pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #188002 from Izorkin/update-nginx-brotli

authored by Naïm Favier and committed by GitHub 9fdbf018 7592c514

+77 -9
unified split
+8
nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
··· 393 </listitem> 394 <listitem> 395 <para> 396 Resilio sync secret keys can now be provided using a secrets 397 file at runtime, preventing these secrets from ending up in 398 the Nix store.
··· 393 </listitem> 394 <listitem> 395 <para> 396 + A new option <literal>recommendedBrotliSettings</literal> has 397 + been added to <literal>services.nginx</literal>. Learn more 398 + about compression in Brotli format 399 + <link xlink:href="https://github.com/google/ngx_brotli/blob/master/README.md">here</link>. 400 + </para> 401 + </listitem> 402 + <listitem> 403 + <para> 404 Resilio sync secret keys can now be provided using a secrets 405 file at runtime, preventing these secrets from ending up in 406 the Nix store.
+2
nixos/doc/manual/release-notes/rl-2305.section.md
··· 107 108 - Enabling global redirect in `services.nginx.virtualHosts` now allows one to add exceptions with the `locations` option. 109 110 - Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store. 111 112 - The `firewall` and `nat` module now has a nftables based implementation. Enable `networking.nftables` to use it.
··· 107 108 - Enabling global redirect in `services.nginx.virtualHosts` now allows one to add exceptions with the `locations` option. 109 110 + - A new option `recommendedBrotliSettings` has been added to `services.nginx`. Learn more about compression in Brotli format [here](https://github.com/google/ngx_brotli/blob/master/README.md). 111 + 112 - Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store. 113 114 - The `firewall` and `nat` module now has a nftables based implementation. Enable `networking.nftables` to use it.
+1 -1
nixos/modules/services/web-apps/discourse.nix
··· 820 821 services.nginx = lib.mkIf cfg.nginx.enable { 822 enable = true; 823 - additionalModules = [ pkgs.nginxModules.brotli ]; 824 825 recommendedTlsSettings = true; 826 recommendedOptimisation = true; 827 recommendedGzipSettings = true; 828 recommendedProxySettings = true; 829
··· 820 821 services.nginx = lib.mkIf cfg.nginx.enable { 822 enable = true; 823 824 recommendedTlsSettings = true; 825 recommendedOptimisation = true; 826 + recommendedBrotliSettings = true; 827 recommendedGzipSettings = true; 828 recommendedProxySettings = true; 829
+61 -3
nixos/modules/services/web-servers/nginx/default.nix
··· 29 ) cfg.virtualHosts; 30 enableIPv6 = config.networking.enableIPv6; 31 32 defaultFastcgiParams = { 33 SCRIPT_FILENAME = "$document_root$fastcgi_script_name"; 34 QUERY_STRING = "$query_string"; ··· 138 # OCSP stapling 139 ssl_stapling on; 140 ssl_stapling_verify on; 141 ''} 142 143 ${optionalString (cfg.recommendedGzipSettings) '' ··· 456 ''; 457 }; 458 459 recommendedGzipSettings = mkOption { 460 default = false; 461 type = types.bool; ··· 537 additionalModules = mkOption { 538 default = []; 539 type = types.listOf (types.attrsOf types.anything); 540 - example = literalExpression "[ pkgs.nginxModules.brotli ]"; 541 description = lib.mdDoc '' 542 Additional [third-party nginx modules](https://www.nginx.com/resources/wiki/modules/) 543 - to install. Packaged modules are available in 544 - `pkgs.nginxModules`. 545 ''; 546 }; 547 ··· 998 cert = config.security.acme.certs.${name}; 999 groups = config.users.groups; 1000 }) dependentCertNames; 1001 1002 systemd.services.nginx = { 1003 description = "Nginx Web Server";
