c3d2/nixos-modules
c3d2/nixos-modules
22
0
Fork 0
mirror of https://github.com/SuperSandro2000/nixos-modules.git synced 2024-06-11 18:54:06 +02:00
Code Releases Activity

nginx: respect defaultListenAddresses when overwriting listen for tcp fastopen

Browse Source
This commit is contained in:
Sandro - 2024-01-30 00:59:24 +01:00
parent a57f075a11
commit 11a7f90a1c
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
modules/nginx.nix
View File

@ -25,6 +25,7 @@ in
Wether to add a default server which always responds with 404. Wether to add a default server which always responds with 404.
This is useful when using a wildcard cname with a wildcard certitificate to not return the first server entry in the config on unknown subdomains This is useful when using a wildcard cname with a wildcard certitificate to not return the first server entry in the config on unknown subdomains
or to do the same for an old and not fully removed domain. or to do the same for an old and not fully removed domain.
The addresses to listen on are derived from services.nginx.defaultListenAddresses.
''; '';
}; };
@ -180,12 +181,10 @@ in
"/".return = 404; "/".return = 404;
}; };
listen = lib.mkIf cfg.tcpFastOpen (lib.mkDefault [ listen = lib.mkIf cfg.tcpFastOpen (lib.mkDefault (lib.flatten (map (addr: [
{ addr = "0.0.0.0"; port = 80; inherit extraParameters; } { inherit addr; port = 80; inherit extraParameters; }
{ addr = "0.0.0.0"; port = 443; ssl = true; inherit extraParameters; } { inherit addr; port = 443; ssl = true; inherit extraParameters; }
{ addr = "[::]"; port = 80; inherit extraParameters; } ]) config.services.nginx.defaultListenAddresses)));
{ addr = "[::]"; port = 443; ssl = true; inherit extraParameters; }
]);
quic = lib.mkIf cfg.configureQuic true; quic = lib.mkIf cfg.configureQuic true;
}; };