summary refs log tree commit diff
path: root/nixos/modules/services/web-servers
diff options
context:
space:
mode:
authorIzorkin <izorkin@elven.pw>2021-11-23 01:22:11 +0300
committerIzorkin <izorkin@elven.pw>2021-11-27 09:39:57 +0300
commit78546bbbc55e99120dd745768bdb90c4f0b9d428 (patch)
treeb789d495155653b93a0ffad9eca094cbe5e61fd5 /nixos/modules/services/web-servers
parent532cd57bda7def5411de9429c50ab9623c47d447 (diff)
downloadnixpkgs-78546bbbc55e99120dd745768bdb90c4f0b9d428.tar
nixpkgs-78546bbbc55e99120dd745768bdb90c4f0b9d428.tar.gz
nixpkgs-78546bbbc55e99120dd745768bdb90c4f0b9d428.tar.bz2
nixpkgs-78546bbbc55e99120dd745768bdb90c4f0b9d428.tar.lz
nixpkgs-78546bbbc55e99120dd745768bdb90c4f0b9d428.tar.xz
nixpkgs-78546bbbc55e99120dd745768bdb90c4f0b9d428.tar.zst
nixpkgs-78546bbbc55e99120dd745768bdb90c4f0b9d428.zip
nixos/nginx: add kTLS option
Diffstat (limited to 'nixos/modules/services/web-servers')
-rw-r--r--nixos/modules/services/web-servers/nginx/default.nix11


-rw-r--r--nixos/modules/services/web-servers/nginx/vhost-options.nix11


2 files changed, 22 insertions, 0 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index 5717b86b3be..7f5c3841f1a 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -316,6 +316,9 @@ let
           ${optionalString vhost.rejectSSL ''
             ssl_reject_handshake on;
           ''}
+          ${optionalString (hasSSL && vhost.kTLS) ''
+            ssl_conf_command Options KTLS;
+          ''}
 
           ${mkBasicAuth vhostName vhost}
 
@@ -821,6 +824,14 @@ in
       }
 
       {
+        assertion = any (host: host.kTLS) (attrValues virtualHosts) -> versionAtLeast cfg.package.version "1.21.4";
+        message = ''
+          services.nginx.virtualHosts.<name>.kTLS requires nginx version
+          1.21.4 or above; see the documentation for services.nginx.package.
+        '';
+      }
+
+      {
         assertion = all (host: !(host.enableACME && host.useACMEHost != null)) (attrValues virtualHosts);
         message = ''
           Options services.nginx.service.virtualHosts.<name>.enableACME and
diff --git a/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixos/modules/services/web-servers/nginx/vhost-options.nix
index 7ee041d3721..7f49ce9586c 100644
--- a/nixos/modules/services/web-servers/nginx/vhost-options.nix
+++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix
@@ -147,6 +147,17 @@ with lib;
       '';
     };
 
+    kTLS = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to enable kTLS support.
+        Implementing TLS in the kernel (kTLS) improves performance by significantly
+        reducing the need for copying operations between user space and the kernel.
+        Required Nginx version 1.21.4 or later.
+      '';
+    };
+
     sslCertificate = mkOption {
       type = types.path;
       example = "/var/host.cert";

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-04 16:27:52 +0000