nixos/modules/services/networking/nghttpx/backend-params-submodule.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / nghttpx / backend-params-submodule.nix
at 25.11-pre 4.6 kB view raw
  1{ lib, ... }:
  2{
  3  options = {
  4    proto = lib.mkOption {
  5      type = lib.types.enum [
  6        "h2"
  7        "http/1.1"
  8      ];
  9      default = "http/1.1";
 10      description = ''
 11        This option configures the protocol the backend server expects
 12        to use.
 13
 14        Please see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b>
 15        for more detail.
 16      '';
 17    };
 18
 19    tls = lib.mkOption {
 20      type = lib.types.bool;
 21      default = false;
 22      description = ''
 23        This option determines whether nghttpx will negotiate its
 24        connection with a backend server using TLS or not. The burden
 25        is on the backend server to provide the TLS certificate!
 26
 27        Please see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b>
 28        for more detail.
 29      '';
 30    };
 31
 32    sni = lib.mkOption {
 33      type = lib.types.nullOr lib.types.str;
 34      default = null;
 35      description = ''
 36        Override the TLS SNI field value. This value (in nghttpx)
 37        defaults to the host value of the backend configuration.
 38
 39        Please see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b>
 40        for more detail.
 41      '';
 42    };
 43
 44    fall = lib.mkOption {
 45      type = lib.types.int;
 46      default = 0;
 47      description = ''
 48        If nghttpx cannot connect to the backend N times in a row, the
 49        backend is assumed to be offline and is excluded from load
 50        balancing. If N is 0 the backend is never excluded from load
 51        balancing.
 52
 53        Please see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b>
 54        for more detail.
 55      '';
 56    };
 57
 58    rise = lib.mkOption {
 59      type = lib.types.int;
 60      default = 0;
 61      description = ''
 62        If the backend is excluded from load balancing, nghttpx will
 63        periodically attempt to make a connection to the backend. If
 64        the connection is successful N times in a row the backend is
 65        re-included in load balancing. If N is 0 a backend is never
 66        reconsidered for load balancing once it falls.
 67
 68        Please see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b>
 69        for more detail.
 70      '';
 71    };
 72
 73    affinity = lib.mkOption {
 74      type = lib.types.enum [
 75        "ip"
 76        "none"
 77      ];
 78      default = "none";
 79      description = ''
 80        If "ip" is given, client IP based session affinity is
 81        enabled. If "none" is given, session affinity is disabled.
 82
 83        Session affinity is enabled (by nghttpx) per-backend
 84        pattern. If at least one backend has a non-"none" affinity,
 85        then session affinity is enabled for all backend servers
 86        sharing the same pattern.
 87
 88        It is advised to set affinity on all backends explicitly if
 89        session affinity is desired. The session affinity may break if
 90        one of the backend gets unreachable, or backend settings are
 91        reloaded or replaced by API.
 92
 93        Please see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b>
 94        for more detail.
 95      '';
 96    };
 97
 98    dns = lib.mkOption {
 99      type = lib.types.bool;
100      default = false;
101      description = ''
102        Name resolution of a backends host name is done at start up,
103        or configuration reload. If "dns" is true, name resolution
104        takes place dynamically.
105
106        This is useful if a backends address changes frequently. If
107        "dns" is true, name resolution of a backend's host name at
108        start up, or configuration reload is skipped.
109
110        Please see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b>
111        for more detail.
112      '';
113    };
114
115    redirect-if-not-tls = lib.mkOption {
116      type = lib.types.bool;
117      default = false;
118      description = ''
119        If true, a backend match requires the frontend connection be
120        TLS encrypted. If it is not, nghttpx responds to the request
121        with a 308 status code and https URI the client should use
122        instead in the Location header.
123
124        The port number in the redirect URI is 443 by default and can
125        be changed using 'services.nghttpx.redirect-https-port'
126        option.
127
128        If at least one backend has "redirect-if-not-tls" set to true,
129        this feature is enabled for all backend servers with the same
130        pattern. It is advised to set "redirect-if-no-tls" parameter
131        to all backends explicitly if this feature is desired.
132
133        Please see <https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b>
134        for more detail.
135      '';
136    };
137  };
138}