gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/nginx: add locations."name".uwsgiPass and related options and use it

Browse Source
This commit is contained in:
Sandro Jäckel
2024-10-06 02:05:32 +02:00
parent 73bed75dbd
commit d1a28bbdb4
3 changed files with 83 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/mail/mailman.nix
View File

@@ -441,7 +441,7 @@ in {
enable = lib.mkDefault true; enable = lib.mkDefault true;
virtualHosts = lib.genAttrs cfg.webHosts (webHost: { virtualHosts = lib.genAttrs cfg.webHosts (webHost: {
locations = { locations = {
${cfg.serve.virtualRoot}.extraConfig = "uwsgi_pass unix:/run/mailman-web.socket;"; ${cfg.serve.virtualRoot}.uwsgiPass = "unix:/run/mailman-web.socket";
"${lib.removeSuffix "/" cfg.serve.virtualRoot}/static/".alias = webSettings.STATIC_ROOT + "/"; "${lib.removeSuffix "/" cfg.serve.virtualRoot}/static/".alias = webSettings.STATIC_ROOT + "/";
}; };
}); });

64
nixos/modules/services/web-servers/nginx/default.nix
View File

@@ -94,7 +94,7 @@ let
REDIRECT_STATUS = "200"; REDIRECT_STATUS = "200";
}; };
recommendedProxyConfig = pkgs.writeText "nginx-recommended-proxy-headers.conf" '' recommendedProxyConfig = pkgs.writeText "nginx-recommended-proxy_set_header-headers.conf" ''
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -102,6 +102,14 @@ let
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Server $host;
''; '';
recommendedUwsgiConfig = pkgs.writeText "nginx-recommended-uwsgi_param-headers.conf" ''
uwsgi_param HTTP_HOST $host;
uwsgi_param HTTP_X_REAL_IP $remote_addr;
uwsgi_param HTTP_X_FORWARDED_FOR $proxy_add_x_forwarded_for;
uwsgi_param HTTP_X_FORWARDED_PROTO $scheme;
uwsgi_param HTTP_X_FORWARDED_HOST $host;
uwsgi_param HTTP_X_FORWARDED_SERVER $host;
'';
proxyCachePathConfig = concatStringsSep "\n" (mapAttrsToList (name: proxyCachePath: '' proxyCachePathConfig = concatStringsSep "\n" (mapAttrsToList (name: proxyCachePath: ''
proxy_cache_path ${concatStringsSep " " [ proxy_cache_path ${concatStringsSep " " [
@@ -238,6 +246,15 @@ let
include ${recommendedProxyConfig}; include ${recommendedProxyConfig};
''} ''}
${optionalString cfg.recommendedUwsgiSettings ''
uwsgi_connect_timeout ${cfg.uwsgiTimeout};
uwsgi_send_timeout ${cfg.uwsgiTimeout};
uwsgi_read_timeout ${cfg.uwsgiTimeout};
uwsgi_param HTTP_CONNECTION "";
include ${cfg.package}/conf/uwsgi_params;
include ${recommendedUwsgiConfig};
''}
${optionalString (cfg.mapHashBucketSize != null) '' ${optionalString (cfg.mapHashBucketSize != null) ''
map_hash_bucket_size ${toString cfg.mapHashBucketSize}; map_hash_bucket_size ${toString cfg.mapHashBucketSize};
''} ''}
@@ -442,6 +459,13 @@ let
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection $connection_upgrade;
''} ''}
${optionalString (config.uwsgiPass != null && !cfg.uwsgiResolveWhileRunning)
"uwsgi_pass ${config.uwsgiPass};"
}
${optionalString (config.uwsgiPass != null && cfg.uwsgiResolveWhileRunning) ''
set $nix_proxy_target "${config.uwsgiPass}";
uwsgi_pass $nix_proxy_target;
''}
${concatStringsSep "\n" ${concatStringsSep "\n"
(mapAttrsToList (n: v: ''fastcgi_param ${n} "${v}";'') (mapAttrsToList (n: v: ''fastcgi_param ${n} "${v}";'')
(optionalAttrs (config.fastcgiParams != {}) (optionalAttrs (config.fastcgiParams != {})
@@ -453,6 +477,7 @@ let
${optionalString (config.return != null) "return ${toString config.return};"} ${optionalString (config.return != null) "return ${toString config.return};"}
${config.extraConfig} ${config.extraConfig}
${optionalString (config.proxyPass != null && config.recommendedProxySettings) "include ${recommendedProxyConfig};"} ${optionalString (config.proxyPass != null && config.recommendedProxySettings) "include ${recommendedProxyConfig};"}
${optionalString (config.uwsgiPass != null && config.recommendedUwsgiSettings) "include ${cfg.package}/conf/uwsgi_params; include ${recommendedUwsgiConfig};"}
${mkBasicAuth "sublocation" config} ${mkBasicAuth "sublocation" config}
} }
'') (sortProperties (mapAttrsToList (k: v: v // { location = k; }) locations))); '') (sortProperties (mapAttrsToList (k: v: v // { location = k; }) locations)));
@@ -553,6 +578,23 @@ in
''; '';
}; };
recommendedUwsgiSettings = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable recommended uwsgi settings if a vhost does not specify the option manually.
'';
};
uwsgiTimeout = mkOption {
type = types.str;
default = "60s";
example = "20s";
description = ''
Change the uwsgi related timeouts in recommendedUwsgiSettings.
'';
};
defaultListen = mkOption { defaultListen = mkOption {
type = with types; listOf (submodule { type = with types; listOf (submodule {
options = { options = {
@@ -859,6 +901,16 @@ in
''; '';
}; };
uwsgiResolveWhileRunning = mkOption {
type = types.bool;
default = false;
description = ''
Resolves domains of uwsgi targets at runtime
and not only at start, you have to set
services.nginx.resolver, too.
'';
};
mapHashBucketSize = mkOption { mapHashBucketSize = mkOption {
type = types.nullOr (types.enum [ 32 64 128 ]); type = types.nullOr (types.enum [ 32 64 128 ]);
default = null; default = null;
@@ -1163,6 +1215,16 @@ in
''; '';
} }
{
assertion = all (host:
all (location: !(location.proxyPass != null && location.uwsgiPass != null)) (attrValues host.locations))
(attrValues virtualHosts);
message = ''
Options services.nginx.service.virtualHosts.<name>.proxyPass and
services.nginx.virtualHosts.<name>.uwsgiPass are mutually exclusive.
'';
}
{ {
assertion = cfg.package.pname != "nginxQuic" && cfg.package.pname != "angieQuic" -> !(cfg.enableQuicBPF); assertion = cfg.package.pname != "nginxQuic" && cfg.package.pname != "angieQuic" -> !(cfg.enableQuicBPF);
message = '' message = ''

19
nixos/modules/services/web-servers/nginx/location-options.nix
View File

@@ -56,6 +56,16 @@ with lib;
''; '';
}; };
uwsgiPass = mkOption {
type = types.nullOr types.str;
default = null;
example = "unix:/run/example/example.sock";
description = ''
Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
'';
};
index = mkOption { index = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
@@ -137,5 +147,14 @@ with lib;
Enable recommended proxy settings. Enable recommended proxy settings.
''; '';
}; };
recommendedUwsgiSettings = mkOption {
type = types.bool;
default = config.services.nginx.recommendedUwsgiSettings;
defaultText = literalExpression "config.services.nginx.recommendedUwsgiSettings";
description = ''
Enable recommended uwsgi settings.
'';
};
}; };
} }