Merge pull request #257262 from dongcarl/2023-09-nginx-fixes

nixos/nginx: Allow empty port for listen directive (for unix socket)
2024-12-27 22:03:54 +03:00 · 2023-10-21 17:26:57 +01:00 · 2023-10-21 17:26:57 +01:00 · c5442c247f
commit c5442c247f
parent 2caca43de3 e5c2c71280
6 changed files with 57 additions and 6 deletions
--- a/nixos/lib/test-driver/test_driver/machine.py
+++ b/nixos/lib/test-driver/test_driver/machine.py
@ -791,6 +791,28 @@ class Machine:
        with self.nested(f"waiting for TCP port {port} on {addr}"):
            retry(port_is_open, timeout)

+    def wait_for_open_unix_socket(
+        self, addr: str, is_datagram: bool = False, timeout: int = 900
+    ) -> None:
+        """
+        Wait until a process is listening on the given UNIX-domain socket
+        (default to a UNIX-domain stream socket).
+        """
+
+        nc_flags = [
+            "-z",
+            "-uU" if is_datagram else "-U",
+        ]
+
+        def socket_is_open(_: Any) -> bool:
+            status, _ = self.execute(f"nc {' '.join(nc_flags)} {addr}")
+            return status == 0
+
+        with self.nested(
+            f"waiting for UNIX-domain {'datagram' if is_datagram else 'stream'} on '{addr}'"
+        ):
+            retry(socket_is_open, timeout)
+
    def wait_for_closed_port(
        self, port: int, addr: str = "localhost", timeout: int = 900
    ) -> None:
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@ -329,7 +329,7 @@ let
        listenString = { addr, port, ssl, proxyProtocol ? false, extraParameters ? [], ... }:
          # UDP listener for QUIC transport protocol.
          (optionalString (ssl && vhost.quic) ("
-            listen ${addr}:${toString port} quic "
+            listen ${addr}${optionalString (port != null) ":${toString port}"} quic "
          + optionalString vhost.default "default_server "
          + optionalString vhost.reuseport "reuseport "
          + optionalString (extraParameters != []) (concatStringsSep " "
@ -338,7 +338,7 @@ let
            in filter isCompatibleParameter extraParameters))
          + ";"))
          + "
-            listen ${addr}:${toString port} "
+            listen ${addr}${optionalString (port != null) ":${toString port}"} "
          + optionalString (ssl && vhost.http2 && oldHTTP2) "http2 "
          + optionalString ssl "ssl "
          + optionalString vhost.default "default_server "
--- a/nixos/modules/services/web-servers/nginx/vhost-options.nix
+++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix
@ -31,12 +31,12 @@ with lib;
        options = {
          addr = mkOption {
            type = str;
-            description = lib.mdDoc "IP address.";
+            description = lib.mdDoc "Listen address.";
          };
          port = mkOption {
-            type = port;
+            type = types.nullOr port;
            description = lib.mdDoc "Port number.";
-            default = 80;
+            default = null;
          };
          ssl = mkOption {
            type = bool;
@ -60,6 +60,7 @@ with lib;
      example = [
        { addr = "195.154.1.1"; port = 443; ssl = true; }
        { addr = "192.154.1.1"; port = 80; }
+        { addr = "unix:/var/run/nginx.sock"; }
      ];
      description = lib.mdDoc ''
        Listen addresses and ports for this virtual host.
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@ -559,6 +559,7 @@ in {
  nginx-sso = handleTest ./nginx-sso.nix {};
  nginx-status-page = handleTest ./nginx-status-page.nix {};
  nginx-tmpdir = handleTest ./nginx-tmpdir.nix {};
+  nginx-unix-socket = handleTest ./nginx-unix-socket.nix {};
  nginx-variants = handleTest ./nginx-variants.nix {};
  nifi = handleTestOn ["x86_64-linux"] ./web-apps/nifi.nix {};
  nitter = handleTest ./nitter.nix {};
--- a/nixos/tests/nginx-unix-socket.nix
+++ b/nixos/tests/nginx-unix-socket.nix
@ -0,0 +1,27 @@
+import ./make-test-python.nix ({ pkgs, ... }:
+let
+  nginxSocketPath = "/var/run/nginx/test.sock";
+in
+{
+  name = "nginx-unix-socket";
+
+  nodes = {
+    webserver = { pkgs, lib, ... }: {
+      services.nginx = {
+        enable = true;
+        virtualHosts.localhost = {
+          serverName = "localhost";
+          listen = [{ addr = "unix:${nginxSocketPath}"; }];
+          locations."/test".return = "200 'foo'";
+        };
+      };
+    };
+  };
+
+  testScript = ''
+    webserver.wait_for_unit("nginx")
+    webserver.wait_for_open_unix_socket("${nginxSocketPath}")
+
+    webserver.succeed("curl --fail --silent --unix-socket '${nginxSocketPath}' http://localhost/test | grep '^foo$'")
+  '';
+})
--- a/pkgs/servers/http/nginx/generic.nix
+++ b/pkgs/servers/http/nginx/generic.nix
@ -186,7 +186,7 @@ stdenv.mkDerivation {
  passthru = {
    inherit modules;
    tests = {
-      inherit (nixosTests) nginx nginx-auth nginx-etag nginx-globalredirect nginx-http3 nginx-proxyprotocol nginx-pubhtml nginx-sandbox nginx-sso nginx-status-page;
+      inherit (nixosTests) nginx nginx-auth nginx-etag nginx-globalredirect nginx-http3 nginx-proxyprotocol nginx-pubhtml nginx-sandbox nginx-sso nginx-status-page nginx-unix-socket;
      variants = lib.recurseIntoAttrs nixosTests.nginx-variants;
      acme-integration = nixosTests.acme;
    } // passthru.tests;