swendel/nixpkgs
1
0
Fork 0
mirror of https://github.com/SebastianWendel/nixpkgs.git synced 2024-09-20 12:29:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #271506 from Misterio77/nginx-redirect-status-code

Browse source
This commit is contained in:
Ryan Lahfa 2023-12-12 14:05:33 +01:00 committed by GitHub
parent 7fe7e5a346 a3c60d2ddc
commit 3bb93fb2cd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 51 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
nixos/doc/manual/release-notes/rl-2405.section.md
View file

@ -57,6 +57,10 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
existing process, but will need to start that process from gdb (so it is a existing process, but will need to start that process from gdb (so it is a
child). Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0. child). Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0.
- [Nginx virtual hosts](#opt-services.nginx.virtualHosts) using `forceSSL` or
`globalRedirect` can now have redirect codes other than 301 through
`redirectCode`.
- Gitea 1.21 upgrade has several breaking changes, including: - Gitea 1.21 upgrade has several breaking changes, including:
- Custom themes and other assets that were previously stored in `custom/public/*` now belong in `custom/public/assets/*` - Custom themes and other assets that were previously stored in `custom/public/*` now belong in `custom/public/assets/*`
- New instances of Gitea using MySQL now ignore the `[database].CHARSET` config option and always use the `utf8mb4` charset, existing instances should migrate via the `gitea doctor convert` CLI command. - New instances of Gitea using MySQL now ignore the `[database].CHARSET` config option and always use the `utf8mb4` charset, existing instances should migrate via the `gitea doctor convert` CLI command.

4
nixos/modules/services/web-servers/nginx/default.nix
View file

@ -377,7 +377,7 @@ let
server_name ${vhost.serverName} ${concatStringsSep " " vhost.serverAliases}; server_name ${vhost.serverName} ${concatStringsSep " " vhost.serverAliases};
${acmeLocation} ${acmeLocation}
location / { location / {
return 301 https://$host$request_uri; return ${toString vhost.redirectCode} https://$host$request_uri;
} }
} }
''} ''}
@ -396,7 +396,7 @@ let
${optionalString (vhost.root != null) "root ${vhost.root};"} ${optionalString (vhost.root != null) "root ${vhost.root};"}
${optionalString (vhost.globalRedirect != null) '' ${optionalString (vhost.globalRedirect != null) ''
location / { location / {
return 301 http${optionalString hasSSL "s"}://${vhost.globalRedirect}$request_uri; return ${toString vhost.redirectCode} http${optionalString hasSSL "s"}://${vhost.globalRedirect}$request_uri;
} }
''} ''}
${optionalString hasSSL '' ${optionalString hasSSL ''

25
nixos/modules/services/web-servers/nginx/vhost-options.nix
View file

@ -162,10 +162,11 @@ with lib;
type = types.bool; type = types.bool;
default = false; default = false;
description = lib.mdDoc '' description = lib.mdDoc ''
Whether to add a separate nginx server block that permanently redirects (301) Whether to add a separate nginx server block that redirects (defaults
all plain HTTP traffic to HTTPS. This will set defaults for to 301, configurable with `redirectCode`) all plain HTTP traffic to
`listen` to listen on all interfaces on the respective default HTTPS. This will set defaults for `listen` to listen on all interfaces
ports (80, 443), where the non-SSL listens are used for the redirect vhosts. on the respective default ports (80, 443), where the non-SSL listens
are used for the redirect vhosts.
''; '';
}; };
@ -307,8 +308,20 @@ with lib;
default = null; default = null;
example = "newserver.example.org"; example = "newserver.example.org";
description = lib.mdDoc '' description = lib.mdDoc ''
If set, all requests for this host are redirected permanently to If set, all requests for this host are redirected (defaults to 301,
the given hostname. configurable with `redirectCode`) to the given hostname.
'';
};
redirectCode = mkOption {
type = types.ints.between 300 399;
default = 301;
example = 308;
description = lib.mdDoc ''
HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases
include temporary (302, 307) redirects, keeping the request method and
body (307, 308), or explicitly resetting the method to GET (303).
See <https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections>.
''; '';
}; };

1
nixos/tests/all-tests.nix
View file

@ -583,6 +583,7 @@ in {
nginx-njs = handleTest ./nginx-njs.nix {}; nginx-njs = handleTest ./nginx-njs.nix {};
nginx-proxyprotocol = handleTest ./nginx-proxyprotocol {}; nginx-proxyprotocol = handleTest ./nginx-proxyprotocol {};
nginx-pubhtml = handleTest ./nginx-pubhtml.nix {}; nginx-pubhtml = handleTest ./nginx-pubhtml.nix {};
nginx-redirectcode = handleTest ./nginx-redirectcode.nix {};
nginx-sso = handleTest ./nginx-sso.nix {}; nginx-sso = handleTest ./nginx-sso.nix {};
nginx-status-page = handleTest ./nginx-status-page.nix {}; nginx-status-page = handleTest ./nginx-status-page.nix {};
nginx-tmpdir = handleTest ./nginx-tmpdir.nix {}; nginx-tmpdir = handleTest ./nginx-tmpdir.nix {};

25
nixos/tests/nginx-redirectcode.nix Normal file
View file

@ -0,0 +1,25 @@
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "nginx-redirectcode";
meta.maintainers = with lib.maintainers; [ misterio77 ];
nodes = {
webserver = { pkgs, lib, ... }: {
services.nginx = {
enable = true;
virtualHosts.localhost = {
globalRedirect = "example.com/foo";
# With 308 (and 307), the method and body are to be kept when following it
redirectCode = 308;
};
};
};
};
testScript = ''
webserver.wait_for_unit("nginx")
webserver.wait_for_open_port(80)
# Check the status code
webserver.succeed("curl -si http://localhost | grep '^HTTP/[0-9.]\+ 308 Permanent Redirect'")
'';
})