-
Ciphers to choose from when negotiating TLS handshakes.
Type
null or string
Default
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305"
Declarations
-
Whether to enable Global rate limiting.
Type
boolean
Default
false
Example
true
Declarations
-
Whether to enable FC-customized nginx.
Type
boolean
Default
false
Example
true
Declarations
-
Host which to proxy requests to if ACME challenge is not found. Useful
if you want multiple hosts to be able to verify the same domain name.
With this option, you could request certificates for the present domain
with an ACME client that is running on another host, which you would
specify here.
Type
null or string
Default
null
Declarations
-
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the
Nix store.
Type
attribute set of string
Default
{ }
Example
{
user = "password";
};
Declarations
-
Addresses to listen on if a vhost does not specify any.
Type
list of string
Default
"addresses of the `fe` network (IPv4 & IPv6)"
Declarations
-
The path of the web root directory.
Type
null or path
Default
null
Example
"/data/webserver/docs"
Declarations
-
FastCGI parameters to override. Unlike in the Nginx
configuration file, overriding only some default parameters
won't unset the default values for other parameters.
Type
attribute set of string
Default
{ }
Declarations
-
Whether to enable kTLS support.
Implementing TLS in the kernel (kTLS) improves performance by significantly
reducing the need for copying operations between user space and the kernel.
Required Nginx version 1.21.4 or later.
Type
boolean
Default
false
Declarations
-
Order of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder. Smaller values have
a greater priority.
Type
signed integer
Default
1000
Declarations
-
IPv4 address to listen on.
If neither <option>listenAddress</option> nor <option>listenAddress6</option> is set,
the service listens on the frontend addresses.
If you need more options, use <option>listen</option>.
If you want to configure any number of IPs use <literal>listenAddresses</literal>.
Type
null or string
Default
null
Declarations
-
Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.
This requires using pkgs.nginxQuic package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;.
Note that special application protocol support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
Type
boolean
Default
false
Declarations
-
Adds try_files directive.
Type
null or string
Default
null
Example
"$uri =404"
Declarations
-
Configuration lines to be appended inside of the http {} block.
Type
strings concatenated with "\n"
Default
""
Declarations
-
HTTP status used by globalRedirect and forceSSL. Possible usecases
include temporary (302, 307) redirects, keeping the request method and
body (307, 308), or explicitly resetting the method to GET (303).
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections.
Type
integer between 300 and 399 (both inclusive)
Default
301
Example
308
Declarations