sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

modules/nixos/nginx: add quic

Browse source
This commit is contained in:
zowoq 2024-10-10 17:07:37 +10:00
parent 4c092973f8
commit c3df4ff2b9
1 changed files with 11 additions and 1 deletions

12
modules/nixos/nginx.nix
View file

@ -13,8 +13,12 @@
enableACME = lib.mkDefault true; enableACME = lib.mkDefault true;
forceSSL = lib.mkDefault true; forceSSL = lib.mkDefault true;
kTLS = true; kTLS = true;
quic = true;
extraConfig = '' extraConfig = ''
quic_gso on;
quic_retry on;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
add_header X-Robots-Tag "none, noarchive, nosnippet"; add_header X-Robots-Tag "none, noarchive, nosnippet";
''; '';
@ -30,7 +34,12 @@
imports = [ inputs.srvos.nixosModules.mixins-nginx ]; imports = [ inputs.srvos.nixosModules.mixins-nginx ];
config = { config = {
networking.firewall.allowedUDPPorts = [ 443 ];
services.nginx = { services.nginx = {
package = pkgs.nginxQuic;
enableQuicBPF = true;
appendConfig = '' appendConfig = ''
pcre_jit on; pcre_jit on;
worker_processes auto; worker_processes auto;
@ -40,7 +49,8 @@
virtualHosts."${config.networking.hostName}.nix-community.org" = { virtualHosts."${config.networking.hostName}.nix-community.org" = {
default = true; default = true;
locations."/".return = "404"; locations."/".return = "404";
reuseport = true; # should only be set for one virtualHost # required for (quic && `worker_processes auto`), should only be set for one virtualHost
reuseport = true;
}; };
# localhost is used by the nginx status page # localhost is used by the nginx status page