diff options
author | Izorkin <izorkin@elven.pw> | 2021-11-23 01:22:11 +0300 |
---|---|---|
committer | Izorkin <izorkin@elven.pw> | 2021-11-27 09:39:57 +0300 |
commit | 78546bbbc55e99120dd745768bdb90c4f0b9d428 (patch) | |
tree | b789d495155653b93a0ffad9eca094cbe5e61fd5 /nixos/modules/services/web-servers | |
parent | 532cd57bda7def5411de9429c50ab9623c47d447 (diff) | |
download | nixpkgs-78546bbbc55e99120dd745768bdb90c4f0b9d428.tar nixpkgs-78546bbbc55e99120dd745768bdb90c4f0b9d428.tar.gz nixpkgs-78546bbbc55e99120dd745768bdb90c4f0b9d428.tar.bz2 nixpkgs-78546bbbc55e99120dd745768bdb90c4f0b9d428.tar.lz nixpkgs-78546bbbc55e99120dd745768bdb90c4f0b9d428.tar.xz nixpkgs-78546bbbc55e99120dd745768bdb90c4f0b9d428.tar.zst nixpkgs-78546bbbc55e99120dd745768bdb90c4f0b9d428.zip |
nixos/nginx: add kTLS option
Diffstat (limited to 'nixos/modules/services/web-servers')
-rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 11 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/nginx/vhost-options.nix | 11 |
2 files changed, 22 insertions, 0 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 5717b86b3be..7f5c3841f1a 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -316,6 +316,9 @@ let ${optionalString vhost.rejectSSL '' ssl_reject_handshake on; ''} + ${optionalString (hasSSL && vhost.kTLS) '' + ssl_conf_command Options KTLS; + ''} ${mkBasicAuth vhostName vhost} @@ -821,6 +824,14 @@ in } { + assertion = any (host: host.kTLS) (attrValues virtualHosts) -> versionAtLeast cfg.package.version "1.21.4"; + message = '' + services.nginx.virtualHosts.<name>.kTLS requires nginx version + 1.21.4 or above; see the documentation for services.nginx.package. + ''; + } + + { assertion = all (host: !(host.enableACME && host.useACMEHost != null)) (attrValues virtualHosts); message = '' Options services.nginx.service.virtualHosts.<name>.enableACME and diff --git a/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixos/modules/services/web-servers/nginx/vhost-options.nix index 7ee041d3721..7f49ce9586c 100644 --- a/nixos/modules/services/web-servers/nginx/vhost-options.nix +++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix @@ -147,6 +147,17 @@ with lib; ''; }; + kTLS = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable kTLS support. + Implementing TLS in the kernel (kTLS) improves performance by significantly + reducing the need for copying operations between user space and the kernel. + Required Nginx version 1.21.4 or later. + ''; + }; + sslCertificate = mkOption { type = types.path; example = "/var/host.cert"; |