K900
0453fe2395
{apache,caddy,nginx}: not "before" ACME certs using DNS validation ( #336412 )
2024-11-08 18:50:28 +03:00
ThinkChaos
3c2e82337d
nixos/web-servers: assert ACME cert access via service user and groups
...
Allows giving access using SupplementaryGroups.
2024-11-07 20:19:12 -05:00
ThinkChaos
03122b43c8
nixos/nginx: not "before" ACME certs using DNS validation
...
Relax dependency with certs that are validated via DNS challenge since
we know the HTTP server is not required for that validation.
This allows marking the server's service as depending on the cert.
2024-11-07 20:19:12 -05:00
Ramses
3a1e2ab284
nginx: Create cryptographically secure htpasswd file ( #347266 )
2024-11-01 09:09:50 +01:00
Rafael Kraut
ef92d48263
nixos/nginx: use list for logrotate files attribute
...
This allows for easier extensibility.
2024-10-28 15:19:36 +01:00
Maximilian Bosch
e7d631432f
Merge: nixos/nginx: create 127.0.0.1 alias for status page ( #349536 )
2024-10-24 12:49:10 +02:00
Ryan Horiguchi
449a963b0e
nixos/nginx: create 127.0.0.1 alias for status page
2024-10-23 22:41:00 +02:00
Izorkin
b93bbf6406
nixos/nginx: remove rejectSSL assertion
2024-10-21 14:49:53 +03:00
Sandro Jäckel
a155c718d3
nixos/nginx: expand proxyResolveWhileRunning's description
2024-10-08 13:36:13 +02:00
Victor Engmark
7d3b47a0fa
nginx: Create cryptographically secure htpasswd file
...
Requires the `htpasswd` command available from `pkgs.apacheHttpd`.
2024-10-08 23:14:26 +13:00
Victor Engmark
fef047eba5
nginx: Use placeholders which play nicely with Bash
...
`<` and `>` are redirection operators.
2024-10-08 23:09:47 +13:00
Maximilian Bosch
5ee80e8120
Merge: nixos/nginx: remove shortand from defaultText ( #346767 )
2024-10-06 17:13:51 +02:00
Sandro Jäckel
dd7ef21afc
nixos/nginx: fix double slash in example
2024-10-06 03:45:51 +02:00
Sandro
b64b2d25c2
nixos/nginx: remove shortand from defaultText
2024-10-06 03:19:07 +02:00
Izorkin
d856c0374d
nixos/nginx: add option typesHashMaxSize
2024-09-25 20:57:13 +03:00
Jörg Thalheim
5356420466
treewide: remove unused with statements from maintainer lists
...
$ find -type f -name '*.nix' -print0 | xargs -P "$(nproc)" -0 sed -i \
-e 's!with lib.maintainers; \[ *\];![ ];!' \
-e 's!with maintainers; \[ *\];![ ];!'
2024-07-29 10:06:20 +08:00
éclairevoyant
7d8742da87
treewide: fix mkEnableOption usage
2024-06-14 02:41:42 -04:00
Sandro Jäckel
f643e4fa5b
nixos/tailscale-auth: fix enable option description
2024-06-02 22:30:42 +02:00
Pol Dellaiera
378c5c67ed
Merge pull request #310348 from ehmry/nginx-validateConfigFile
...
nixos/nginx: add validateConfigFile option
2024-05-12 21:58:59 +02:00
Franz Pletz
b7d060d10d
nixos/nginx: fix reference to acme cert hostname
...
The change introduced in #308303 refers to the virtualHosts attrset
key which can be any string. The servername is the actual primary
hostname used for the certificate.
This fixes use cases like:
services.nginx.virualHosts.foobar.serverName = "my.fqdn.org";
2024-05-10 01:36:34 +02:00
Emery Hemingway
60c75135f8
nixos/nginx: add validateConfigFile option
...
Add an option to disable configuration file processing and
validation.
2024-05-09 16:48:26 +02:00
Lynn
a586e82ef6
nixos/nginx: don't add .well-known locations for acme when using DNS-01 challenge
2024-05-01 16:48:07 +02:00
Sandro Jäckel
8db512dae8
nixos/nginx: update ciphers list
2024-04-22 23:08:14 +10:00
Sandro
f417891699
Merge pull request #293954 from Dan-Theriault/refactor-tailscale-auth
2024-04-18 15:14:01 +02:00
Dan Theriault
3cf6c4ddb3
nixos/tailscale-auth: init module
...
This additional module allows the tailscale auth proxy to be configured
independently of nginx. The tailscale auth proxy works with both caddy
and traefik. All prior nginx/tailscale-auth options are retained as
aliases.
