Lots of fixes to Apache HTTPD configuration. Net result: I can have SSL-only SVN repository on :12443 and SSL-enabled http server with userDirs.

svn path=/nixos/trunk/; revision=11660
2024-09-20 12:29:02 +02:00 · 2008-04-19 10:21:42 +00:00 · 2008-04-19 10:21:42 +00:00 · 8fd2404adf
parent 02decddeb1
commit 8fd2404adf
2 changed files with 51 additions and 8 deletions
--- a/upstart-jobs/apache-httpd/default.nix
+++ b/upstart-jobs/apache-httpd/default.nix
@ -118,8 +118,6 @@ let

  # !!! integrate with virtual hosting below
  sslConf = ''
-    Listen ${toString cfg.httpsPort}
-
    SSLSessionCache dbm:${cfg.stateDir}/ssl_scache

    SSLMutex file:${cfg.stateDir}/ssl_mutex
@ -127,6 +125,8 @@ let
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin

+    NameVirtualHost *:${toString cfg.httpsPort}
+
    <VirtualHost _default_:${toString cfg.httpsPort}>

        SSLEngine on
@ -246,7 +246,20 @@ let
        MaxRequestsPerChild  0
    </IfModule>

-    Listen ${toString cfg.httpPort}
+    ${let
+        ports = pkgs.lib.uniqList {  
+	  inputList=(concatMap (localCfg: 
+	    (pkgs.lib.optional localCfg.enableHttp localCfg.httpPort) 
+	    ++
+	    (pkgs.lib.optional localCfg.enableHttps localCfg.httpsPort) 
+	  ) vhosts)
+	  ++
+	  (pkgs.lib.optional cfg.enableSSL cfg.httpsPort)
+	  ++
+	  [cfg.httpPort];
+	};
+	in concatMapStrings (port: "Listen ${toString port}\n") ports
+    }

    User ${cfg.user}
    Group ${cfg.group}
@ -318,14 +331,23 @@ let
    ${perServerConf true cfg}
    
    # Always enable virtual hosts; it doesn't seem to hurt.
-    NameVirtualHost *:*
+    NameVirtualHost *:${toString cfg.httpPort}

    ${let
-        makeVirtualHost = cfg: ''
-          <VirtualHost *:*>
-              ${perServerConf false cfg}
+        makeVirtualHost = localCfg: (if localCfg.enableHttp then ''
+          <VirtualHost *:${toString localCfg.httpPort}>
+              ${perServerConf false localCfg}
          </VirtualHost>
-        '';
+        '' else "") + ( if localCfg.enableHttps then ''
+          <VirtualHost *:${toString localCfg.httpsPort}>
+	      SSLEngine on
+
+              SSLCertificateFile ${sslServerCert}
+              SSLCertificateKeyFile ${sslServerKey}
+
+              ${perServerConf false localCfg}
+          </VirtualHost>
+	'' else "");
      in concatMapStrings makeVirtualHost vhosts}
  '';

--- a/upstart-jobs/apache-httpd/per-server-options.nix
+++ b/upstart-jobs/apache-httpd/per-server-options.nix
@ -29,6 +29,27 @@
    ";
  };

+  httpsPort = mkOption {
+    default = 443;
+    description = "
+      Port for encrypted HTTPS requests.
+    ";
+  };
+
+  enableHttp = mkOption {
+    default = true;
+    description = "
+      Whether to listen on unencrypted HTTP.
+    ";
+  };
+
+  enableHttps = mkOption {
+    default = false;
+    description = "
+      Whether to listen on encrypted HTTPS.
+    ";
+  };
+
  adminAddr = mkOption ({
    example = "admin@example.org";
    description = "