Lots of fixes to Apache HTTPD configuration. Net result: I can have SSL-only SVN repository on :12443 and SSL-enabled http server with userDirs.
svn path=/nixos/trunk/; revision=11660
This commit is contained in:
Michael Raskin
parent
02decddeb1
commit
8fd2404adf
@ -118,8 +118,6 @@ let
|
|||||||
|
|
||||||
# !!! integrate with virtual hosting below
|
# !!! integrate with virtual hosting below
|
||||||
sslConf = ''
|
sslConf = ''
|
||||||
Listen ${toString cfg.httpsPort}
|
|
||||||
|
|
||||||
SSLSessionCache dbm:${cfg.stateDir}/ssl_scache
|
SSLSessionCache dbm:${cfg.stateDir}/ssl_scache
|
||||||
|
|
||||||
SSLMutex file:${cfg.stateDir}/ssl_mutex
|
SSLMutex file:${cfg.stateDir}/ssl_mutex
|
||||||
@ -127,6 +125,8 @@ let
|
|||||||
SSLRandomSeed startup builtin
|
SSLRandomSeed startup builtin
|
||||||
SSLRandomSeed connect builtin
|
SSLRandomSeed connect builtin
|
||||||
|
|
||||||
|
NameVirtualHost *:${toString cfg.httpsPort}
|
||||||
|
|
||||||
<VirtualHost _default_:${toString cfg.httpsPort}>
|
<VirtualHost _default_:${toString cfg.httpsPort}>
|
||||||
|
|
||||||
SSLEngine on
|
SSLEngine on
|
||||||
@ -246,7 +246,20 @@ let
|
|||||||
MaxRequestsPerChild 0
|
MaxRequestsPerChild 0
|
||||||
</IfModule>
|
</IfModule>
|
||||||
|
|
||||||
Listen ${toString cfg.httpPort}
|
${let
|
||||||
|
ports = pkgs.lib.uniqList {
|
||||||
|
inputList=(concatMap (localCfg:
|
||||||
|
(pkgs.lib.optional localCfg.enableHttp localCfg.httpPort)
|
||||||
|
++
|
||||||
|
(pkgs.lib.optional localCfg.enableHttps localCfg.httpsPort)
|
||||||
|
) vhosts)
|
||||||
|
++
|
||||||
|
(pkgs.lib.optional cfg.enableSSL cfg.httpsPort)
|
||||||
|
++
|
||||||
|
[cfg.httpPort];
|
||||||
|
};
|
||||||
|
in concatMapStrings (port: "Listen ${toString port}\n") ports
|
||||||
|
}
|
||||||
|
|
||||||
User ${cfg.user}
|
User ${cfg.user}
|
||||||
Group ${cfg.group}
|
Group ${cfg.group}
|
||||||
@ -318,14 +331,23 @@ let
|
|||||||
${perServerConf true cfg}
|
${perServerConf true cfg}
|
||||||
|
|
||||||
# Always enable virtual hosts; it doesn't seem to hurt.
|
# Always enable virtual hosts; it doesn't seem to hurt.
|
||||||
NameVirtualHost *:*
|
NameVirtualHost *:${toString cfg.httpPort}
|
||||||
|
|
||||||
${let
|
${let
|
||||||
makeVirtualHost = cfg: ''
|
makeVirtualHost = localCfg: (if localCfg.enableHttp then ''
|
||||||
<VirtualHost *:*>
|
<VirtualHost *:${toString localCfg.httpPort}>
|
||||||
${perServerConf false cfg}
|
${perServerConf false localCfg}
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
'';
|
'' else "") + ( if localCfg.enableHttps then ''
|
||||||
|
<VirtualHost *:${toString localCfg.httpsPort}>
|
||||||
|
SSLEngine on
|
||||||
|
|
||||||
|
SSLCertificateFile ${sslServerCert}
|
||||||
|
SSLCertificateKeyFile ${sslServerKey}
|
||||||
|
|
||||||
|
${perServerConf false localCfg}
|
||||||
|
</VirtualHost>
|
||||||
|
'' else "");
|
||||||
in concatMapStrings makeVirtualHost vhosts}
|
in concatMapStrings makeVirtualHost vhosts}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|||||||
@ -29,6 +29,27 @@
|
|||||||
";
|
";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
httpsPort = mkOption {
|
||||||
|
default = 443;
|
||||||
|
description = "
|
||||||
|
Port for encrypted HTTPS requests.
|
||||||
|
";
|
||||||
|
};
|
||||||
|
|
||||||
|
enableHttp = mkOption {
|
||||||
|
default = true;
|
||||||
|
description = "
|
||||||
|
Whether to listen on unencrypted HTTP.
|
||||||
|
";
|
||||||
|
};
|
||||||
|
|
||||||
|
enableHttps = mkOption {
|
||||||
|
default = false;
|
||||||
|
description = "
|
||||||
|
Whether to listen on encrypted HTTPS.
|
||||||
|
";
|
||||||
|
};
|
||||||
|
|
||||||
adminAddr = mkOption ({
|
adminAddr = mkOption ({
|
||||||
example = "admin@example.org";
|
example = "admin@example.org";
|
||||||
description = "
|
description = "
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user