diff --git a/nixos/modules/services/mail/mailman.nix b/nixos/modules/services/mail/mailman.nix index 95b77da250b29..fe5383b6622d6 100644 --- a/nixos/modules/services/mail/mailman.nix +++ b/nixos/modules/services/mail/mailman.nix @@ -441,7 +441,7 @@ in { enable = lib.mkDefault true; virtualHosts = lib.genAttrs cfg.webHosts (webHost: { locations = { - ${cfg.serve.virtualRoot}.extraConfig = "uwsgi_pass unix:/run/mailman-web.socket;"; + ${cfg.serve.virtualRoot}.uwsgiPass = "unix:/run/mailman-web.socket"; "${lib.removeSuffix "/" cfg.serve.virtualRoot}/static/".alias = webSettings.STATIC_ROOT + "/"; }; }); diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index a7efd69adac39..bbb504f16ff5d 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -94,14 +94,16 @@ let REDIRECT_STATUS = "200"; }; - recommendedProxyConfig = pkgs.writeText "nginx-recommended-proxy-headers.conf" '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; + recommendedProxyHeader = command: pkgs.writeText "nginx-recommended-${command}-headers.conf" '' + ${command} Host $host; + ${command} X-Real-IP $remote_addr; + ${command} X-Forwarded-For $proxy_add_x_forwarded_for; + ${command} X-Forwarded-Proto $scheme; + ${command} X-Forwarded-Host $host; + ${command} X-Forwarded-Server $host; ''; + recommendedProxyConfig = recommendedProxyHeader "proxy_set_header"; + recommendedUwsgiConfig = recommendedProxyHeader "uwsgi_param"; proxyCachePathConfig = concatStringsSep "\n" (mapAttrsToList (name: proxyCachePath: '' proxy_cache_path ${concatStringsSep " " [ @@ -238,6 +240,13 @@ let include ${recommendedProxyConfig}; ''} + ${optionalString cfg.recommendedUwsgiSettings '' + uwsgi_connect_timeout ${cfg.uwsgiTimeout} + uwsgi_send_timeout ${cfg.uwsgiTimeout} + uwsgi_read_timeout ${cfg.uwsgiTimeout} + include ${recommendedUwsgiConfig}; + ''} + ${optionalString (cfg.mapHashBucketSize != null) '' map_hash_bucket_size ${toString cfg.mapHashBucketSize}; ''} @@ -442,6 +451,13 @@ let proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; ''} + ${optionalString (config.uwsgiPass != null && !cfg.uwsgiResolveWhileRunning) + "uwsgi_pass ${config.uwsgiPass};" + } + ${optionalString (config.uwsgiPass != null && cfg.uwsgiResolveWhileRunning) '' + set $nix_proxy_target "${config.uwsgiPass}"; + uwsgi_pass $nix_proxy_target; + ''} ${concatStringsSep "\n" (mapAttrsToList (n: v: ''fastcgi_param ${n} "${v}";'') (optionalAttrs (config.fastcgiParams != {}) @@ -453,6 +469,7 @@ let ${optionalString (config.return != null) "return ${toString config.return};"} ${config.extraConfig} ${optionalString (config.proxyPass != null && config.recommendedProxySettings) "include ${recommendedProxyConfig};"} + ${optionalString (config.uwsgiPass != null && config.recommendedUwsgiSettings) "include ${recommendedUwsgiConfig};"} ${mkBasicAuth "sublocation" config} } '') (sortProperties (mapAttrsToList (k: v: v // { location = k; }) locations))); @@ -553,6 +570,23 @@ in ''; }; + recommendedUwsgiSettings = mkOption { + default = false; + type = types.bool; + description = '' + Whether to enable recommended uwsgi settings if a vhost does not specify the option manually. + ''; + }; + + uwsgiTimeout = mkOption { + type = types.str; + default = "60s"; + example = "20s"; + description = '' + Change the uwsgi related timeouts in recommendedUwsgiSettings. + ''; + }; + defaultListen = mkOption { type = with types; listOf (submodule { options = { @@ -859,6 +893,16 @@ in ''; }; + uwsgiResolveWhileRunning = mkOption { + type = types.bool; + default = false; + description = '' + Resolves domains of uwsgi targets at runtime + and not only at start, you have to set + services.nginx.resolver, too. + ''; + }; + mapHashBucketSize = mkOption { type = types.nullOr (types.enum [ 32 64 128 ]); default = null; @@ -1163,6 +1207,16 @@ in ''; } + { + assertion = all (host: + all (location: !(location.proxyPass != null && location.uwsgiPass != null)) (attrValues host.locations)) + (attrValues virtualHosts); + message = '' + Options services.nginx.service.virtualHosts..proxyPass and + services.nginx.virtualHosts..uwsgiPass are mutually exclusive. + ''; + } + { assertion = cfg.package.pname != "nginxQuic" && cfg.package.pname != "angieQuic" -> !(cfg.enableQuicBPF); message = '' diff --git a/nixos/modules/services/web-servers/nginx/location-options.nix b/nixos/modules/services/web-servers/nginx/location-options.nix index 8cefd481d3f93..5c399e8d5958c 100644 --- a/nixos/modules/services/web-servers/nginx/location-options.nix +++ b/nixos/modules/services/web-servers/nginx/location-options.nix @@ -56,6 +56,16 @@ with lib; ''; }; + uwsgiPass = mkOption { + type = types.nullOr types.str; + default = null; + example = "unix:/run/example/example.sock"; + description = '' + Adds uwsgi_pass directive and sets recommended proxy headers if + recommendedUwsgiSettings is enabled. + ''; + }; + index = mkOption { type = types.nullOr types.str; default = null; @@ -137,5 +147,14 @@ with lib; Enable recommended proxy settings. ''; }; + + recommendedUwsgiSettings = mkOption { + type = types.bool; + default = config.services.nginx.recommendedUwsgiSettings; + defaultText = literalExpression "config.services.nginx.recommendedUwsgiSettings"; + description = '' + Enable recommended uwsgi settings. + ''; + }; }; }