diff options
author | Alyssa Ross <hi@alyssa.is> | 2020-05-12 14:45:39 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2020-05-12 14:56:01 +0000 |
commit | eb7dadee9c0f903f1152f8dd4165453bfa48ccf4 (patch) | |
tree | a6bd66dcbec895aae167465672af08a1ca70f089 /nixpkgs/nixos/modules/services/web-servers/apache-httpd | |
parent | 3879b925f5dae3a0eb5c98b10c1ac5a0e4d729a3 (diff) | |
parent | 683c68232e91f76386db979c461d8fbe2a018782 (diff) | |
download | nixlib-eb7dadee9c0f903f1152f8dd4165453bfa48ccf4.tar nixlib-eb7dadee9c0f903f1152f8dd4165453bfa48ccf4.tar.gz nixlib-eb7dadee9c0f903f1152f8dd4165453bfa48ccf4.tar.bz2 nixlib-eb7dadee9c0f903f1152f8dd4165453bfa48ccf4.tar.lz nixlib-eb7dadee9c0f903f1152f8dd4165453bfa48ccf4.tar.xz nixlib-eb7dadee9c0f903f1152f8dd4165453bfa48ccf4.tar.zst nixlib-eb7dadee9c0f903f1152f8dd4165453bfa48ccf4.zip |
Merge commit '683c68232e91f76386db979c461d8fbe2a018782'
Diffstat (limited to 'nixpkgs/nixos/modules/services/web-servers/apache-httpd')
-rw-r--r-- | nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix | 46 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix | 2 |
2 files changed, 27 insertions, 21 deletions
diff --git a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix index 832c8b30ee9d..8abee7130d7c 100644 --- a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -12,7 +12,7 @@ let httpdConf = cfg.configFile; - php = cfg.phpPackage.override { apacheHttpd = pkg.dev; /* otherwise it only gets .out */ }; + php = cfg.phpPackage.override { apacheHttpd = pkg; }; phpMajorVersion = lib.versions.major (lib.getVersion php); @@ -41,9 +41,9 @@ let "mime" "autoindex" "negotiation" "dir" "alias" "rewrite" "unixd" "slotmem_shm" "socache_shmcb" - "mpm_${cfg.multiProcessingModule}" + "mpm_${cfg.mpm}" ] - ++ (if cfg.multiProcessingModule == "prefork" then [ "cgi" ] else [ "cgid" ]) + ++ (if cfg.mpm == "prefork" then [ "cgi" ] else [ "cgid" ]) ++ optional enableHttp2 "http2" ++ optional enableSSL "ssl" ++ optional enableUserDir "userdir" @@ -264,7 +264,7 @@ let PidFile ${runtimeDir}/httpd.pid - ${optionalString (cfg.multiProcessingModule != "prefork") '' + ${optionalString (cfg.mpm != "prefork") '' # mod_cgid requires this. ScriptSock ${runtimeDir}/cgisock ''} @@ -338,6 +338,7 @@ let } '' cat ${php}/etc/php.ini > $out + cat ${php.phpIni} > $out echo "$options" >> $out ''; @@ -349,6 +350,7 @@ in imports = [ (mkRemovedOptionModule [ "services" "httpd" "extraSubservices" ] "Most existing subservices have been ported to the NixOS module system. Please update your configuration accordingly.") (mkRemovedOptionModule [ "services" "httpd" "stateDir" ] "The httpd module now uses /run/httpd as a runtime directory.") + (mkRenamedOptionModule [ "services" "httpd" "multiProcessingModule" ] [ "services" "httpd" "mpm" ]) # virtualHosts options (mkRemovedOptionModule [ "services" "httpd" "documentRoot" ] "Please define a virtual host using `services.httpd.virtualHosts`.") @@ -453,7 +455,13 @@ in type = types.str; default = "wwwrun"; description = '' - User account under which httpd runs. + User account under which httpd children processes run. + + If you require the main httpd process to run as + <literal>root</literal> add the following configuration: + <programlisting> + systemd.services.httpd.serviceConfig.User = lib.mkForce "root"; + </programlisting> ''; }; @@ -461,7 +469,7 @@ in type = types.str; default = "wwwrun"; description = '' - Group under which httpd runs. + Group under which httpd children processes run. ''; }; @@ -538,20 +546,19 @@ in ''; }; - multiProcessingModule = mkOption { + mpm = mkOption { type = types.enum [ "event" "prefork" "worker" ]; - default = "prefork"; + default = "event"; example = "worker"; description = '' Multi-processing module to be used by Apache. Available - modules are <literal>prefork</literal> (the default; - handles each request in a separate child process), - <literal>worker</literal> (hybrid approach that starts a - number of child processes each running a number of - threads) and <literal>event</literal> (a recent variant of - <literal>worker</literal> that handles persistent - connections more efficiently). + modules are <literal>prefork</literal> (handles each + request in a separate child process), <literal>worker</literal> + (hybrid approach that starts a number of child processes + each running a number of threads) and <literal>event</literal> + (the default; a recent variant of <literal>worker</literal> + that handles persistent connections more efficiently). ''; }; @@ -651,7 +658,7 @@ in services.httpd.phpOptions = '' ; Needed for PHP's mail() function. - sendmail_path = sendmail -t -i + sendmail_path = ${pkgs.system-sendmail}/bin/sendmail -t -i ; Don't advertise PHP expose_php = off @@ -702,9 +709,7 @@ in wants = concatLists (map (hostOpts: [ "acme-${hostOpts.hostName}.service" "acme-selfsigned-${hostOpts.hostName}.service" ]) vhostsACME); after = [ "network.target" "fs.target" ] ++ map (hostOpts: "acme-selfsigned-${hostOpts.hostName}.service") vhostsACME; - path = - [ pkg pkgs.coreutils pkgs.gnugrep ] - ++ optional cfg.enablePHP pkgs.system-sendmail; # Needed for PHP's mail() function. + path = [ pkg pkgs.coreutils pkgs.gnugrep ]; environment = optionalAttrs cfg.enablePHP { PHPRC = phpIni; } @@ -724,7 +729,7 @@ in ExecStart = "@${pkg}/bin/httpd httpd -f ${httpdConf}"; ExecStop = "${pkg}/bin/httpd -f ${httpdConf} -k graceful-stop"; ExecReload = "${pkg}/bin/httpd -f ${httpdConf} -k graceful"; - User = "root"; + User = cfg.user; Group = cfg.group; Type = "forking"; PIDFile = "${runtimeDir}/httpd.pid"; @@ -732,6 +737,7 @@ in RestartSec = "5s"; RuntimeDirectory = "httpd httpd/runtime"; RuntimeDirectoryMode = "0750"; + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; }; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix index 2e806afb42c5..173c0f8561c0 100644 --- a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix +++ b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix @@ -137,7 +137,7 @@ in http2 = mkOption { type = types.bool; - default = false; + default = true; description = '' Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. <emphasis>However, if you use the prefork mpm, there will be severe restrictions.</emphasis> Refer to <link xlink:href="https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config"/> for details. |