nixos/nginx: Allow empty port for listen directive

lol

When listening on unix sockets, it doesn't make sense to specify a port
for nginx's listen directive.

Since nginx defaults to port 80 when the port isn't specified (but the
address is), we can change the default for the option to null as well
without changing any behaviour.

Carl Dong 2 years ago e5c2c712 354d1279

+57 -6

6 changed files

expand all

nixos

lib

test-driver

test_driver

machine.py

modules

services

web-servers

nginx

default.nix

vhost-options.nix

tests

all-tests.nix

nginx-unix-socket.nix

pkgs

servers

http

nginx

generic.nix

+22

nixos/lib/test-driver/test_driver/machine.py

··· 791 791 with self.nested(f"waiting for TCP port {port} on {addr}"): 792 792 retry(port_is_open, timeout) 793 793 794 + def wait_for_open_unix_socket( 795 + self, addr: str, is_datagram: bool = False, timeout: int = 900 796 + ) -> None: 797 + """ 798 + Wait until a process is listening on the given UNIX-domain socket 799 + (default to a UNIX-domain stream socket). 800 + """ 801 + 802 + nc_flags = [ 803 + "-z", 804 + "-uU" if is_datagram else "-U", 805 + ] 806 + 807 + def socket_is_open(_: Any) -> bool: 808 + status, _ = self.execute(f"nc {' '.join(nc_flags)} {addr}") 809 + return status == 0 810 + 811 + with self.nested( 812 + f"waiting for UNIX-domain {'datagram' if is_datagram else 'stream'} on '{addr}'" 813 + ): 814 + retry(socket_is_open, timeout) 815 + 794 816 def wait_for_closed_port( 795 817 self, port: int, addr: str = "localhost", timeout: int = 900 796 818 ) -> None:

+2 -2

nixos/modules/services/web-servers/nginx/default.nix

··· 329 329 listenString = { addr, port, ssl, proxyProtocol ? false, extraParameters ? [], ... }: 330 330 # UDP listener for QUIC transport protocol. 331 331 (optionalString (ssl && vhost.quic) (" 332 - listen ${addr}:${toString port} quic " 332 + listen ${addr}${optionalString (port != null) ":${toString port}"} quic " 333 333 + optionalString vhost.default "default_server " 334 334 + optionalString vhost.reuseport "reuseport " 335 335 + optionalString (extraParameters != []) (concatStringsSep " " ··· 338 338 in filter isCompatibleParameter extraParameters)) 339 339 + ";")) 340 340 + " 341 - listen ${addr}:${toString port} " 341 + listen ${addr}${optionalString (port != null) ":${toString port}"} " 342 342 + optionalString (ssl && vhost.http2 && oldHTTP2) "http2 " 343 343 + optionalString ssl "ssl " 344 344 + optionalString vhost.default "default_server "

+4 -3

nixos/modules/services/web-servers/nginx/vhost-options.nix

··· 31 31 options = { 32 32 addr = mkOption { 33 33 type = str; 34 - description = lib.mdDoc "IP address."; 34 + description = lib.mdDoc "Listen address."; 35 35 }; 36 36 port = mkOption { 37 - type = port; 37 + type = types.nullOr port; 38 38 description = lib.mdDoc "Port number."; 39 - default = 80; 39 + default = null; 40 40 }; 41 41 ssl = mkOption { 42 42 type = bool; ··· 60 60 example = [ 61 61 { addr = "195.154.1.1"; port = 443; ssl = true; } 62 62 { addr = "192.154.1.1"; port = 80; } 63 + { addr = "unix:/var/run/nginx.sock"; } 63 64 ]; 64 65 description = lib.mdDoc '' 65 66 Listen addresses and ports for this virtual host.

nixos/tests/all-tests.nix

··· 555 555 nginx-sso = handleTest ./nginx-sso.nix {}; 556 556 nginx-status-page = handleTest ./nginx-status-page.nix {}; 557 557 nginx-tmpdir = handleTest ./nginx-tmpdir.nix {}; 558 + nginx-unix-socket = handleTest ./nginx-unix-socket.nix {}; 558 559 nginx-variants = handleTest ./nginx-variants.nix {}; 559 560 nifi = handleTestOn ["x86_64-linux"] ./web-apps/nifi.nix {}; 560 561 nitter = handleTest ./nitter.nix {};

+27

nixos/tests/nginx-unix-socket.nix

··· 1 + import ./make-test-python.nix ({ pkgs, ... }: 2 + let 3 + nginxSocketPath = "/var/run/nginx/test.sock"; 4 + in 5 + { 6 + name = "nginx-unix-socket"; 7 + 8 + nodes = { 9 + webserver = { pkgs, lib, ... }: { 10 + services.nginx = { 11 + enable = true; 12 + virtualHosts.localhost = { 13 + serverName = "localhost"; 14 + listen = [{ addr = "unix:${nginxSocketPath}"; }]; 15 + locations."/test".return = "200 'foo'"; 16 + }; 17 + }; 18 + }; 19 + }; 20 + 21 + testScript = '' 22 + webserver.wait_for_unit("nginx") 23 + webserver.wait_for_open_unix_socket("${nginxSocketPath}") 24 + 25 + webserver.succeed("curl --fail --silent --unix-socket '${nginxSocketPath}' http://localhost/test | grep '^foo$'") 26 + ''; 27 + })

+1 -1

pkgs/servers/http/nginx/generic.nix

··· 178 178 passthru = { 179 179 inherit modules; 180 180 tests = { 181 - inherit (nixosTests) nginx nginx-auth nginx-etag nginx-globalredirect nginx-http3 nginx-proxyprotocol nginx-pubhtml nginx-sandbox nginx-sso nginx-status-page; 181 + inherit (nixosTests) nginx nginx-auth nginx-etag nginx-globalredirect nginx-http3 nginx-proxyprotocol nginx-pubhtml nginx-sandbox nginx-sso nginx-status-page nginx-unix-socket; 182 182 variants = lib.recurseIntoAttrs nixosTests.nginx-variants; 183 183 acme-integration = nixosTests.acme; 184 184 } // passthru.tests;