diff options
author | Marc Weber <marco-oweber@gmx.de> | 2016-11-12 15:35:32 +0100 |
---|---|---|
committer | Marc Weber <marco-oweber@gmx.de> | 2016-11-12 15:35:38 +0100 |
commit | b51f165334dcc30db4d6dd2a1c0c20d036c0fa6e (patch) | |
tree | 1355ca4f7e5c8934d4b0fec45064300fe6109722 /nixos/modules/services/web-servers/apache-httpd | |
parent | fbc7f75a84dd342c66af582f54a439ce25e4b306 (diff) | |
download | nixlib-b51f165334dcc30db4d6dd2a1c0c20d036c0fa6e.tar nixlib-b51f165334dcc30db4d6dd2a1c0c20d036c0fa6e.tar.gz nixlib-b51f165334dcc30db4d6dd2a1c0c20d036c0fa6e.tar.bz2 nixlib-b51f165334dcc30db4d6dd2a1c0c20d036c0fa6e.tar.lz nixlib-b51f165334dcc30db4d6dd2a1c0c20d036c0fa6e.tar.xz nixlib-b51f165334dcc30db4d6dd2a1c0c20d036c0fa6e.tar.zst nixlib-b51f165334dcc30db4d6dd2a1c0c20d036c0fa6e.zip |
apache-httpd
* Introduce listen = [ { ip = "*"; port = 443; } ]; configuartion. * deprecated port = 443 option which is no longer needed
Diffstat (limited to 'nixos/modules/services/web-servers/apache-httpd')
-rw-r--r-- | nixos/modules/services/web-servers/apache-httpd/default.nix | 43 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/apache-httpd/per-server-options.nix | 25 |
2 files changed, 52 insertions, 16 deletions
diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index 397857ea0858..2d71bcc0c79a 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -16,7 +16,17 @@ let phpMajorVersion = head (splitString "." php.version); - getPort = cfg: if cfg.port != 0 then cfg.port else if cfg.enableSSL then 443 else 80; + defaultListen = cfg: if cfg.enableSSL + then [{ip = "*"; port = 443;}] + else [{ip = "*"; port = 80;}]; + + getListen = cfg: + let list = (lib.optional (cfg.port != 0) {ip = "*"; port = cfg.port;}) ++ cfg.listen; + in if list == [] + then defaultListen cfg + else list; + + listenToString = l: "${l.ip}:${toString l.port}"; extraModules = attrByPath ["extraModules"] [] mainCfg; extraForeignModules = filter isAttrs extraModules; @@ -25,10 +35,13 @@ let makeServerInfo = cfg: { # Canonical name must not include a trailing slash. - canonicalName = - (if cfg.enableSSL then "https" else "http") + "://" + - cfg.hostName + - (if getPort cfg != (if cfg.enableSSL then 443 else 80) then ":${toString (getPort cfg)}" else ""); + canonicalNames = + let defaultPort = (head (defaultListen cfg)).port; in + map (port: + (if cfg.enableSSL then "https" else "http") + "://" + + cfg.hostName + + (if port != defaultPort then ":${toString port}" else "") + ) (map (x: x.port) (getListen cfg)); # Admin address: inherit from the main server if not specified for # a virtual host. @@ -224,7 +237,7 @@ let ++ (map (svc: svc.robotsEntries) subservices))); in '' - ServerName ${serverInfo.canonicalName} + ${concatStringsSep "\n" (map (n: "ServerName ${n}") serverInfo.canonicalNames)} ${concatMapStrings (alias: "ServerAlias ${alias}\n") cfg.serverAliases} @@ -326,9 +339,10 @@ let </IfModule> ${let - ports = map getPort allHosts; - uniquePorts = uniqList {inputList = ports;}; - in concatMapStrings (port: "Listen ${toString port}\n") uniquePorts + listen = concatMap getListen allHosts; + toStr = listen: "Listen ${listenToString listen}\n"; + uniqueListen = uniqList {inputList = map toStr listen;}; + in concatStrings uniqueListen } User ${mainCfg.user} @@ -382,15 +396,15 @@ let # Always enable virtual hosts; it doesn't seem to hurt. ${let - ports = map getPort allHosts; - uniquePorts = uniqList {inputList = ports;}; - directives = concatMapStrings (port: "NameVirtualHost *:${toString port}\n") uniquePorts; + listen = concatMap getListen allHosts; + uniqueListen = uniqList {inputList = listen;}; + directives = concatMapStrings (listen: "NameVirtualHost ${listenToString listen}\n") uniqueListen; in optionalString (!version24) directives } ${let makeVirtualHost = vhost: '' - <VirtualHost *:${toString (getPort vhost)}> + <VirtualHost ${concatStringsSep " " (map listenToString (getListen vhost))}> ${perServerConf false vhost} </VirtualHost> ''; @@ -628,6 +642,8 @@ in message = "SSL is enabled for httpd, but sslServerCert and/or sslServerKey haven't been specified."; } ]; + warnings = map (cfg: ''apache-httpd's port option is deprecated. Use listen = [{/*ip = "*"; */ port = ${toString cfg.port}";}]; instead'' ) (lib.filter (cfg: cfg.port != 0) allHosts); + users.extraUsers = optionalAttrs (mainCfg.user == "wwwrun") (singleton { name = "wwwrun"; group = mainCfg.group; @@ -712,5 +728,4 @@ in }; }; - } diff --git a/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix b/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix index 5abcc5e74900..1d53ce659005 100644 --- a/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix +++ b/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix @@ -28,9 +28,30 @@ with lib; type = types.int; default = 0; description = '' - Port for the server. 0 means use the default port: 80 for http - and 443 for https (i.e. when enableSSL is set). + Port for the server. Option will be removed, use <option>listen</option> instead. + ''; + }; + + listen = mkOption { + type = types.listOf (types.submodule ( + { + options = { + port = mkOption { + type = types.int; + description = "port to listen on"; + }; + ip = mkOption { + type = types.string; + default = "*"; + description = "Ip to listen on. 0.0.0.0 for ipv4 only, * for all."; + }; + }; + } )); + description = '' + List of { /* ip: "*"; */ port = 80;} to listen on ''; + + default = []; }; enableSSL = mkOption { |