··· 29 ) cfg.virtualHosts; 30 enableIPv6 = config.networking.enableIPv6; 31 32 + # Mime.types values are taken from brotli sample configuration - https://github.com/google/ngx_brotli 33 + # and Nginx Server Configs - https://github.com/h5bp/server-configs-nginx 34 + compressMimeTypes = [ 35 + "application/atom+xml" 36 + "application/geo+json" 37 + "application/json" 38 + "application/ld+json" 39 + "application/manifest+json" 40 + "application/rdf+xml" 41 + "application/vnd.ms-fontobject" 42 + "application/wasm" 43 + "application/x-rss+xml" 44 + "application/x-web-app-manifest+json" 45 + "application/xhtml+xml" 46 + "application/xliff+xml" 47 + "application/xml" 48 + "font/collection" 49 + "font/otf" 50 + "font/ttf" 51 + "image/bmp" 52 + "image/svg+xml" 53 + "image/vnd.microsoft.icon" 54 + "text/cache-manifest" 55 + "text/calendar" 56 + "text/css" 57 + "text/csv" 58 + "text/html" 59 + "text/javascript" 60 + "text/markdown" 61 + "text/plain" 62 + "text/vcard" 63 + "text/vnd.rim.location.xloc" 64 + "text/vtt" 65 + "text/x-component" 66 + "text/xml" 67 + ]; 68 + 69 defaultFastcgiParams = { 70 SCRIPT_FILENAME = "$document_root$fastcgi_script_name"; 71 QUERY_STRING = "$query_string"; ··· 175 # OCSP stapling 176 ssl_stapling on; 177 ssl_stapling_verify on; 178 + ''} 179 + 180 + ${optionalString (cfg.recommendedBrotliSettings) '' 181 + brotli on; 182 + brotli_static on; 183 + brotli_comp_level 5; 184 + brotli_window 512k; 185 + brotli_min_length 256; 186 + brotli_types ${lib.concatStringsSep " " compressMimeTypes}; 187 + brotli_buffers 32 8k; 188 ''} 189 190 ${optionalString (cfg.recommendedGzipSettings) '' ··· 503 ''; 504 }; 505 506 + recommendedBrotliSettings = mkOption { 507 + default = false; 508 + type = types.bool; 509 + description = lib.mdDoc '' 510 + Enable recommended brotli settings. Learn more about compression in Brotli format [here](https://github.com/google/ngx_brotli/blob/master/README.md). 511 + 512 + This adds `pkgs.nginxModules.brotli` to `services.nginx.additionalModules`. 513 + ''; 514 + }; 515 + 516 recommendedGzipSettings = mkOption { 517 default = false; 518 type = types.bool; ··· 594 additionalModules = mkOption { 595 default = []; 596 type = types.listOf (types.attrsOf types.anything); 597 + example = literalExpression "[ pkgs.nginxModules.echo ]"; 598 description = lib.mdDoc '' 599 Additional [third-party nginx modules](https://www.nginx.com/resources/wiki/modules/) 600 + to install. Packaged modules are available in `pkgs.nginxModules`. 601 ''; 602 }; 603 ··· 1054 cert = config.security.acme.certs.${name}; 1055 groups = config.users.groups; 1056 }) dependentCertNames; 1057 + 1058 + services.nginx.additionalModules = optional cfg.recommendedBrotliSettings pkgs.nginxModules.brotli; 1059 1060 systemd.services.nginx = { 1061 description = "Nginx Web Server";
+5 -5
pkgs/servers/http/nginx/modules.nix
··· 102 103 brotli = { 104 name = "brotli"; 105 - src = let gitsrc = fetchFromGitHub { 106 name = "brotli"; 107 owner = "google"; 108 repo = "ngx_brotli"; 109 - rev = "25f86f0bac1101b6512135eac5f93c49c63609e3"; 110 - sha256 = "02hfvfa6milj40qc2ikpb9f95sxqvxk4hly3x74kqhysbdi06hhv"; 111 }; in 112 - runCommand "ngx_brotli-src" { } '' 113 - cp -a ${gitsrc} $out 114 substituteInPlace $out/filter/config \ 115 --replace '$ngx_addon_dir/deps/brotli/c' ${lib.getDev brotli} 116 '';
··· 102 103 brotli = { 104 name = "brotli"; 105 + src = let src' = fetchFromGitHub { 106 name = "brotli"; 107 owner = "google"; 108 repo = "ngx_brotli"; 109 + rev = "6e975bcb015f62e1f303054897783355e2a877dc"; 110 + sha256 = "sha256-G0IDYlvaQzzJ6cNTSGbfuOuSXFp3RsEwIJLGapTbDgo="; 111 }; in 112 + runCommand "brotli" { } '' 113 + cp -a ${src'} $out 114 substituteInPlace $out/filter/config \ 115 --replace '$ngx_addon_dir/deps/brotli/c' ${lib.getDev brotli} 116 '';