nixpkgs

Author	SHA1	Message	Date
Dan Elkouby	83c9b6ee39	nginx: use fullchain.pem for ssl_trusted_certificate Some ACME clients do not generate full.pem, which is the same as fullchain.pem + the certificate key (key.pem), which is not necessary for verifying OCSP staples.	2019-04-23 12:33:19 +03:00
Jörg Thalheim	6dd7483ce1	Merge pull request #57979 from 4z3/writeNginxConfig nixos/nginx: use nginxfmt and gixy	2019-04-04 20:23:58 +01:00
tv	59fac1a6d7	nixos/nginx: use writeNginxConfig	2019-03-23 11:16:14 +01:00
Dmitry Kalinkin	0e57b98b2c	Merge pull request #57596 from artemist/nginx-return nixos/nginx: add return option to location	2019-03-22 14:08:33 -04:00
Silvan Mosberger	f8de52a2fe	Revert "nixos/nginx: support h2c"	2019-03-15 14:31:11 +01:00
Artemis Tosini	fee854ed01	nixos/nginx: add return option to location	2019-03-13 17:31:01 +00:00
Jordan Johnson-Doyle	04425c6223	nixos/nginx: support h2c	2019-03-08 17:50:46 +00:00
Janne Heß	3de5726e9b	nixos/nginx: Support additional listen parameters (#56835 )	2019-03-06 11:42:46 +02:00
Andreas Rammhold	768336a74b	Merge pull request #56233 from jtojnar/nginx-tlsv13 nixos/nginx: Enable TLS 1.3 support	2019-03-03 14:19:38 +01:00
Jan Tojnar	f93ff28c62	nixos/nginx: Enable TLS 1.3 support	2019-02-25 16:47:19 +01:00
Izorkin	569248b3c2	nginx: fix formating the config file	2019-02-24 19:50:58 +03:00
Izorkin	0394b177c7	nginx: formating the config file	2019-02-24 10:17:11 +03:00
Jappie Klooster	e576c3b385	doc: Fix insecure nginx docs (#51840 )	2018-12-11 11:02:56 +00:00
Izorkin	af8ae49395	nginx: add custom options	2018-10-23 21:04:07 +03:00
Franz Pletz	ebd38185c8	nixos/nextcloud: init Co-authored-by: Franz Pletz <fpletz@fnordicwalking.de> Co-authored-by: Robin Gloster <mail@glob.in> Co-authored-by: Janne Heß <janne@hess.ooo> Co-authored-by: Florian Klink <flokli@flokli.de>	2018-10-01 02:07:43 +09:30
Uli Baum	15e6e1ff6f	nixos/nginx: fix type of sslTrustedCertificate option The option was added in 1251b34b5bbcd11a7a2974df7bada5d6d47b985d with type `types.path` but default `null`, so eval failed with the default setting. This broke the acme and certmgr tests. cc: @vincentbernat @fpletz	2018-09-02 01:35:59 +02:00
Vincent Bernat	1251b34b5b	nixos/nginx: ensure TLS OCSP stapling works out of the box with LE The recommended TLS configuration comes with `ssl_stapling on` and `ssl_stapling_verify on`. However, this last directive also requires the use of `ssl_trusted_certificate` to verify the received answer. When using `enableACME` or similar, we can help the user by providing the correct value for the directive. The result can be tested with: openssl s_client -connect web.example.com:443 -status 2> /dev/null Without OCSP stapling, we get: OCSP response: no response sent After this change, we get: OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 Produced At: Aug 30 20:46:00 2018 GMT	2018-08-30 22:47:41 +02:00
Vincent Bernat	bd075eb914	nginx: add more gzipped MIME types The additions are: - image/svg+xml for SVG images - application/atom+xml for Atom feeds These types are also present in mime.types. For better readability, the list is sorted and formatted with one type per line.	2018-08-26 21:48:55 +02:00
Vincent Bernat	06a5fb2ada	nginx: use a compression level of 5 in recommended configuration While there is little gain of space to use a compression level of 9, the CPU usage is significant. Many experiments point to use something between 4 and 6. For example: - https://mjanja.ch/2015/03/finding-the-nginx-gzip_comp_level-sweet-spot/ - `3bda5b93ed/nginx.conf (L93)`	2018-08-26 21:43:34 +02:00
volth	2e979e8ceb	[bot] nixos/*: remove unused arguments in lambdas	2018-07-20 20:56:59 +00:00
Florian Klink	fff5923686	nixos/modules: users.(extraUsers\|extraGroup->users\|group)	2018-06-30 03:02:58 +02:00
Jan Tojnar	bd648f321c	nixos/nginx: emphasize that useACMEHost does not create certs It was not entirely clean that `services.nginx.virtualHosts.<name>.useACMEHost` does not create certificates, see https://github.com/NixOS/nixpkgs/issues/40593	2018-05-17 20:48:02 +02:00
