-
Ciphers to choose from when negotiating TLS handshakes.
Type
string
Default
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
Declarations
-
Whether to enable Global rate limiting.
Type
boolean
Default
false
Example
true
Declarations
-
Whether to enable FC-customized nginx.
Type
boolean
Default
false
Example
true
Declarations
-
IPv6 address to listen on.
If neither <option>listenAddress</option> nor <option>listenAddress6</option> is set,
the service listens on the frontend addresses.
If you need more options, use <option>listen</option>.
If you want to configure any number of IPs use <literal>listenAddresses</literal>.
Type
null or string
Default
null
Declarations
-
Alias directory for requests.
Type
null or path
Default
null
Example
"/your/alias/directory"
Declarations
-
Whether to support proxying websocket connections with HTTP/1.1.
Type
boolean
Default
false
Example
true
Declarations
-
Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
Type
null or string
Default
null
Example
"http://www.example.org/"
Declarations
-
Order of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder. Smaller values have
a greater priority.
Type
signed integer
Default
1000
Declarations
-
FastCGI parameters to override. Unlike in the Nginx
configuration file, overriding only some default parameters
won't unset the default values for other parameters.
Type
attribute set of string
Default
{ }
Declarations
-
Extra parameters of this listen directive.
Type
list of string
Default
[ ]
Example
[
"reuseport"
"deferred"
]
Declarations
-
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the
Nix store.
Type
attribute set of string
Default
{ }
Example
{
user = "password";
};
Declarations
-
Whether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through <option>useACMEHost</option>.
Type
boolean
Default
false
Declarations
-
Port number.
Type
signed integer
Default
80
Declarations
-
A host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
<link xlink:href="https://letsencrypt.org/docs/rate-limits/">rate limit</link>.
Alternately, you can generate a certificate through <option>enableACME</option>.
<emphasis>Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using <xref linkend="opt-security.acme.certs"/>.</emphasis>
Type
null or string
Default
null
Declarations
-
Path to server SSL certificate key.
Type
path
Example
"/var/host.key"
Declarations