-
Ciphers to choose from when negotiating TLS handshakes.
Type
null or string
Default
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305"
Declarations
-
Whether to enable FC-customized nginx.
Type
boolean
Default
false
Example
true
Declarations
-
Whether to enable Global rate limiting.
Type
boolean
Default
false
Example
true
Declarations
-
Sets the maximum number of requests to delay/queue if exceeding the rate limit.
Type
positive integer, meaning >0
Default
500
Declarations
-
Configures a separate access and error log in the /var/log/nginx directory for each virtualHost.
Type
boolean
Default
true
Declarations
-
Listen addresses and ports for this virtual host.
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL.
If you only want to set the addresses manually and not
the ports, take a look at listenAddresses.
Type
list of (submodule)
Default
[ ]
Example
[
{
addr = "195.154.1.1";
port = 443;
ssl = true;
}
{
addr = "192.154.1.1";
port = 80;
}
{
addr = "unix:/var/run/nginx.sock";
}
]
Declarations
-
Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS. This will set defaults for listen to listen on all interfaces
on the respective default ports (80, 443), where the non-SSL listens
are used for the redirect vhosts.
Type
boolean
Default
false
Declarations
-
These lines go to the end of the location verbatim.
Type
strings concatenated with "\n"
Default
""
Declarations
-
FastCGI parameters to override. Unlike in the Nginx
configuration file, overriding only some default parameters
won't unset the default values for other parameters.
Type
attribute set of string
Default
{ }
Declarations
-
Whether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through {option}useACMEHost.
Type
boolean
Default
false
Declarations
-
Extra parameters of this listen directive.
Type
list of string
Default
[ ]
Example
[
"backlog=1024"
"deferred"
]
Declarations
-
If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
Type
null or string
Default
null
Example
"newserver.example.org"
Declarations
-
Whether to enable the HTTP/3 protocol.
This requires using pkgs.nginxQuic package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;.
Note that HTTP/3 support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
HTTP/3 availability must be manually advertised, preferably in each location block.
Type
boolean
Default
false
Declarations
-
Enable PROXY protocol.
Type
boolean
Default
false
Declarations
-
Adds try_files directive.
Type
null or string
Default
null
Example
"$uri =404"
Declarations