diff options
author | Bob van der Linden <bobvanderlinden@gmail.com> | 2017-01-16 16:46:43 +0100 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2017-01-25 14:55:55 +0100 |
commit | d9987f360a72b97b346f13f7d5ec1bf58f284e52 (patch) | |
tree | a9018ab8d4d9eab6f6cf35e6832d582f0a87d6f3 /nixos | |
parent | b9b95aa4d44e9084bb6d5bbc3a1c7f2d32f45ff6 (diff) | |
download | nixpkgs-d9987f360a72b97b346f13f7d5ec1bf58f284e52.tar nixpkgs-d9987f360a72b97b346f13f7d5ec1bf58f284e52.tar.gz nixpkgs-d9987f360a72b97b346f13f7d5ec1bf58f284e52.tar.bz2 nixpkgs-d9987f360a72b97b346f13f7d5ec1bf58f284e52.tar.lz nixpkgs-d9987f360a72b97b346f13f7d5ec1bf58f284e52.tar.xz nixpkgs-d9987f360a72b97b346f13f7d5ec1bf58f284e52.tar.zst nixpkgs-d9987f360a72b97b346f13f7d5ec1bf58f284e52.zip |
nginx: added serverName option for virtualHosts
This allows overriding the `server_name` attribute of virtual hosts. By doing so it is possible to have multiple virtualHost definitions that share the same `server_name`. This is useful in particular when you need a HTTP as well as a HTTPS virtualhost: same server_name, different port.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 40 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/nginx/vhost-options.nix | 9 |
2 files changed, 33 insertions, 16 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 68a672c42c9..c9eacdd85dc 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -5,7 +5,11 @@ with lib; let cfg = config.services.nginx; virtualHosts = mapAttrs (vhostName: vhostConfig: - vhostConfig // (optionalAttrs vhostConfig.enableACME { + vhostConfig // { + serverName = if vhostConfig.serverName != null + then vhostConfig.serverName + else vhostName; + } // (optionalAttrs vhostConfig.enableACME { sslCertificate = "/var/lib/acme/${vhostName}/fullchain.pem"; sslCertificateKey = "/var/lib/acme/${vhostName}/key.pem"; }) @@ -112,8 +116,9 @@ let ${cfg.appendConfig} ''; - vhosts = concatStringsSep "\n" (mapAttrsToList (serverName: vhost: + vhosts = concatStringsSep "\n" (mapAttrsToList (vhostName: vhost: let + serverName = vhost.serverName; ssl = vhost.enableSSL || vhost.forceSSL; port = if vhost.port != null then vhost.port else (if ssl then 443 else 80); listenString = toString port + optionalString ssl " ssl http2" @@ -161,7 +166,7 @@ let ssl_certificate_key ${vhost.sslCertificateKey}; ''} - ${optionalString (vhost.basicAuth != {}) (mkBasicAuth serverName vhost.basicAuth)} + ${optionalString (vhost.basicAuth != {}) (mkBasicAuth vhostName vhost.basicAuth)} ${mkLocations vhost.locations} @@ -178,8 +183,8 @@ let ${config.extraConfig} } '') locations); - mkBasicAuth = serverName: authDef: let - htpasswdFile = pkgs.writeText "${serverName}.htpasswd" ( + mkBasicAuth = vhostName: authDef: let + htpasswdFile = pkgs.writeText "${vhostName}.htpasswd" ( concatStringsSep "\n" (mapAttrsToList (user: password: '' ${user}:{PLAIN}${password} '') authDef) @@ -393,17 +398,20 @@ in }; security.acme.certs = filterAttrs (n: v: v != {}) ( - mapAttrs (vhostName: vhostConfig: - optionalAttrs vhostConfig.enableACME { - user = cfg.user; - group = cfg.group; - webroot = vhostConfig.acmeRoot; - extraDomains = genAttrs vhostConfig.serverAliases (alias: null); - postRun = '' - systemctl reload nginx - ''; - } - ) virtualHosts + let + vhostsConfigs = mapAttrsToList (vhostName: vhostConfig: vhostConfig) virtualHosts; + acmeEnabledVhosts = filter (vhostConfig: vhostConfig.enableACME) vhostsConfigs; + acmePairs = map (vhostConfig: { name = vhostConfig.serverName; value = { + user = cfg.user; + group = cfg.group; + webroot = vhostConfig.acmeRoot; + extraDomains = genAttrs vhostConfig.serverAliases (alias: null); + postRun = '' + systemctl reload nginx + ''; + }; }) acmeEnabledVhosts; + in + listToAttrs acmePairs ); users.extraUsers = optionalAttrs (cfg.user == "nginx") (singleton diff --git a/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixos/modules/services/web-servers/nginx/vhost-options.nix index dcebbc9229f..c0ea645b3df 100644 --- a/nixos/modules/services/web-servers/nginx/vhost-options.nix +++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix @@ -8,6 +8,15 @@ with lib; { options = { + serverName = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Name of this virtual host. Defaults to attribute name in virtualHosts. + ''; + example = "example.org"; + }; + serverAliases = mkOption { type = types.listOf types.str; default = []; |