c3d2/nixos-modules
c3d2
/
nixos-modules
mirror of https://github.com/SuperSandro2000/nixos-modules.git
22
0
Fork 0
Code Releases Activity

nginx: respect defaultListenAddresses when overwriting listen for tcp fastopen

This commit is contained in:
Sandro - 2024-01-30 00:59:24 +01:00
parent a57f075a11
commit 11a7f90a1c
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
modules/nginx.nix
View File

@ -25,6 +25,7 @@ in
Wether to add a default server which always responds with 404.
This is useful when using a wildcard cname with a wildcard certitificate to not return the first server entry in the config on unknown subdomains
or to do the same for an old and not fully removed domain.
The addresses to listen on are derived from services.nginx.defaultListenAddresses.
'';
};
@ -180,12 +181,10 @@ in
"/".return = 404;
};
listen = lib.mkIf cfg.tcpFastOpen (lib.mkDefault [
{ addr = "0.0.0.0"; port = 80; inherit extraParameters; }
{ addr = "0.0.0.0"; port = 443; ssl = true; inherit extraParameters; }
{ addr = "[::]"; port = 80; inherit extraParameters; }
{ addr = "[::]"; port = 443; ssl = true; inherit extraParameters; }
]);
listen = lib.mkIf cfg.tcpFastOpen (lib.mkDefault (lib.flatten (map (addr: [
{ inherit addr; port = 80; inherit extraParameters; }
{ inherit addr; port = 443; ssl = true; inherit extraParameters; }
]) config.services.nginx.defaultListenAddresses)));
quic = lib.mkIf cfg.configureQuic true;
};