Explore Flying Circus NixOS Options

Ciphers to choose from when negotiating TLS handshakes.

Whether to enable FC-customized nginx.

Whether to enable Global rate limiting.

Adds index directive.

If set, all requests for this host are redirected (defaults to 301, configurable with redirectCode) to the given hostname.

Configures how often log files are rotated before being removed. If count is 0, old versions are removed rather than rotated.

Configuration lines to be appended inside of the http {} block.

Basic Auth password file for a vhost. Can be created via: {command}htpasswd -c <filename> <username>.

WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.

Adds try_files directive.

Configures the number of worker processes.

HTTP status used by globalRedirect and forceSSL. Possible usecases include temporary (302, 307) redirects, keeping the request method and body (307, 308), or explicitly resetting the method to GET (303). See https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections.

Adds a return directive, for e.g. redirections.

A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the rate limit. Alternately, you can generate a certificate through {option}enableACME. Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using .

IPv6 address to listen on. If neither <option>listenAddress</option> nor <option>listenAddress6</option> is set, the service listens on the frontend addresses.

If you need more options, use <option>listen</option>. If you want to configure any number of IPs use <literal>listenAddresses</literal>.

Whether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.