2024-04-16 19:06:08 -04:00
Kerstin Humm
d6e8934f38
nixos/nginx: allow for resolving IPv6 addresses only
2024-04-16 23:44:11 +02:00
stuebinm
6afb255d97
nixos: remove all uses of lib.mdDoc
...
these changes were generated with nixq 0.0.2, by running
nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix
two mentions of the mdDoc function remain in nixos/, both of which
are inside of comments.
Since lib.mdDoc is already defined as just id, this commit is a no-op as
far as Nix (and the built manual) is concerned.
2024-04-13 10:07:35 -07:00
Robert Schütz
1dd5f2b1f9
nixos/nginx: turn auth_request off for ACME challenge
...
This is e.g. necessary when using tailscale-nginx-auth.
2024-02-05 00:33:33 -08:00
Ryan Lahfa
6d8630efda
Merge pull request #270270 from SuperSandro2000/nginx-fastopen
...
nixos/nginx: filter more options when listening has quic
2024-01-12 20:01:29 +01:00
Ryan Lahfa
3287441158
Merge pull request #275484 from Izorkin/update-nginx-http3
...
nixos/nginx: disable automatic advertise of HTTP/3 protocol support
2024-01-12 19:49:18 +01:00
Peder Bergebakken Sundt
f489e99576
Merge pull request #277925 from Izorkin/update-nginx-http2
...
nixos/nginx: use new variant of http2 option for angie package
2024-01-12 01:40:18 +01:00
Izorkin
10c06cb060
nginx: enable ktls support by default
2024-01-01 12:02:57 +03:00
Izorkin
2fb0b52c50
nixos/nginx: disable automatic advertise of HTTP/3 protocol support
...
Automatic advertise in the `http` block about support of HTTP/3
protocol makes it difficult to automatically configure services
to work with it.
HTTP/3 availability must be manually advertised, preferably in
each location block.
2024-01-01 02:29:01 +03:00
Izorkin
d11fe979a2
nixos/nginx: use new variant of http2 option for angie package
2023-12-31 16:52:08 +03:00
Izorkin
ae5c0c1521
nixos/nginx: skip adding a comment to acmeLocation in nginx configuration
2023-12-30 23:50:02 +03:00
Izorkin
7f1b6d45af
nixos/nginx: change position acmeLocation in nginx configuration
2023-12-30 23:49:58 +03:00
Sandro Jäckel
157256f9dd
nixos/nginx: filter more options when listening has quic
2023-12-23 02:20:48 +01:00
Izorkin
86efccfa45
angie: init at 1.4.0
2023-12-17 22:43:13 +03:00
Ryan Lahfa
3bb93fb2cd
Merge pull request #271506 from Misterio77/nginx-redirect-status-code
2023-12-12 14:05:33 +01:00
Gabriel Fontes
a3c60d2ddc
nixos/nginx: make redirect status code configurable
...
Add an option to configure which code globalRedirect and forceSSL use.
It previously was always 301 with no easy way to override.
2023-12-11 11:09:02 -03:00
Sandro Jäckel
78541e68eb
nixos/nginx: allow return to be an int
2023-12-08 15:04:27 +01:00
phaer
c40f706dc4
nixos/nginx/tailscale-auth: init module
2023-12-06 20:57:38 +01:00
Anthony Roussel
e30f48be94
treewide: fix redirected and broken URLs
...
Using the script in maintainers/scripts/update-redirected-urls.sh
2023-11-11 10:49:01 +01:00
Artturi
61f2bd3178
Merge pull request #254386 from erikarvstedt/nginx-js-mime-type
2023-10-27 23:32:20 +03:00
Sandro
f4d631c3d1
nixos/nginx: document implicit default port 80
2023-10-22 21:32:50 +02:00
Carl Dong
e5c2c71280
nixos/nginx: Allow empty port for listen directive
...
When listening on unix sockets, it doesn't make sense to specify a port
for nginx's listen directive.
Since nginx defaults to port 80 when the port isn't specified (but the
address is), we can change the default for the option to null as well
without changing any behaviour.
2023-10-09 21:16:03 -04:00
Marek Beyer
ea1eb4ee0f
nixos/nginx: add systemd-tmpfiles exclusion of temporary directories
...
Directories used by nginx in the tmp path are only created upon startup and
must not be deleted while nginx is running.
2023-10-06 14:26:37 +02:00
Izorkin
64fe8c9292
nixos/nginx: allow enabling QUIC packet routing using eBPF
2023-09-19 16:16:34 +03:00
Erik Arvstedt
7ce5fa1a82
nixos/nginx: add application/javascript to compressMimeTypes
...
Although deprecated, this MIME type is still used by various
applications and web frameworks which are potentially proxied by nginx.
Examples:
- Apps based on ASP.NET Core
- Apps based on http.server (Python)
2023-09-10 13:56:23 +02:00
Sandro
c6af5494aa
nixos/nginx: fix services.nginx.defaultListen description
2023-09-03 16:45:10 +02:00
