mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-20 12:29:02 +02:00
Merge pull request #271506 from Misterio77/nginx-redirect-status-code
This commit is contained in:
commit
3bb93fb2cd
|
@ -57,6 +57,10 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
|
||||||
existing process, but will need to start that process from gdb (so it is a
|
existing process, but will need to start that process from gdb (so it is a
|
||||||
child). Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0.
|
child). Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0.
|
||||||
|
|
||||||
|
- [Nginx virtual hosts](#opt-services.nginx.virtualHosts) using `forceSSL` or
|
||||||
|
`globalRedirect` can now have redirect codes other than 301 through
|
||||||
|
`redirectCode`.
|
||||||
|
|
||||||
- Gitea 1.21 upgrade has several breaking changes, including:
|
- Gitea 1.21 upgrade has several breaking changes, including:
|
||||||
- Custom themes and other assets that were previously stored in `custom/public/*` now belong in `custom/public/assets/*`
|
- Custom themes and other assets that were previously stored in `custom/public/*` now belong in `custom/public/assets/*`
|
||||||
- New instances of Gitea using MySQL now ignore the `[database].CHARSET` config option and always use the `utf8mb4` charset, existing instances should migrate via the `gitea doctor convert` CLI command.
|
- New instances of Gitea using MySQL now ignore the `[database].CHARSET` config option and always use the `utf8mb4` charset, existing instances should migrate via the `gitea doctor convert` CLI command.
|
||||||
|
|
|
@ -377,7 +377,7 @@ let
|
||||||
server_name ${vhost.serverName} ${concatStringsSep " " vhost.serverAliases};
|
server_name ${vhost.serverName} ${concatStringsSep " " vhost.serverAliases};
|
||||||
${acmeLocation}
|
${acmeLocation}
|
||||||
location / {
|
location / {
|
||||||
return 301 https://$host$request_uri;
|
return ${toString vhost.redirectCode} https://$host$request_uri;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
''}
|
''}
|
||||||
|
@ -396,7 +396,7 @@ let
|
||||||
${optionalString (vhost.root != null) "root ${vhost.root};"}
|
${optionalString (vhost.root != null) "root ${vhost.root};"}
|
||||||
${optionalString (vhost.globalRedirect != null) ''
|
${optionalString (vhost.globalRedirect != null) ''
|
||||||
location / {
|
location / {
|
||||||
return 301 http${optionalString hasSSL "s"}://${vhost.globalRedirect}$request_uri;
|
return ${toString vhost.redirectCode} http${optionalString hasSSL "s"}://${vhost.globalRedirect}$request_uri;
|
||||||
}
|
}
|
||||||
''}
|
''}
|
||||||
${optionalString hasSSL ''
|
${optionalString hasSSL ''
|
||||||
|
|
|
@ -162,10 +162,11 @@ with lib;
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Whether to add a separate nginx server block that permanently redirects (301)
|
Whether to add a separate nginx server block that redirects (defaults
|
||||||
all plain HTTP traffic to HTTPS. This will set defaults for
|
to 301, configurable with `redirectCode`) all plain HTTP traffic to
|
||||||
`listen` to listen on all interfaces on the respective default
|
HTTPS. This will set defaults for `listen` to listen on all interfaces
|
||||||
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
|
on the respective default ports (80, 443), where the non-SSL listens
|
||||||
|
are used for the redirect vhosts.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -307,8 +308,20 @@ with lib;
|
||||||
default = null;
|
default = null;
|
||||||
example = "newserver.example.org";
|
example = "newserver.example.org";
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
If set, all requests for this host are redirected permanently to
|
If set, all requests for this host are redirected (defaults to 301,
|
||||||
the given hostname.
|
configurable with `redirectCode`) to the given hostname.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
redirectCode = mkOption {
|
||||||
|
type = types.ints.between 300 399;
|
||||||
|
default = 301;
|
||||||
|
example = 308;
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases
|
||||||
|
include temporary (302, 307) redirects, keeping the request method and
|
||||||
|
body (307, 308), or explicitly resetting the method to GET (303).
|
||||||
|
See <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -583,6 +583,7 @@ in {
|
||||||
nginx-njs = handleTest ./nginx-njs.nix {};
|
nginx-njs = handleTest ./nginx-njs.nix {};
|
||||||
nginx-proxyprotocol = handleTest ./nginx-proxyprotocol {};
|
nginx-proxyprotocol = handleTest ./nginx-proxyprotocol {};
|
||||||
nginx-pubhtml = handleTest ./nginx-pubhtml.nix {};
|
nginx-pubhtml = handleTest ./nginx-pubhtml.nix {};
|
||||||
|
nginx-redirectcode = handleTest ./nginx-redirectcode.nix {};
|
||||||
nginx-sso = handleTest ./nginx-sso.nix {};
|
nginx-sso = handleTest ./nginx-sso.nix {};
|
||||||
nginx-status-page = handleTest ./nginx-status-page.nix {};
|
nginx-status-page = handleTest ./nginx-status-page.nix {};
|
||||||
nginx-tmpdir = handleTest ./nginx-tmpdir.nix {};
|
nginx-tmpdir = handleTest ./nginx-tmpdir.nix {};
|
||||||
|
|
25
nixos/tests/nginx-redirectcode.nix
Normal file
25
nixos/tests/nginx-redirectcode.nix
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
||||||
|
name = "nginx-redirectcode";
|
||||||
|
meta.maintainers = with lib.maintainers; [ misterio77 ];
|
||||||
|
|
||||||
|
nodes = {
|
||||||
|
webserver = { pkgs, lib, ... }: {
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts.localhost = {
|
||||||
|
globalRedirect = "example.com/foo";
|
||||||
|
# With 308 (and 307), the method and body are to be kept when following it
|
||||||
|
redirectCode = 308;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
testScript = ''
|
||||||
|
webserver.wait_for_unit("nginx")
|
||||||
|
webserver.wait_for_open_port(80)
|
||||||
|
|
||||||
|
# Check the status code
|
||||||
|
webserver.succeed("curl -si http://localhost | grep '^HTTP/[0-9.]\+ 308 Permanent Redirect'")
|
||||||
|
'';
|
||||||
|
})
|
Loading…
Reference in a new issue