nixos/nginx: add locations."name".uwsgiPass option and use it

NixOS · Oct 23, 2024 · 7109748 · 7109748
1 parent 73bed75
commit 7109748
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 8 deletions.
diff --git a/nixos/modules/services/mail/mailman.nix b/nixos/modules/services/mail/mailman.nix
@@ -441,7 +441,7 @@ in {
       enable = lib.mkDefault true;
       virtualHosts = lib.genAttrs cfg.webHosts (webHost: {
         locations = {
-          ${cfg.serve.virtualRoot}.extraConfig = "uwsgi_pass unix:/run/mailman-web.socket;";
+          ${cfg.serve.virtualRoot}.uwsgiPass = "unix:/run/mailman-web.socket";
           "${lib.removeSuffix "/" cfg.serve.virtualRoot}/static/".alias = webSettings.STATIC_ROOT + "/";
         };
       });

diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
@@ -94,14 +94,16 @@ let
     REDIRECT_STATUS   = "200";
   };
 
-  recommendedProxyConfig = pkgs.writeText "nginx-recommended-proxy-headers.conf" ''
-    proxy_set_header        Host $host;
-    proxy_set_header        X-Real-IP $remote_addr;
-    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header        X-Forwarded-Proto $scheme;
-    proxy_set_header        X-Forwarded-Host $host;
-    proxy_set_header        X-Forwarded-Server $host;
+  recommendedProxyHeader = command: pkgs.writeText "nginx-recommended-${command}-headers.conf" ''
+    ${command}        Host $host;
+    ${command}        X-Real-IP $remote_addr;
+    ${command}        X-Forwarded-For $proxy_add_x_forwarded_for;
+    ${command}        X-Forwarded-Proto $scheme;
+    ${command}        X-Forwarded-Host $host;
+    ${command}        X-Forwarded-Server $host;
   '';
+  recommendedProxyConfig = recommendedProxyHeader "proxy_set_header";
+  recommendedUwsgiConfig = recommendedProxyHeader "uwsgi_param";
 
   proxyCachePathConfig = concatStringsSep "\n" (mapAttrsToList (name: proxyCachePath: ''
     proxy_cache_path ${concatStringsSep " " [
@@ -236,6 +238,11 @@ let
         # https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes/#no-keepalives
         proxy_set_header        "Connection" "";
         include ${recommendedProxyConfig};
+
+        uwsgi_connect_timeout   ${cfg.proxyTimeout}
+        uwsgi_send_timeout      ${cfg.proxyTimeout}
+        uwsgi_read_timeout      ${cfg.proxyTimeout}
+        include ${recommendedUwsgiConfig};
       ''}
 
       ${optionalString (cfg.mapHashBucketSize != null) ''
@@ -442,6 +449,13 @@ let
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;
       ''}
+      ${optionalString (config.uwsgiPass != null && !cfg.proxyResolveWhileRunning)
+        "uwsgi_pass ${config.uwsgiPass};"
+      }
+      ${optionalString (config.uwsgiPass != null && cfg.proxyResolveWhileRunning) ''
+        set $nix_proxy_target "${config.uwsgiPass}";
+        uwsgi_pass $nix_proxy_target;
+      ''}
       ${concatStringsSep "\n"
         (mapAttrsToList (n: v: ''fastcgi_param ${n} "${v}";'')
           (optionalAttrs (config.fastcgiParams != {})
@@ -453,6 +467,7 @@ let
       ${optionalString (config.return != null) "return ${toString config.return};"}
       ${config.extraConfig}
       ${optionalString (config.proxyPass != null && config.recommendedProxySettings) "include ${recommendedProxyConfig};"}
+      ${optionalString (config.uwsgiPass != null && config.recommendedProxySettings) "include ${recommendedUwsgiConfig};"}
       ${mkBasicAuth "sublocation" config}
     }
   '') (sortProperties (mapAttrsToList (k: v: v // { location = k; }) locations)));
@@ -1163,6 +1178,16 @@ in
         '';
       }
 
+      {
+        assertion = all (host:
+          all (location: !(location.proxyPass != null && location.uwsgiPass != null)) (attrValues host.locations))
+        (attrValues virtualHosts);
+        message = ''
+          Options services.nginx.service.virtualHosts.<name>.proxyPass and
+          services.nginx.virtualHosts.<name>.uwsgiPass are mutually exclusive.
+        '';
+      }
+
       {
         assertion = cfg.package.pname != "nginxQuic" && cfg.package.pname != "angieQuic" -> !(cfg.enableQuicBPF);
         message = ''

diff --git a/nixos/modules/services/web-servers/nginx/location-options.nix b/nixos/modules/services/web-servers/nginx/location-options.nix
@@ -56,6 +56,16 @@ with lib;
       '';
     };
 
+    uwsgiPass = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      example = "unix:/run/example/example.sock";
+      description = ''
+        Adds uwsgi_pass directive and sets recommended proxy headers if
+        recommendedProxySettings is enabled.
+      '';
+    };
+
     index = mkOption {
       type = types.nullOr types.str;
       default = null;