Commit graph

68 commits

Author SHA1 Message Date
Aaron Andersen
dd610ce84f nixos/httpd: disable TLSv1 by default for better security 2019-02-07 14:05:44 -05:00
aanderse
c6cd07707b nixos/httpd: rename apache log files to have a .log file extension (#54529)
nixos/httpd: rename apache log files to have a .log file extension
2019-01-31 04:04:58 +02:00
Aaron Andersen
fd5a88687c nixos/httpd: add options sslCiphers & sslProtocols 2019-01-09 11:30:19 -05:00
volth
87f5930c3f [bot]: remove unreferenced code 2018-07-20 18:48:37 +00:00
Silvan Mosberger
b9c95c7d60
httpd: Fix typo 2018-07-13 02:59:00 +02:00
Florian Klink
fff5923686 nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
Bas van Dijk
527781ebc4 apache-httpd: fix nix evaluation error
This only sets the timezone when it's not null to prevent:

  error: cannot coerce null to a string, at
  nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix:676:7
2017-10-31 17:33:54 +01:00
Ekaterina Vaartis
c0df448d54 apache-httpd: fix mod_perl by refering to apacheHttpdPackages (#26579) 2017-06-15 13:07:14 +02:00
Joachim Schiele
d491728653 httpd: added serviceExpression which extends the serviceType concept -> allows that httpd services can live outside of nixpkgs (#22269) 2017-02-06 01:08:58 +01:00
Dan Peebles
df7b4f4f6f httpd module: don't create documentRoot directory if it doesn't exist
It hides bugs and do you ever actually want to serve up an empty directory?
It was pretty confusing to me when it tried to write into a read-only store
path because I accidentally pointed it to the wrong store path.
2017-01-05 21:19:16 -05:00
Rok Garbas
e6fa6b21e1 apacheHttpdPackages.mod_perl: init at 2.0.10 2016-12-22 13:36:44 +01:00
Marc Weber
b51f165334 apache-httpd
* Introduce listen = [ { ip = "*"; port = 443; } ]; configuartion.
* deprecated port = 443 option which is no longer needed
2016-11-12 15:35:38 +01:00
Eric Sagnes
ff074ec7a4 apache-httpd: add phpPackage option 2016-06-22 21:24:25 +09:00
Kranium Gikos Mendoza
25fbac5b52 mod_auth_mellon: init at 0.12.0 2016-05-23 02:02:25 +08:00
Eric Sagnes
a8bc5b67f8 php: add default php.ini 2016-04-29 15:26:20 +09:00
Vladimír Čunát
30f14243c3 Merge branch 'master' into closure-size
Comparison to master evaluations on Hydra:
  - 1255515 for nixos
  - 1255502 for nixpkgs
2016-04-10 11:17:52 +02:00
Eelco Dolstra
133e6e1ea6 httpd.service: Support reload
This is useful when ACME has generated a new TLS certificate.
2016-04-07 17:53:46 +02:00
Vladimír Čunát
c801cd1a04 php: fixup build when configured with httpd via nixos 2016-03-11 11:54:53 +01:00
Vladimír Čunát
09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Eelco Dolstra
f3d94cfc23 Revert "Add the tool "nixos-typecheck" that can check an option declaration to:"
This reverts commit cad8957eab. It
breaks NixOps, but more importantly, such major changes to the module
system really need to be reviewed.
2016-03-01 20:52:06 +01:00
Thomas Strobel
cad8957eab Add the tool "nixos-typecheck" that can check an option declaration to:
- Enforce that an option declaration has a "defaultText" if and only if the
   type of the option derives from "package", "packageSet" or "nixpkgsConfig"
   and if a "default" attribute is defined.

 - Enforce that the value of the "example" attribute is wrapped with "literalExample"
   if the type of the option derives from "package", "packageSet" or "nixpkgsConfig".

 - Warn if a "defaultText" is defined in an option declaration if the type of
   the option does not derive from "package", "packageSet" or "nixpkgsConfig".

 - Warn if no "type" is defined in an option declaration.
2016-02-29 01:09:00 +01:00
zimbatm
a7715e3e06 Merge pull request #10231 from zimbatm/apache-intermediate-ssl
apache-httpd: adopt mozilla's SSL configuration recommendation
2016-02-20 19:14:51 +00:00
Vladimír Čunát
716aac2519 Merge branch 'staging' into closure-size 2016-01-19 09:55:31 +01:00
Thomas Strobel
a04a7272aa Add missing 'type', 'defaultText' and 'literalExample' in module definitions
- add missing types in module definitions
- add missing 'defaultText' in module definitions
- wrap example with 'literalExample' where necessary in module definitions
2016-01-17 19:41:23 +01:00
Tuomas Tynkkynen
58dfef2792 treewide: Fix references to apacheHttpd_2_* 2015-10-28 10:23:03 +01:00
zimbatm
f5f039eeb4 apache-httpd: harden default SSL cipher list
A couple of tweaks on the SSL cipher list.

