nixos-config/config/services/nginx.nix

52 lines
1.5 KiB
Nix

{ lib, pkgs, ... }:
{
config = {
services.nginx = {
additionalModules = [ pkgs.nginxModules.brotli ];
clientMaxBodySize = "10g";
enable = true;
appendHttpConfig = ''
brotli on;
brotli_types
application/atom+xml
application/javascript
application/json
application/xml
application/xml+rss
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
proxy_ssl_protocols TLSv1.2 TLSv1.3;
set_real_ip_from fd0d:a262:1fa6:e621:b4e1:8ff:e658:6f49/128;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
'';
package = pkgs.nginxQuic;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
resolver.addresses = [ "127.0.0.1" "[::1]" ];
sslProtocols = "TLSv1.3";
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 443 ];
};
options.services.nginx.virtualHosts = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule {
config.listenAddresses = lib.mkDefault [
"0.0.0.0"
"[::]"
];
config.forceSSL = lib.mkDefault true;
config.http2 = lib.mkDefault true;
config.extraConfig = lib.mkDefault ''
listen 0.0.0.0:443 http3;
listen [::]:443 http3;
add_header Alt-Svc 'h3=":443"';
'';
});
};
}