diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index ebb3c38d6c25..72e7aa5b8eb0 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -230,13 +230,13 @@ let
defaultListen =
if vhost.listen != [] then vhost.listen
- else optionals (hasSSL || vhost.rejectSSL) (
- singleton { addr = "0.0.0.0"; port = 443; ssl = true; }
- ++ optional enableIPv6 { addr = "[::]"; port = 443; ssl = true; }
- ) ++ optionals (!onlySSL) (
- singleton { addr = "0.0.0.0"; port = 80; ssl = false; }
- ++ optional enableIPv6 { addr = "[::]"; port = 80; ssl = false; }
- );
+ else
+ let addrs = if vhost.listenAddresses != [] then vhost.listenAddreses else (
+ [ "0.0.0.0" ] ++ optional enableIPv6 "[::0]"
+ );
+ in
+ optionals (hasSSL || vhost.rejectSSL) (map (addr: { inherit addr; port = 443; ssl = true; }) addrs)
+ ++ optionals (!onlySSL) (map (addr: { inherit addr; port = 80; ssl = false; }) addrs);
hostListen =
if vhost.forceSSL
diff --git a/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixos/modules/services/web-servers/nginx/vhost-options.nix
index bc18bcaa7b34..77610a5732a1 100644
--- a/nixos/modules/services/web-servers/nginx/vhost-options.nix
+++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix
@@ -43,9 +43,26 @@ with lib;
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL.
+
+ If you only want to set the addresses manually and not
+ the ports, take a look at listenAddresses
'';
};
+ listenAddresses = mkOption {
+ type = with types; listOf str;
+
+ description = ''
+ Listen addresses for this virtual host.
+ Compared to listen this only sets the addreses
+ and the ports are choosen automatically.
+
+ Note: This option overrides enableIPv6
+ '';
+ default = [];
+ example = [ "127.0.0.1" "::1" ];
+ };
+
enableACME = mkOption {
type = types.bool;
default = false;