-
List of available cipher suites to choose from when negotiating TLS sessions.
:::{.warn}
This option only handles cipher suites up to TLSv1.2. Use
ssl_conf_command CipherSuites to configure TLSv1.3 cipher suites.
:::
Type
null or string or list of string
Default
[
"ECDHE-ECDSA-AES128-GCM-SHA256"
"ECDHE-RSA-AES128-GCM-SHA256"
"ECDHE-ECDSA-AES256-GCM-SHA384"
"ECDHE-RSA-AES256-GCM-SHA384"
"ECDHE-ECDSA-CHACHA20-POLY1305"
"ECDHE-RSA-CHACHA20-POLY1305"
"DHE-RSA-AES128-GCM-SHA256"
"DHE-RSA-AES256-GCM-SHA384"
"DHE-RSA-CHACHA20-POLY1305"
]
Declarations
- /nix/store/iy2xiglkzhxw28qm3rjp7crq9w38c59q-nixpkgs-06cab234c6f/nixos/modules/services/web-servers/nginx/default.nix
-
Whether to enable Global rate limiting.
Type
boolean
Default
false
Example
true
Declarations
-
Whether to enable FC-customized nginx.
Type
boolean
Default
false
Example
true
Declarations
-
Sets the maximum number of requests to delay/queue if exceeding the rate limit.
Type
positive integer, meaning >0
Default
500
Declarations
-
Configures how often log files are rotated before being removed.
If count is 0, old versions are removed rather than rotated.
Type
signed integer
Default
7
Declarations
-
Sets the maximum number of concurrent requests per client.
Type
positive integer, meaning >0
Default
200
Declarations
-
Configuration lines to be appended inside of the http {} block.
Type
strings concatenated with "\n"
Default
""
Declarations
-
Configures a separate access and error log in the /var/log/nginx directory for each virtualHost.
Type
boolean
Default
true
Declarations
-
Sets the maximum number of requests per second per client.
Type
positive integer, meaning >0
Default
50
Declarations
-
Configures the number of worker processes.
Type
signed integer
Default
fclib.min [(fclib.currentCores 1) 12]
Declarations
-
Addresses to listen on if a vhost does not specify any.
Type
list of string
Default
"addresses of the `fe` network (IPv4 & IPv6)"
Declarations
-
Configures a timeout (seconds) for a graceful shutdown of worker processes.
When the time expires, nginx will try to close all the connections currently
open to facilitate shutdown.
By default, nginx will try to close connections 4 minutes after a reload.
Type
signed integer
Default
240
Declarations
-
Configure the nginx reverse proxy settings.
Type
boolean
Default
false
Declarations
- /nix/store/iy2xiglkzhxw28qm3rjp7crq9w38c59q-nixpkgs-06cab234c6f/nixos/modules/services/networking/xandikos.nix
-
Whether to configure nginx as a reverse proxy for Invidious.
It serves it under the domain specified in {option}services.invidious.settings.domain with enabled TLS and ACME.
Further configuration can be done through {option}services.nginx.virtualHosts.${config.services.invidious.settings.domain}.*,
which can also be used to disable AMCE and TLS.
Type
boolean
Default
false
Declarations
- /nix/store/iy2xiglkzhxw28qm3rjp7crq9w38c59q-nixpkgs-06cab234c6f/nixos/modules/services/web-apps/invidious.nix
-
Whether to enable nginx virtualhost definition.
Type
boolean
Default
false
Example
true
Declarations
- /nix/store/iy2xiglkzhxw28qm3rjp7crq9w38c59q-nixpkgs-06cab234c6f/nixos/modules/services/networking/firezone/server.nix