-
Ciphers to choose from when negotiating TLS handshakes.
Type
null or string
Default
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305"
Declarations
-
Whether to enable FC-customized nginx.
Type
boolean
Default
false
Example
true
Declarations
-
Whether to enable Global rate limiting.
Type
boolean
Default
false
Example
true
Declarations
-
Sets the maximum number of concurrent requests per client.
Type
positive integer, meaning >0
Default
200
Declarations
-
Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.
This requires using pkgs.nginxQuic package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;.
Note that special application protocol support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
Type
boolean
Default
false
Declarations
-
Whether to enable the HTTP/3 protocol.
This requires using pkgs.nginxQuic package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;.
Note that HTTP/3 support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
HTTP/3 availability must be manually advertised, preferably in each location block.
Type
boolean
Default
false
Declarations
-
A host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through {option}enableACME.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using .
Type
null or string
Default
null
Declarations
-
Listen addresses for this virtual host.
Compared to listen this only sets the addresses
and the ports are chosen automatically.
Note: This option overrides enableIPv6
Type
list of string
Default
[
"192.168.2.1"
"[2001:db8:2::1]"
]
Example
[
"127.0.0.1"
"[::1]"
]
Declarations
-
Basic Auth password file for a vhost.
Can be created via: <command>htpasswd -c <filename> <username></command>.
WARNING: The generate file contains the users' passwords in a
non-cryptographically-securely hashed way.
Type
null or path
Default
null
Declarations
-
Adds try_files directive.
Type
null or string
Default
null
Example
"$uri =404"
Declarations
-
HTTP status used by globalRedirect and forceSSL. Possible usecases
include temporary (302, 307) redirects, keeping the request method and
body (307, 308), or explicitly resetting the method to GET (303).
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections.
Type
integer between 300 and 399 (both inclusive)
Default
301
Example
308
Declarations
-
Adds a return directive, for e.g. redirections.
Type
null or string
Default
null
Example
"301 http://example.com$request_uri"
Declarations
-
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the
Nix store.
Type
attribute set of string
Default
{ }
Example
{
user = "password";
};
Declarations
-
Extra parameters of this listen directive.
Type
list of string
Default
[ ]
Example
[
"backlog=1024"
"deferred"
]
Declarations
-
Declarative location config
Type
attribute set of (submodule)
Default
{ }
Example
{
"/" = {
proxyPass = "http://localhost:3000";
};
};
Declarations