New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/nginx: make sslCertificate and sslCertificateKey nullable #119039
Conversation
@ncfavier can you please share some example nixos configuration to demonstrate how you are using this? |
{
services.nginx.virtualHosts = {
"foo.example.com" = {
forceSSL = true;
enableACME = true;
root = "/var/lib/www/foo";
};
default = {
default = true;
addSSL = true;
extraConfig = ''
ssl_reject_handshake on;
return 444;
'';
};
};
} The scenario here is that I have a wildcard A record for |
We could also instead add a It looks like this would match the internal check performed by nginx: |
92ca354
to
e7784fa
Compare
I prefer the suggestion of having an explicit |
Opened #119186 as an alternative to this PR. |
Motivation for this change
It sometimes makes sense to have
addSSL = true
without definingsslCertificate
orsslCertificateKey
, for example if one wants to use thessl_reject_handshake
directive.cc @globin @aanderse @Ma27
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)