Explore Flying Circus NixOS Options

Ciphers to choose from when negotiating TLS handshakes.

Whether to enable Global rate limiting.

Whether to enable FC-customized nginx.

Configures a separate access and error log in the /var/log/nginx directory for each virtualHost.

Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for listen to listen on all interfaces on port 443.

Configuration lines to be appended inside of the http {} block.

If set, all requests for this host are redirected (defaults to 301, configurable with redirectCode) to the given hostname.

These lines go to the end of the location verbatim.

A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the rate limit. Alternately, you can generate a certificate through {option}enableACME. Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using .

Disable the suggested mitigations against the D(HE)at Attack

Order of this location block in relation to the others in the vhost. The semantics are the same as with lib.mkOrder. Smaller values have a greater priority.

Path to server SSL certificate.

Basic Auth protection for a vhost.

WARNING: This is implemented to store the password in plain text in the Nix store.

Adds try_files directive.

Alias directory for requests.