1 { config, lib, name, ... }:
3 inherit (lib) literalExample mkOption nameValuePair types;
11 description = "Canonical hostname for the server.";
14 serverAliases = mkOption {
15 type = types.listOf types.str;
17 example = ["www.example.org" "www.example.org:8080" "example.org"];
19 Additional names of virtual hosts served by this virtual host configuration.
24 type = with types; listOf (submodule ({
28 description = "Port to listen on";
33 description = "IP to listen on. 0.0.0.0 for IPv4 only, * for all.";
38 description = "Whether to enable SSL (https) support.";
44 { ip = "195.154.1.1"; port = 443; ssl = true;}
45 { ip = "192.154.1.1"; port = 80; }
46 { ip = "*"; port = 8080; }
49 Listen addresses and ports for this virtual host.
51 This option overrides <literal>addSSL</literal>, <literal>forceSSL</literal> and <literal>onlySSL</literal>.
56 enableSSL = mkOption {
66 Whether to enable HTTPS in addition to plain HTTP. This will set defaults for
67 <literal>listen</literal> to listen on all interfaces on the respective default
76 Whether to enable HTTPS and reject plain HTTP connections. This will set
77 defaults for <literal>listen</literal> to listen on all interfaces on port 443.
85 Whether to add a separate nginx server block that permanently redirects (301)
86 all plain HTTP traffic to HTTPS. This will set defaults for
87 <literal>listen</literal> to listen on all interfaces on the respective default
88 ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
92 enableACME = mkOption {
96 Whether to ask Let's Encrypt to sign a certificate for this vhost.
97 Alternately, you can use an existing certificate through <option>useACMEHost</option>.
101 useACMEHost = mkOption {
102 type = types.nullOr types.str;
105 A host of an existing Let's Encrypt certificate to use.
106 This is useful if you have many subdomains and want to avoid hitting the
107 <link xlink:href="https://letsencrypt.org/docs/rate-limits/">rate limit</link>.
108 Alternately, you can generate a certificate through <option>enableACME</option>.
109 <emphasis>Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using <xref linkend="opt-security.acme.certs"/>.</emphasis>
113 acmeRoot = mkOption {
115 default = "/var/lib/acme/acme-challenges";
116 description = "Directory for the acme challenge which is PUBLIC, don't put certs or keys in here";
119 sslServerCert = mkOption {
121 example = "/var/host.cert";
122 description = "Path to server SSL certificate.";
125 sslServerKey = mkOption {
127 example = "/var/host.key";
128 description = "Path to server SSL certificate key.";
131 sslServerChain = mkOption {
132 type = types.nullOr types.path;
134 example = "/var/ca.pem";
135 description = "Path to server SSL chain file.";
142 Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. <emphasis>However, if you use the prefork mpm, there will
143 be severe restrictions.</emphasis> Refer to <link xlink:href="https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config"/> for details.
147 adminAddr = mkOption {
148 type = types.nullOr types.str;
150 example = "admin@example.org";
151 description = "E-mail address of the server administrator.";
154 documentRoot = mkOption {
155 type = types.nullOr types.path;
157 example = "/data/webserver/docs";
159 The path of Apache's document root directory. If left undefined,
160 an empty directory in the Nix store will be used as root.
164 servedDirs = mkOption {
165 type = types.listOf types.attrs;
169 dir = "/home/eelco/Dev/nix-homepage";
173 This option provides a simple way to serve static directories.
177 servedFiles = mkOption {
178 type = types.listOf types.attrs;
181 { urlPath = "/foo/bar.png";
182 file = "/home/eelco/some-file.png";
186 This option provides a simple way to serve individual, static files.
189 This option has been deprecated and will be removed in a future
190 version of NixOS. You can achieve the same result by making use of
191 the <literal>locations.<name>.alias</literal> option.
196 extraConfig = mkOption {
201 Options FollowSymlinks
206 These lines go to httpd.conf verbatim. They will go after
207 directories and directory aliases defined by default.
211 enableUserDir = mkOption {
215 Whether to enable serving <filename>~/public_html</filename> as
216 <literal>/~<replaceable>username</replaceable></literal>.
220 globalRedirect = mkOption {
221 type = types.nullOr types.str;
223 example = http://newserver.example.org/;
225 If set, all requests for this host are redirected permanently to
230 logFormat = mkOption {
233 example = "combined";
235 Log format for Apache's log files. Possible values are: combined, common, referer, agent.
239 robotsEntries = mkOption {
242 example = "Disallow: /foo/";
244 Specification of pages to be ignored by web crawlers. See <link
245 xlink:href='http://www.robotstxt.org/'/> for details.
249 locations = mkOption {
250 type = with types; attrsOf (submodule (import ./location-options.nix));
252 example = literalExample ''
255 proxyPass = "http://localhost:3000";
258 alias = "/home/eelco/some-file.png";
263 Declarative location config. See <link
264 xlink:href="https://httpd.apache.org/docs/2.4/mod/core.html#location"/> for details.
272 locations = builtins.listToAttrs (map (elem: nameValuePair elem.urlPath { alias = elem.file; }) config.servedFiles);