pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / web-servers / nginx / vhost-options.nix
at 16.09-beta 3.6 kB view raw
1# This file defines the options that can be used both for the Apache 2# main server configuration, and for the virtual hosts. (The latter 3# has additional options that affect the web server as a whole, like 4# the user/group to run under.) 5 6{ lib }: 7 8with lib; 9{ 10 options = { 11 serverAliases = mkOption { 12 type = types.listOf types.str; 13 default = []; 14 example = ["www.example.org" "example.org"]; 15 description = '' 16 Additional names of virtual hosts served by this virtual host configuration. 17 ''; 18 }; 19 20 port = mkOption { 21 type = types.nullOr types.int; 22 default = null; 23 description = '' 24 Port for the server. Defaults to 80 for http 25 and 443 for https (i.e. when enableSSL is set). 26 ''; 27 }; 28 29 enableACME = mkOption { 30 type = types.bool; 31 default = false; 32 description = "Whether to ask Let's Encrypt to sign a certificate for this vhost."; 33 }; 34 35 acmeRoot = mkOption { 36 type = types.str; 37 default = "/var/lib/acme/acme-challenge"; 38 description = "Directory to store certificates and keys managed by the ACME service."; 39 }; 40 41 acmeFallbackHost = mkOption { 42 type = types.str; 43 default = "0.0.0.0"; 44 description = '' 45 Host which to proxy requests to if acme challenge is not found. Useful 46 if you want multiple hosts to be able to verify the same domain name. 47 ''; 48 }; 49 50 enableSSL = mkOption { 51 type = types.bool; 52 default = false; 53 description = "Whether to enable SSL (https) support."; 54 }; 55 56 forceSSL = mkOption { 57 type = types.bool; 58 default = false; 59 description = "Whether to always redirect to https."; 60 }; 61 62 sslCertificate = mkOption { 63 type = types.path; 64 example = "/var/host.cert"; 65 description = "Path to server SSL certificate."; 66 }; 67 68 sslCertificateKey = mkOption { 69 type = types.path; 70 example = "/var/host.key"; 71 description = "Path to server SSL certificate key."; 72 }; 73 74 root = mkOption { 75 type = types.nullOr types.path; 76 default = null; 77 example = "/data/webserver/docs"; 78 description = '' 79 The path of the web root directory. 80 ''; 81 }; 82 83 default = mkOption { 84 type = types.bool; 85 default = false; 86 description = '' 87 Makes this vhost the default. 88 ''; 89 }; 90 91 extraConfig = mkOption { 92 type = types.lines; 93 default = ""; 94 description = '' 95 These lines go to the end of the vhost verbatim. 96 ''; 97 }; 98 99 globalRedirect = mkOption { 100 type = types.nullOr types.str; 101 default = null; 102 example = http://newserver.example.org/; 103 description = '' 104 If set, all requests for this host are redirected permanently to 105 the given URL. 106 ''; 107 }; 108 109 basicAuth = mkOption { 110 type = types.attrsOf types.str; 111 default = {}; 112 example = literalExample '' 113 { 114 user = "password"; 115 }; 116 ''; 117 description = '' 118 Basic Auth protection for a vhost. 119 120 WARNING: This is implemented to store the password in plain text in the 121 nix store. 122 ''; 123 }; 124 125 locations = mkOption { 126 type = types.attrsOf (types.submodule (import ./location-options.nix { 127 inherit lib; 128 })); 129 default = {}; 130 example = literalExample '' 131 { 132 "/" = { 133 proxyPass = "http://localhost:3000"; 134 }; 135 }; 136 ''; 137 description = "Declarative location config"; 138 }; 139 }; 140}