-
Ciphers to choose from when negotiating TLS handshakes.
Type
null or string
Default
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305"
Declarations
-
Whether to enable FC-customized nginx.
Type
boolean
Default
false
Example
true
Declarations
-
Whether to enable Global rate limiting.
Type
boolean
Default
false
Example
true
Declarations
-
Sets the maximum number of requests to delay/queue if exceeding the rate limit.
Type
positive integer, meaning >0
Default
500
Declarations
-
If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
Type
null or string
Default
null
Example
"newserver.example.org"
Declarations
-
A host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through {option}enableACME.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using .
Type
null or string
Default
null
Declarations
-
Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.
This requires using pkgs.nginxQuic package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;.
Note that special application protocol support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
Type
boolean
Default
false
Declarations
-
Name of this virtual host. Defaults to attribute name in virtualHosts.
Type
null or string
Default
null
Example
"example.org"
Declarations
-
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the
Nix store.
Type
attribute set of string
Default
{ }
Example
{
user = "password";
};
Declarations
-
Listen addresses for this virtual host.
Compared to listen this only sets the addresses
and the ports are chosen automatically.
Note: This option overrides enableIPv6
Type
list of string
Default
"The default listen addresses configured in `flyingcircus.services.nginx.defaultListenAddresses`"
Example
[
"127.0.0.1"
"[::1]"
]
Declarations
-
FastCGI parameters to override. Unlike in the Nginx
configuration file, overriding only some default parameters
won't unset the default values for other parameters.
Type
attribute set of string
Default
{ }
Declarations
-
Path to server SSL certificate.
Type
absolute path
Example
"/var/host.cert"
Declarations
-
Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
Type
null or string
Default
null
Example
"http://www.example.org/"
Declarations
-
Whether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through {option}useACMEHost.
Type
boolean
Default
false
Declarations
-
Configures a timeout (seconds) for a graceful shutdown of worker processes.
When the time expires, nginx will try to close all the connections currently
open to facilitate shutdown.
By default, nginx will try to close connections 4 minutes after a reload.
Type
signed integer
Default
240
Declarations