diff options
author | Tristan Helmich <tristan.helmich@gmail.com> | 2016-02-01 17:30:43 +0100 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2016-07-28 11:59:13 +0000 |
commit | c61157b7e6512036a7abc04a45df334162b3b111 (patch) | |
tree | e4df360602076fc667bc45a3ddd8e9351d414cb1 /nixos | |
parent | 35d76a72aba69108a369478be6cb21914d5075a5 (diff) | |
download | nixlib-c61157b7e6512036a7abc04a45df334162b3b111.tar nixlib-c61157b7e6512036a7abc04a45df334162b3b111.tar.gz nixlib-c61157b7e6512036a7abc04a45df334162b3b111.tar.bz2 nixlib-c61157b7e6512036a7abc04a45df334162b3b111.tar.lz nixlib-c61157b7e6512036a7abc04a45df334162b3b111.tar.xz nixlib-c61157b7e6512036a7abc04a45df334162b3b111.tar.zst nixlib-c61157b7e6512036a7abc04a45df334162b3b111.zip |
nginx module: Add dhParams option
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index b74a35f1e9f5..e369505fbc31 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -37,6 +37,7 @@ let ssl_ciphers ${cfg.sslCiphers}; ssl_ecdh_curve secp521r1; ssl_prefer_server_ciphers on; + ${optionalString (cfg.sslDhparam != null) "ssl_dhparam ${cfg.sslDhparam};"} ssl_stapling on; ssl_stapling_verify on; @@ -204,6 +205,13 @@ in description = "Allowed TLS protocol versions."; }; + sslDhparam = mkOption { + type = types.nullOr types.path; + default = null; + example = literalExample "/path/to/dhparams.pem"; + description = "Path to DH parameters file."; + }; + virtualHosts = mkOption { type = types.attrsOf (types.submodule (import ./vhost-options.nix { inherit lib; |