public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nginx module: fix applying recommended proxy headers

Browse Source 
Previously, if proxy_set_header would be used in an extraConfig of
a location, the headers defined in the http block by
recommendedProxySettings would be cleared. As this is not the intended
behaviour, these settings are now included from a separate file if
needed.
This commit is contained in:
Franz Pletz 2017-02-11 04:09:11 +01:00 committed by Robin Gloster
parent 0371f2b5cc
commit 530282eebe
No known key found for this signature in database
GPG Key ID: D5C458DF6DD97EDF
2 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -19,6 +19,16 @@ let
) cfg.virtualHosts; ) cfg.virtualHosts;
enableIPv6 = config.networking.enableIPv6; enableIPv6 = config.networking.enableIPv6;
recommendedProxyConfig = pkgs.writeText "nginx-recommended-proxy-headers.conf" ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header Accept-Encoding "";
'';
configFile = pkgs.writeText "nginx.conf" '' configFile = pkgs.writeText "nginx.conf" ''
user ${cfg.user} ${cfg.group}; user ${cfg.user} ${cfg.group};
error_log stderr; error_log stderr;
@ -74,19 +84,12 @@ let
''} ''}
${optionalString (cfg.recommendedProxySettings) '' ${optionalString (cfg.recommendedProxySettings) ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header Accept-Encoding "";
proxy_redirect off; proxy_redirect off;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_send_timeout 90; proxy_send_timeout 90;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_http_version 1.0; proxy_http_version 1.0;
include ${recommendedProxyConfig};
''} ''}
client_max_body_size ${cfg.clientMaxBodySize}; client_max_body_size ${cfg.clientMaxBodySize};
@ -206,7 +209,10 @@ let
) virtualHosts); ) virtualHosts);
mkLocations = locations: concatStringsSep "\n" (mapAttrsToList (location: config: '' mkLocations = locations: concatStringsSep "\n" (mapAttrsToList (location: config: ''
location ${location} { location ${location} {
${optionalString (config.proxyPass != null) "proxy_pass ${config.proxyPass};"} ${optionalString (config.proxyPass != null) ''
proxy_pass ${config.proxyPass};
${optionalString cfg.recommendedProxySettings "include ${recommendedProxyConfig};"}
''}
${optionalString (config.index != null) "index ${config.index};"} ${optionalString (config.index != null) "index ${config.index};"}
${optionalString (config.tryFiles != null) "try_files ${config.tryFiles};"} ${optionalString (config.tryFiles != null) "try_files ${config.tryFiles};"}
${optionalString (config.root != null) "root ${config.root};"} ${optionalString (config.root != null) "root ${config.root};"}

3
nixos/modules/services/web-servers/nginx/location-options.nix
View File

@ -14,7 +14,8 @@ with lib;
default = null; default = null;
example = "http://www.example.org/"; example = "http://www.example.org/";
description = '' description = ''
Adds proxy_pass directive. Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
''; '';
}; };