Disabled RC4 which is now considered broken.
https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what

Enabled Forward Secrecy for modern browsers.
https://en.wikipedia.org/wiki/Forward_secrecy

Without the change, NixOS servers are capped at Grade B on
https://www.ssllabs.com/ssltest/index.html
2015-10-05 17:19:53 +01:00
Eelco Dolstra
9d82f7e53e Revert "Apache service module: allow compression"
This reverts commit 164f6ff2a8 per
https://github.com/NixOS/nixpkgs/pull/9407#issuecomment-134523359
(it's too site-specific). Furthermore this should be an option at the
virtual host level.
2015-08-28 12:41:06 +02:00
Wout Mertens
164f6ff2a8 Apache service module: allow compression 2015-08-23 15:13:52 +02:00
Eelco Dolstra
9fa19cfcea apache-httpd: Don't set default content encodings
In general, you don't want a .tar.gz file to be served with
"Content-Encoding: x-gzip", because this causes browsers (like Chrome
or "curl --compressed") to decompress the file on the fly. So you end
up with a .tar rather than .tar.gz file, which is unexpected.

If people want such encodings, they should set them in their own NixOS
configuration.
2015-07-07 12:12:49 +02:00
Peter Feigl
e5b3918f85 apache-httpd: adding support for sslServerChain 2015-04-13 15:41:10 +02:00
Eelco Dolstra
8cb3e3b864 httpd: Disable insecure protocols/ciphers by default
This makes us resistant to FREAK and similar attacks.
2015-03-09 14:18:12 +01:00
Matej Cotman
6630e3e4fe apache-httpd: add restartSec option 2015-01-21 22:49:22 +01:00
Eelco Dolstra
cfe26e4438 Fix using Apache httpd 2.2 2014-12-15 13:13:17 +01:00
Longrin Wischnewski
490232bd2e apache-httpd: add mod_access_compat for compatibility with old httpd-22 configurations 2014-11-12 13:18:02 +01:00
Rickard Nilsson
2b3c3d0e32 Fixes to Apache 2.4 configuration 2014-11-06 21:58:40 +01:00
Eelco Dolstra
b3eb981a95 apache-httpd: Make 2.4 the default
The NixOS 14.11 release is a good time to finally make 2.4 the
default.
2014-11-06 14:55:44 +01:00
Eelco Dolstra
0de982d75b httpd: Add option for specifying robots.txt 2014-09-18 19:05:26 +02:00
Eelco Dolstra
837a0c05e5 httpd: Don't emit robots.txt if there are no robots entries 2014-09-18 18:48:28 +02:00
aszlig
8a56a55bb4
nixos/manual: Use literalExample when feasible.
Should bring most of the examples into a better consistency regarding
syntactic representation in the manual.

Thanks to @devhell for reporting.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-08-27 23:41:15 +02:00
Michael Raskin
c0da615c02 Merge pull request #3230 from robberer/module/httpd
httpd: disable logging when logFormat = "none"
2014-08-23 11:37:48 +04:00
Peter Simons
2d326e5032 Merge remote-tracking branch 'origin/master' into staging.
Conflicts:
	pkgs/desktops/e18/enlightenment.nix
2014-08-04 16:51:47 +02:00
Chris Farmiloe
34890e7c2a nixos: Add enablePHP convinence option to services.httpd module to mimic subservices option
Fixes #2699
2014-08-03 21:11:45 +02:00
System administrator
cab929c6c2 httpd: disable logging when logFormat = "none" 2014-07-10 14:32:08 +02:00
Eelco Dolstra
06fc1ec34d Merge remote-tracking branch 'origin/master' into staging
Conflicts:
	pkgs/servers/serfdom/default.nix
2014-07-01 11:25:41 +02:00
Eelco Dolstra
40f7b0f9df Another attempt to eradicate ensureDir
See c556a6ea46.
2014-06-30 14:56:10 +02:00
Kirill Elagin
f81434bdfe Fix trying to add users to non-existent groups 2014-06-11 13:36:15 +04:00
Kirill Elagin
1208dd4df0 Fix configuring apache with extra user/group
This fix is consistent with all the other modules.
2014-06-11 13:17:42 +04:00
Kirill Elagin
80721cdd41 Revert "Fix configuring httpd with custom user/group."
This reverts commit 08f9da2e8e.
2014-06-11 13:17:00 +04:00
Rob Vermaas
08f9da2e8e Fix configuring httpd with custom user/group. 2014-06-11 10:18:37 +02:00
Eelco Dolstra
4fb50f071f Manual: Typo fixes 2014-04-19 22:59:25 +02:00