ${config.root};"} diff --git a/nixos/modules/services/web-servers/nginx/location-options.nix b/nixos/modules/services/web-servers/nginx/location-options.nix index f2fc07255725..5a7f5188b6cf 100644 --- a/nixos/modules/services/web-servers/nginx/location-options.nix +++ b/nixos/modules/services/web-servers/nginx/location-options.nix @@ -101,6 +101,16 @@ with lib; ''; }; + fastcgiParams = mkOption { + type = types.attrsOf types.str; + default = {}; + description = '' + FastCGI parameters to override. Unlike in the Nginx + configuration file, overriding only some default parameters + won't unset the default values for other parameters. + ''; + }; + extraConfig = mkOption { type = types.lines; default = "";