Nghttpx
services.nghttpx.backend-address-family
Specify address family of backend connections. If "auto" is given, both IPv4 and IPv6 are considered. If "IPv4" is given, only IPv4 address is considered. If "IPv6" is given, only IPv6 address is considered.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--backend-address-family
Type: one of "auto", "IPv4", "IPv6"
Default
"auto"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.backends
A list of backend specifications.
Type: list of (submodule)
Example
[{params = {proto = "http/1.1";redirect-if-not-tls = true;};patterns = ["/"];server = {host = "172.16.0.22";port = 8443;};}]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.backends.*.params
Parameters to configure a backend.
Type: null or (submodule)
Default
null
Example
{proto = "h2";tls = true;}
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.backends.*.params.affinity
If "ip" is given, client IP based session affinity is enabled. If "none" is given, session affinity is disabled.
Session affinity is enabled (by nghttpx) per-backend pattern. If at least one backend has a non-"none" affinity, then session affinity is enabled for all backend servers sharing the same pattern.
It is advised to set affinity on all backends explicitly if session affinity is desired. The session affinity may break if one of the backend gets unreachable, or backend settings are reloaded or replaced by API.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: one of "ip", "none"
Default
"none"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.backends.*.params.dns
Name resolution of a backends host name is done at start up, or configuration reload. If "dns" is true, name resolution takes place dynamically.
This is useful if a backends address changes frequently. If "dns" is true, name resolution of a backend's host name at start up, or configuration reload is skipped.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.backends.*.params.fall
If nghttpx cannot connect to the backend N times in a row, the backend is assumed to be offline and is excluded from load balancing. If N is 0 the backend is never excluded from load balancing.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: signed integer
Default
0
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.backends.*.params.proto
This option configures the protocol the backend server expects to use.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: one of "h2", "http/1.1"
Default
"http/1.1"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.backends.*.params.redirect-if-not-tls
If true, a backend match requires the frontend connection be TLS encrypted. If it is not, nghttpx responds to the request with a 308 status code and https URI the client should use instead in the Location header.
The port number in the redirect URI is 443 by default and can be changed using 'services.nghttpx.redirect-https-port' option.
If at least one backend has "redirect-if-not-tls" set to true, this feature is enabled for all backend servers with the same pattern. It is advised to set "redirect-if-no-tls" parameter to all backends explicitly if this feature is desired.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.backends.*.params.rise
If the backend is excluded from load balancing, nghttpx will periodically attempt to make a connection to the backend. If the connection is successful N times in a row the backend is re-included in load balancing. If N is 0 a backend is never reconsidered for load balancing once it falls.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: signed integer
Default
0
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.backends.*.params.sni
Override the TLS SNI field value. This value (in nghttpx) defaults to the host value of the backend configuration.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: null or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.backends.*.params.tls
This option determines whether nghttpx will negotiate its connection with a backend server using TLS or not. The burden is on the backend server to provide the TLS certificate!
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.backends.*.patterns
List of nghttpx backend patterns.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more information on the pattern syntax and nghttpxs behavior.
Type: list of string
Default
[ ]
Example
["*.host.net/v1/""host.org/v2/mypath""/somepath"]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.backends.*.server
Backend server location specified as either a host:port pair or a unix domain docket.
Type: (submodule) or path
Default
{host = "127.0.0.1";port = 80;}
Example
{host = "127.0.0.1";port = 8888;}
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.backlog
Listen backlog size.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--backlog
Type: signed integer
Default
65536
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.enable
Whether to enable nghttpx.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.extraConfig
Extra configuration options to be appended to the generated configuration file.
Type: strings concatenated with "\n"
Default
""
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.frontends
A list of frontend listener specifications.
Type: list of (submodule)
Example
[{params = {tls = "no-tls";};server = {host = "*";port = 80;};}]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.frontends.*.params
Parameters to configure a backend.
Type: null or (submodule)
Default
null
Example
{tls = "tls";}
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.frontends.*.params.api
Enable API access for this frontend. This enables you to dynamically modify nghttpx at run-time therefore this feature is disabled by default and should be turned on with care.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.frontends.*.params.healthmon
Make this frontend a health monitor endpoint. Any request received on this frontend is responded to with a 200 OK.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.frontends.*.params.proxyproto
Accept PROXY protocol version 1 on frontend connection.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.frontends.*.params.sni-fwd
When performing a match to select a backend server, SNI host name received from the client is used instead of the request host. See --backend option about the pattern match.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.frontends.*.params.tls
Enable or disable TLS. If true (enabled) the key and certificate must be configured for nghttpx.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: one of "tls", "no-tls"
Default
"tls"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.frontends.*.server
Frontend server interface binding specification as either a host:port pair or a unix domain docket.
NB: a host of "*" listens on all interfaces and includes IPv6 addresses.
Type: (submodule) or path
Default
{host = "127.0.0.1";port = 80;}
Example
{host = "127.0.0.1";port = 8888;}
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.rlimit-nofile
Set maximum number of open files (RLIMIT_NOFILE) to \<N>. If 0 is given, nghttpx does not set the limit.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--rlimit-nofile
Type: signed integer
Default
0
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.single-process
Run this program in a single process mode for debugging purpose. Without this option, nghttpx creates at least 2 processes: master and worker processes. If this option is used, master and worker are unified into a single process. nghttpx still spawns additional process if neverbleed is used. In the single process mode, the signal handling feature is disabled.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--single-process
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.single-thread
Run everything in one thread inside the worker process. This feature is provided for better debugging experience, or for the platforms which lack thread support. If threading is disabled, this option is always enabled.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--single-thread
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.tls
TLS certificate and key paths. Note that this does not enable
TLS for a frontend listener, to do so, a frontend
specification must set params.tls to true.
Type: null or (submodule)
Default
null
Example
{crt = "/etc/ssl/certs/server.crt";key = "/etc/ssl/keys/server.key";}
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.tls.crt
Path to the TLS certificate file.
Type: string
Default
"/etc/ssl/certs/server.crt"
Example
"/etc/ssl/certs/mycert.crt"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.tls.key
Path to the TLS key file.
Type: string
Default
"/etc/ssl/keys/server.key"
Example
"/etc/ssl/keys/mykeyfile.key"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix
services.nghttpx.workers
Set the number of worker threads.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-n
Type: signed integer
Default
1
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nghttpx/nghttpx-options.nix