Nikolay Amiantov	a08645e9be	nginx module: add upstream extraConfig	2018-05-08 16:32:11 +03:00
Ben Wolsieffer	4d40adb86d	nginx: allow basic auth passwords to be specified in a file	2018-04-25 15:37:09 +02:00
gnidorah	9029ed933c	nixos/gitweb: add gitwebTheme option	2018-04-17 20:07:01 +03:00
Jörg Thalheim	41ec2c2223	Merge pull request #38362 from orbekk/acme-path fix: nixos/nginx certificate location	2018-04-09 09:02:51 +01:00
gnidorah	073089914e	nixos/nginx: fix gitweb submodule	2018-04-06 22:36:03 +03:00
Kjetil Ørbekk	8614e22297	fix: nixos/nginx certificate location Fix issue when using a cert location other than the default.	2018-04-02 20:34:01 -04:00
gnidorah	05b535c850	git: add more deps to gitweb	2018-03-29 16:46:11 +03:00
gnidorah	2821d3fed7	gitweb: use common options	2018-03-29 16:45:32 +03:00
gnidorah	69a0c9721e	nixos/nginx: add gitweb sub-service	2018-03-29 09:06:54 +03:00
Niklas Hambüchen	f00a1514f9	nixos/nginx: validate config syntax in preStart (#24664 )	2018-02-17 09:45:25 +00:00
Jan Tojnar	41d252d7a4	nixos/nginx: allow using existing ACME certificate When a domain has a lot of subdomains, it is quite easy to hit the rate limit: https://letsencrypt.org/docs/rate-limits/ Instead you can define the certificate manually in `security.acme.certs` and list the subdomains in the `extraDomains` option.	2018-01-15 13:48:45 +01:00
Christoph Hrdinka	d890212ac8	nginx module: only turn on HTTP2 when SSL is enabled Signed-off-by: Christoph Hrdinka <c.github@hrdinka.at>	2017-12-28 00:32:24 +01:00
Niklas Hambüchen	afa97cb981	nginx service: Make http2 an option. HTTP 2 can break some things, for example due to this Chrome bug: https://bugs.chromium.org/p/chromium/issues/detail?id=796199 So the service hardcoding it to be enabled is not helpful. This commit adds an option so you can turn it off.	2017-12-19 19:59:15 +01:00
Jan Tojnar	3c48a1e06d	nixos/services.nginx: Fix globalRedirect example Virtual host globalRedirect attribute accepts a hostname not a URL `09a9a472ee/nixos/modules/services/web-servers/nginx/default.nix (L167)`	2017-10-22 15:38:08 +02:00
Robin Gloster	97a2cd0748	nginx: module fix example Closes #28926	2017-09-03 14:05:32 +02:00
Robin Gloster	7cd46a0594	nginx module: add proxyResolveWhileRunning option	2017-08-30 21:01:53 +02:00
Robin Gloster	4ffa9ddb30	nginx module: allow basic configuration of upstreams	2017-08-30 21:01:53 +02:00
Franz Pletz	759daba980	nginx module: first proxy_set_header takes precendence	2017-08-30 21:01:52 +02:00
Franz Pletz	65c2203ffc	nginx module: add option for proxying websocket requests	2017-08-30 21:01:52 +02:00
Franz Pletz	530282eebe	nginx module: fix applying recommended proxy headers Previously, if proxy_set_header would be used in an extraConfig of a location, the headers defined in the http block by recommendedProxySettings would be cleared. As this is not the intended behaviour, these settings are now included from a separate file if needed.	2017-08-30 21:01:52 +02:00
Robin Gloster	0371f2b5cc	nginx module: clean up SSL/listen handling	2017-08-30 21:01:52 +02:00
Wout Mertens	339330b322	Merge pull request #27426 from rnhmjoj/nginx nginx: make enabling SSL port-specific	2017-08-07 16:46:28 +02:00
Robin Gloster	94a2cba8d9	nginx module: add resolver config	2017-08-04 02:15:46 +02:00
Robin Gloster	75bbcd4215	nginx module: include uwsgi_params	2017-08-04 02:15:01 +02:00
rnhmjoj	a912a6a291	nginx: make enabling SSL port-specific	2017-07-27 03:45:53 +02:00
Wout Mertens	c4783a982b	nginx: add gzip_vary to recommended settings Google PageSpeed recommends turning this on to allow proxies to cache	2017-07-17 20:15:59 +02:00
rnhmjoj	e40f3bea3e	nginx: make listen addresses configurable	2017-07-14 21:26:54 +02:00
Domen Kožar	02129a8788	Merge pull request #23672 from edanaher/nginx-alias Nginx alias directive	2017-03-21 15:04:02 +01:00

1 2 3

113 Commits