mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-12-29 06:45:54 +03:00
nginx: make global redirect vhost option accept exceptions
By moving the return into a location directive, one can provide exceptions by adding locations. This is similar to what the forceSSL option does.
This commit is contained in:
parent
04f574a1c0
commit
fc39b5ecc8
@ -268,6 +268,14 @@
|
||||
dynamically.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Enabling global redirect in
|
||||
<literal>services.nginx.virtualHosts</literal> now allows one
|
||||
to add exceptions with the <literal>locations</literal>
|
||||
option.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Resilio sync secret keys can now be provided using a secrets
|
||||
|
@ -78,6 +78,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
|
||||
- The new option `users.motdFile` allows configuring a Message Of The Day that can be updated dynamically.
|
||||
|
||||
- Enabling global redirect in `services.nginx.virtualHosts` now allows one to add exceptions with the `locations` option.
|
||||
|
||||
- Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store.
|
||||
|
||||
- The `services.fwupd` module now allows arbitrary daemon settings to be configured in a structured manner ([`services.fwupd.daemonSettings`](#opt-services.fwupd.daemonSettings)).
|
||||
|
@ -318,7 +318,9 @@ let
|
||||
${acmeLocation}
|
||||
${optionalString (vhost.root != null) "root ${vhost.root};"}
|
||||
${optionalString (vhost.globalRedirect != null) ''
|
||||
return 301 http${optionalString hasSSL "s"}://${vhost.globalRedirect}$request_uri;
|
||||
location / {
|
||||
return 301 http${optionalString hasSSL "s"}://${vhost.globalRedirect}$request_uri;
|
||||
}
|
||||
''}
|
||||
${optionalString hasSSL ''
|
||||
ssl_certificate ${vhost.sslCertificate};
|
||||
|
@ -435,6 +435,7 @@ in {
|
||||
nginx = handleTest ./nginx.nix {};
|
||||
nginx-auth = handleTest ./nginx-auth.nix {};
|
||||
nginx-etag = handleTest ./nginx-etag.nix {};
|
||||
nginx-globalredirect = handleTest ./nginx-globalredirect.nix {};
|
||||
nginx-http3 = handleTest ./nginx-http3.nix {};
|
||||
nginx-modsecurity = handleTest ./nginx-modsecurity.nix {};
|
||||
nginx-njs = handleTest ./nginx-njs.nix {};
|
||||
|
24
nixos/tests/nginx-globalredirect.nix
Normal file
24
nixos/tests/nginx-globalredirect.nix
Normal file
@ -0,0 +1,24 @@
|
||||
import ./make-test-python.nix ({ pkgs, ... }: {
|
||||
name = "nginx-globalredirect";
|
||||
|
||||
nodes = {
|
||||
webserver = { pkgs, lib, ... }: {
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts.localhost = {
|
||||
globalRedirect = "other.example.com";
|
||||
# Add an exception
|
||||
locations."/noredirect".return = "200 'foo'";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
webserver.wait_for_unit("nginx")
|
||||
webserver.wait_for_open_port(80)
|
||||
|
||||
webserver.succeed("curl --fail -si http://localhost/alf | grep '^Location:.*/alf'")
|
||||
webserver.fail("curl --fail -si http://localhost/noredirect | grep '^Location:'")
|
||||
'';
|
||||
})
|
@ -176,7 +176,7 @@ stdenv.mkDerivation {
|
||||
passthru = {
|
||||
modules = modules;
|
||||
tests = {
|
||||
inherit (nixosTests) nginx nginx-auth nginx-etag nginx-http3 nginx-pubhtml nginx-sandbox nginx-sso;
|
||||
inherit (nixosTests) nginx nginx-auth nginx-etag nginx-globalredirect nginx-http3 nginx-pubhtml nginx-sandbox nginx-sso;
|
||||
variants = lib.recurseIntoAttrs nixosTests.nginx-variants;
|
||||
acme-integration = nixosTests.acme;
|
||||
} // passthru.tests;
|
||||
|
Loading…
Reference in New Issue
Block a user