Merge pull request #20366 from MarcWeber/submit/apache-port-to-listen

pyrox.dev / nixpkgs

fork atom

lol

fork atom

apache-httpd

authored by

Michael Raskin and committed by

GitHub 9 years ago 36010e70 fcc5a4d3

+52 -16

2 changed files

expand all

unified split

nixos

modules

services

web-servers

apache-httpd

default.nix

per-server-options.nix

+29 -14

nixos/modules/services/web-servers/apache-httpd/default.nix

··· 16 16 17 17 phpMajorVersion = head (splitString "." php.version); 18 18 19 - getPort = cfg: if cfg.port != 0 then cfg.port else if cfg.enableSSL then 443 else 80; 19 + defaultListen = cfg: if cfg.enableSSL 20 + then [{ip = "*"; port = 443;}] 21 + else [{ip = "*"; port = 80;}]; 22 + 23 + getListen = cfg: 24 + let list = (lib.optional (cfg.port != 0) {ip = "*"; port = cfg.port;}) ++ cfg.listen; 25 + in if list == [] 26 + then defaultListen cfg 27 + else list; 28 + 29 + listenToString = l: "${l.ip}:${toString l.port}"; 20 30 21 31 extraModules = attrByPath ["extraModules"] [] mainCfg; 22 32 extraForeignModules = filter isAttrs extraModules; ··· 25 35 26 36 makeServerInfo = cfg: { 27 37 # Canonical name must not include a trailing slash. 28 - canonicalName = 29 - (if cfg.enableSSL then "https" else "http") + "://" + 30 - cfg.hostName + 31 - (if getPort cfg != (if cfg.enableSSL then 443 else 80) then ":${toString (getPort cfg)}" else ""); 38 + canonicalNames = 39 + let defaultPort = (head (defaultListen cfg)).port; in 40 + map (port: 41 + (if cfg.enableSSL then "https" else "http") + "://" + 42 + cfg.hostName + 43 + (if port != defaultPort then ":${toString port}" else "") 44 + ) (map (x: x.port) (getListen cfg)); 32 45 33 46 # Admin address: inherit from the main server if not specified for 34 47 # a virtual host. ··· 224 237 ++ (map (svc: svc.robotsEntries) subservices))); 225 238 226 239 in '' 227 - ServerName ${serverInfo.canonicalName} 240 + ${concatStringsSep "\n" (map (n: "ServerName ${n}") serverInfo.canonicalNames)} 228 241 229 242 ${concatMapStrings (alias: "ServerAlias ${alias}\n") cfg.serverAliases} 230 243 ··· 326 339 </IfModule> 327 340 328 341 ${let 329 - ports = map getPort allHosts; 330 - uniquePorts = uniqList {inputList = ports;}; 331 - in concatMapStrings (port: "Listen ${toString port}\n") uniquePorts 342 + listen = concatMap getListen allHosts; 343 + toStr = listen: "Listen ${listenToString listen}\n"; 344 + uniqueListen = uniqList {inputList = map toStr listen;}; 345 + in concatStrings uniqueListen 332 346 } 333 347 334 348 User ${mainCfg.user} ··· 382 396 383 397 # Always enable virtual hosts; it doesn't seem to hurt. 384 398 ${let 385 - ports = map getPort allHosts; 386 - uniquePorts = uniqList {inputList = ports;}; 387 - directives = concatMapStrings (port: "NameVirtualHost *:${toString port}\n") uniquePorts; 399 + listen = concatMap getListen allHosts; 400 + uniqueListen = uniqList {inputList = listen;}; 401 + directives = concatMapStrings (listen: "NameVirtualHost ${listenToString listen}\n") uniqueListen; 388 402 in optionalString (!version24) directives 389 403 } 390 404 391 405 ${let 392 406 makeVirtualHost = vhost: '' 393 - <VirtualHost *:${toString (getPort vhost)}> 407 + <VirtualHost ${concatStringsSep " " (map listenToString (getListen vhost))}> 394 408 ${perServerConf false vhost} 395 409 </VirtualHost> 396 410 ''; ··· 628 642 message = "SSL is enabled for httpd, but sslServerCert and/or sslServerKey haven't been specified."; } 629 643 ]; 630 644 645 + warnings = map (cfg: ''apache-httpd's port option is deprecated. Use listen = [{/*ip = "*"; */ port = ${toString cfg.port}";}]; instead'' ) (lib.filter (cfg: cfg.port != 0) allHosts); 646 + 631 647 users.extraUsers = optionalAttrs (mainCfg.user == "wwwrun") (singleton 632 648 { name = "wwwrun"; 633 649 group = mainCfg.group; ··· 712 728 }; 713 729 714 730 }; 715 - 716 731 }

+23 -2

nixos/modules/services/web-servers/apache-httpd/per-server-options.nix

··· 28 28 type = types.int; 29 29 default = 0; 30 30 description = '' 31 - Port for the server. 0 means use the default port: 80 for http 32 - and 443 for https (i.e. when enableSSL is set). 31 + Port for the server. Option will be removed, use <option>listen</option> instead. 32 + ''; 33 + }; 34 + 35 + listen = mkOption { 36 + type = types.listOf (types.submodule ( 37 + { 38 + options = { 39 + port = mkOption { 40 + type = types.int; 41 + description = "port to listen on"; 42 + }; 43 + ip = mkOption { 44 + type = types.string; 45 + default = "*"; 46 + description = "Ip to listen on. 0.0.0.0 for ipv4 only, * for all."; 47 + }; 48 + }; 49 + } )); 50 + description = '' 51 + List of { /* ip: "*"; */ port = 80;} to listen on 33 52 ''; 53 + 54 + default = []; 34 55 }; 35 56 36 57 enableSSL = mkOption {