diff options
| author | Gabriel Fontes <hi@m7.rs> | 2023-12-01 15:42:46 -0300 |
|---|---|---|
| committer | Gabriel Fontes <hi@m7.rs> | 2023-12-11 11:09:02 -0300 |
| commit | a3c60d2ddc9f70dca3fa5c5926aefc9a74bd2519 (patch) | |
| tree | 3e417cec2c0236f2c79e7e43069e92738bccb15f /nixos/modules/services/web-servers/nginx/vhost-options.nix | |
| parent | 72061433dd3711fe9a06b177323e4ffd4a81847a (diff) | |
| download | nixlib-a3c60d2ddc9f70dca3fa5c5926aefc9a74bd2519.tar nixlib-a3c60d2ddc9f70dca3fa5c5926aefc9a74bd2519.tar.gz nixlib-a3c60d2ddc9f70dca3fa5c5926aefc9a74bd2519.tar.bz2 nixlib-a3c60d2ddc9f70dca3fa5c5926aefc9a74bd2519.tar.lz nixlib-a3c60d2ddc9f70dca3fa5c5926aefc9a74bd2519.tar.xz nixlib-a3c60d2ddc9f70dca3fa5c5926aefc9a74bd2519.tar.zst nixlib-a3c60d2ddc9f70dca3fa5c5926aefc9a74bd2519.zip | |
nixos/nginx: make redirect status code configurable
Add an option to configure which code globalRedirect and forceSSL use. It previously was always 301 with no easy way to override.
Diffstat (limited to 'nixos/modules/services/web-servers/nginx/vhost-options.nix')
| -rw-r--r-- | nixos/modules/services/web-servers/nginx/vhost-options.nix | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixos/modules/services/web-servers/nginx/vhost-options.nix index 9db4c8e23025..64a95afab9f4 100644 --- a/nixos/modules/services/web-servers/nginx/vhost-options.nix +++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix @@ -162,10 +162,11 @@ with lib; type = types.bool; default = false; description = lib.mdDoc '' - Whether to add a separate nginx server block that permanently redirects (301) - all plain HTTP traffic to HTTPS. This will set defaults for - `listen` to listen on all interfaces on the respective default - ports (80, 443), where the non-SSL listens are used for the redirect vhosts. + Whether to add a separate nginx server block that redirects (defaults + to 301, configurable with `redirectCode`) all plain HTTP traffic to + HTTPS. This will set defaults for `listen` to listen on all interfaces + on the respective default ports (80, 443), where the non-SSL listens + are used for the redirect vhosts. ''; }; @@ -307,8 +308,20 @@ with lib; default = null; example = "newserver.example.org"; description = lib.mdDoc '' - If set, all requests for this host are redirected permanently to - the given hostname. + If set, all requests for this host are redirected (defaults to 301, + configurable with `redirectCode`) to the given hostname. + ''; + }; + + redirectCode = mkOption { + type = types.ints.between 300 399; + default = 301; + example = 308; + description = lib.mdDoc '' + HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases + include temporary (302, 307) redirects, keeping the request method and + body (307, 308), or explicitly resetting the method to GET (303). + See <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>. ''; }; |