diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2017-02-11 04:09:11 +0100 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2017-08-30 21:01:52 +0200 |
commit | 530282eebec47b8e4afc93de8caf607c621fd6cc (patch) | |
tree | 9d78d6d826519e003242a6dd903067dd8632eeb0 /nixos/modules/services | |
parent | 0371f2b5cc0a8d7b146af4e88f4c583e4ced73eb (diff) | |
download | nixlib-530282eebec47b8e4afc93de8caf607c621fd6cc.tar nixlib-530282eebec47b8e4afc93de8caf607c621fd6cc.tar.gz nixlib-530282eebec47b8e4afc93de8caf607c621fd6cc.tar.bz2 nixlib-530282eebec47b8e4afc93de8caf607c621fd6cc.tar.lz nixlib-530282eebec47b8e4afc93de8caf607c621fd6cc.tar.xz nixlib-530282eebec47b8e4afc93de8caf607c621fd6cc.tar.zst nixlib-530282eebec47b8e4afc93de8caf607c621fd6cc.zip |
nginx module: fix applying recommended proxy headers
Previously, if proxy_set_header would be used in an extraConfig of a location, the headers defined in the http block by recommendedProxySettings would be cleared. As this is not the intended behaviour, these settings are now included from a separate file if needed.
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 24 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/nginx/location-options.nix | 3 |
2 files changed, 17 insertions, 10 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 70c1d9942063..1aa8000502f5 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -19,6 +19,16 @@ let ) cfg.virtualHosts; enableIPv6 = config.networking.enableIPv6; + recommendedProxyConfig = pkgs.writeText "nginx-recommended-proxy-headers.conf" '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header Accept-Encoding ""; + ''; + configFile = pkgs.writeText "nginx.conf" '' user ${cfg.user} ${cfg.group}; error_log stderr; @@ -74,19 +84,12 @@ let ''} ${optionalString (cfg.recommendedProxySettings) '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header Accept-Encoding ""; - proxy_redirect off; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_http_version 1.0; + include ${recommendedProxyConfig}; ''} client_max_body_size ${cfg.clientMaxBodySize}; @@ -206,7 +209,10 @@ let ) virtualHosts); mkLocations = locations: concatStringsSep "\n" (mapAttrsToList (location: config: '' location ${location} { - ${optionalString (config.proxyPass != null) "proxy_pass ${config.proxyPass};"} + ${optionalString (config.proxyPass != null) '' + proxy_pass ${config.proxyPass}; + ${optionalString cfg.recommendedProxySettings "include ${recommendedProxyConfig};"} + ''} ${optionalString (config.index != null) "index ${config.index};"} ${optionalString (config.tryFiles != null) "try_files ${config.tryFiles};"} ${optionalString (config.root != null) "root ${config.root};"} diff --git a/nixos/modules/services/web-servers/nginx/location-options.nix b/nixos/modules/services/web-servers/nginx/location-options.nix index 83ce0f717341..d6f57404f822 100644 --- a/nixos/modules/services/web-servers/nginx/location-options.nix +++ b/nixos/modules/services/web-servers/nginx/location-options.nix @@ -14,7 +14,8 @@ with lib; default = null; example = "http://www.example.org/"; description = '' - Adds proxy_pass directive. + Adds proxy_pass directive and sets recommended proxy headers if + recommendedProxySettings is enabled. ''; }; |