2022-02-09 14:24:07 +00:00
|
|
|
{ lib, pkgs, ... }:
|
|
|
|
{
|
|
|
|
config = {
|
|
|
|
services.nginx = {
|
|
|
|
additionalModules = [ pkgs.nginxModules.brotli ];
|
|
|
|
clientMaxBodySize = "10g";
|
|
|
|
enable = true;
|
|
|
|
appendHttpConfig = ''
|
|
|
|
brotli on;
|
|
|
|
brotli_types
|
|
|
|
application/atom+xml
|
|
|
|
application/javascript
|
|
|
|
application/json
|
|
|
|
application/xml
|
|
|
|
application/xml+rss
|
|
|
|
image/svg+xml
|
|
|
|
text/css
|
|
|
|
text/javascript
|
|
|
|
text/plain
|
|
|
|
text/xml;
|
2022-04-26 06:52:55 +00:00
|
|
|
proxy_ssl_protocols TLSv1.2 TLSv1.3;
|
2022-02-09 14:24:07 +00:00
|
|
|
'';
|
|
|
|
package = pkgs.nginxQuic;
|
|
|
|
recommendedGzipSettings = true;
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
resolver.addresses = [ "127.0.0.1" "[::1]" ];
|
2022-04-26 06:52:55 +00:00
|
|
|
sslProtocols = "TLSv1.3";
|
2022-02-09 14:24:07 +00:00
|
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
networking.firewall.allowedUDPPorts = [ 443 ];
|
|
|
|
};
|
|
|
|
|
|
|
|
options.services.nginx.virtualHosts = lib.mkOption {
|
|
|
|
type = lib.types.attrsOf (lib.types.submodule {
|
|
|
|
config.listenAddresses = lib.mkDefault [
|
|
|
|
"0.0.0.0"
|
|
|
|
"[::]"
|
|
|
|
];
|
|
|
|
config.forceSSL = lib.mkDefault true;
|
|
|
|
config.http2 = lib.mkDefault true;
|
2022-02-09 14:35:39 +00:00
|
|
|
config.extraConfig = lib.mkDefault ''
|
|
|
|
listen 0.0.0.0:443 http3;
|
|
|
|
listen [::]:443 http3;
|
2022-02-09 14:38:35 +00:00
|
|
|
add_header Alt-Svc 'h3=":443"';
|
2022-02-09 14:35:39 +00:00
|
|
|
'';
|
2022-02-09 14:24:07 +00:00
|
|
|
});
|
2022-01-14 19:47:44 +00:00
|
|
|
};
|
|
|
|
}
|