-
Ciphers to choose from when negotiating TLS handshakes.
Type
null or string
Default
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305"
Declarations
-
Whether to enable FC-customized nginx.
Type
boolean
Default
false
Example
true
Declarations
-
Whether to enable Global rate limiting.
Type
boolean
Default
false
Example
true
Declarations
-
These lines go to the end of the location verbatim.
Type
strings concatenated with "\n"
Default
""
Declarations
-
Adds try_files directive.
Type
null or string
Default
null
Example
"$uri =404"
Declarations
-
Enable PROXY protocol.
Type
boolean
Default
false
Declarations
-
Configures a separate access and error log in the /var/log/nginx
directory for each virtualHost.
Type
boolean
Default
true
Declarations
-
Set the contact address for Let's Encrypt (certificate expiry, policy changes).
Defaults to none.
Type
null or string
Default
null
Declarations
-
Path to server SSL certificate key.
Type
path
Example
"/var/host.key"
Declarations
-
Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.
This requires using pkgs.nginxQuic
package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;
.
Note that special application protocol support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
Type
boolean
Default
false
Declarations
-
Root directory for requests.
Type
null or path
Default
null
Example
"/your/root/directory"
Declarations
-
Listen address.
-
Sets the maximum number of concurrent requests per client.
Type
positive integer, meaning >0
Default
200
Declarations
-
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the
Nix store.
Type
attribute set of string
Default
{ }
Example
{
user = "password";
};
Declarations
-
Listen addresses and ports for this virtual host.
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL
.
If you only want to set the addresses manually and not
the ports, take a look at listenAddresses
.
Type
list of (submodule)
Default
[ ]
Example
[
{
addr = "195.154.1.1";
port = 443;
ssl = true;
}
{
addr = "192.154.1.1";
port = 80;
}
{
addr = "unix:/var/run/nginx.sock";
}
]
Declarations