diff options
author | Marc Weber <marco-oweber@gmx.de> | 2016-11-12 15:35:32 +0100 |
---|---|---|
committer | Marc Weber <marco-oweber@gmx.de> | 2016-11-12 15:35:38 +0100 |
commit | b51f165334dcc30db4d6dd2a1c0c20d036c0fa6e (patch) | |
tree | 1355ca4f7e5c8934d4b0fec45064300fe6109722 /nixos/modules/services/web-servers/apache-httpd/default.nix | |
parent | fbc7f75a84dd342c66af582f54a439ce25e4b306 (diff) | |
download | nixpkgs-b51f165334dcc30db4d6dd2a1c0c20d036c0fa6e.tar nixpkgs-b51f165334dcc30db4d6dd2a1c0c20d036c0fa6e.tar.gz nixpkgs-b51f165334dcc30db4d6dd2a1c0c20d036c0fa6e.tar.bz2 nixpkgs-b51f165334dcc30db4d6dd2a1c0c20d036c0fa6e.tar.lz nixpkgs-b51f165334dcc30db4d6dd2a1c0c20d036c0fa6e.tar.xz nixpkgs-b51f165334dcc30db4d6dd2a1c0c20d036c0fa6e.tar.zst nixpkgs-b51f165334dcc30db4d6dd2a1c0c20d036c0fa6e.zip |
apache-httpd
* Introduce listen = [ { ip = "*"; port = 443; } ]; configuartion. * deprecated port = 443 option which is no longer needed
Diffstat (limited to 'nixos/modules/services/web-servers/apache-httpd/default.nix')
-rw-r--r-- | nixos/modules/services/web-servers/apache-httpd/default.nix | 43 |
1 files changed, 29 insertions, 14 deletions
diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index 397857ea085..2d71bcc0c79 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -16,7 +16,17 @@ let phpMajorVersion = head (splitString "." php.version); - getPort = cfg: if cfg.port != 0 then cfg.port else if cfg.enableSSL then 443 else 80; + defaultListen = cfg: if cfg.enableSSL + then [{ip = "*"; port = 443;}] + else [{ip = "*"; port = 80;}]; + + getListen = cfg: + let list = (lib.optional (cfg.port != 0) {ip = "*"; port = cfg.port;}) ++ cfg.listen; + in if list == [] + then defaultListen cfg + else list; + + listenToString = l: "${l.ip}:${toString l.port}"; extraModules = attrByPath ["extraModules"] [] mainCfg; extraForeignModules = filter isAttrs extraModules; @@ -25,10 +35,13 @@ let makeServerInfo = cfg: { # Canonical name must not include a trailing slash. - canonicalName = - (if cfg.enableSSL then "https" else "http") + "://" + - cfg.hostName + - (if getPort cfg != (if cfg.enableSSL then 443 else 80) then ":${toString (getPort cfg)}" else ""); + canonicalNames = + let defaultPort = (head (defaultListen cfg)).port; in + map (port: + (if cfg.enableSSL then "https" else "http") + "://" + + cfg.hostName + + (if port != defaultPort then ":${toString port}" else "") + ) (map (x: x.port) (getListen cfg)); # Admin address: inherit from the main server if not specified for # a virtual host. @@ -224,7 +237,7 @@ let ++ (map (svc: svc.robotsEntries) subservices))); in '' - ServerName ${serverInfo.canonicalName} + ${concatStringsSep "\n" (map (n: "ServerName ${n}") serverInfo.canonicalNames)} ${concatMapStrings (alias: "ServerAlias ${alias}\n") cfg.serverAliases} @@ -326,9 +339,10 @@ let </IfModule> ${let - ports = map getPort allHosts; - uniquePorts = uniqList {inputList = ports;}; - in concatMapStrings (port: "Listen ${toString port}\n") uniquePorts + listen = concatMap getListen allHosts; + toStr = listen: "Listen ${listenToString listen}\n"; + uniqueListen = uniqList {inputList = map toStr listen;}; + in concatStrings uniqueListen } User ${mainCfg.user} @@ -382,15 +396,15 @@ let # Always enable virtual hosts; it doesn't seem to hurt. ${let - ports = map getPort allHosts; - uniquePorts = uniqList {inputList = ports;}; - directives = concatMapStrings (port: "NameVirtualHost *:${toString port}\n") uniquePorts; + listen = concatMap getListen allHosts; + uniqueListen = uniqList {inputList = listen;}; + directives = concatMapStrings (listen: "NameVirtualHost ${listenToString listen}\n") uniqueListen; in optionalString (!version24) directives } ${let makeVirtualHost = vhost: '' - <VirtualHost *:${toString (getPort vhost)}> + <VirtualHost ${concatStringsSep " " (map listenToString (getListen vhost))}> ${perServerConf false vhost} </VirtualHost> ''; @@ -628,6 +642,8 @@ in message = "SSL is enabled for httpd, but sslServerCert and/or sslServerKey haven't been specified."; } ]; + warnings = map (cfg: ''apache-httpd's port option is deprecated. Use listen = [{/*ip = "*"; */ port = ${toString cfg.port}";}]; instead'' ) (lib.filter (cfg: cfg.port != 0) allHosts); + users.extraUsers = optionalAttrs (mainCfg.user == "wwwrun") (singleton { name = "wwwrun"; group = mainCfg.group; @@ -712,5 +728,4 @@ in }; }; - } |