Merge pull request #188002 from Izorkin/update-nginx-brotli
This commit is contained in:
commit
9fdbf01835
|
@ -391,6 +391,14 @@
|
||||||
option.
|
option.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
A new option <literal>recommendedBrotliSettings</literal> has
|
||||||
|
been added to <literal>services.nginx</literal>. Learn more
|
||||||
|
about compression in Brotli format
|
||||||
|
<link xlink:href="https://github.com/google/ngx_brotli/blob/master/README.md">here</link>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Resilio sync secret keys can now be provided using a secrets
|
Resilio sync secret keys can now be provided using a secrets
|
||||||
|
|
|
@ -107,6 +107,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- Enabling global redirect in `services.nginx.virtualHosts` now allows one to add exceptions with the `locations` option.
|
- Enabling global redirect in `services.nginx.virtualHosts` now allows one to add exceptions with the `locations` option.
|
||||||
|
|
||||||
|
- A new option `recommendedBrotliSettings` has been added to `services.nginx`. Learn more about compression in Brotli format [here](https://github.com/google/ngx_brotli/blob/master/README.md).
|
||||||
|
|
||||||
- Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store.
|
- Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store.
|
||||||
|
|
||||||
- The `firewall` and `nat` module now has a nftables based implementation. Enable `networking.nftables` to use it.
|
- The `firewall` and `nat` module now has a nftables based implementation. Enable `networking.nftables` to use it.
|
||||||
|
|
|
@ -820,10 +820,10 @@ in
|
||||||
|
|
||||||
services.nginx = lib.mkIf cfg.nginx.enable {
|
services.nginx = lib.mkIf cfg.nginx.enable {
|
||||||
enable = true;
|
enable = true;
|
||||||
additionalModules = [ pkgs.nginxModules.brotli ];
|
|
||||||
|
|
||||||
recommendedTlsSettings = true;
|
recommendedTlsSettings = true;
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
|
recommendedBrotliSettings = true;
|
||||||
recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
|
|
||||||
|
|
|
@ -29,6 +29,43 @@ let
|
||||||
) cfg.virtualHosts;
|
) cfg.virtualHosts;
|
||||||
enableIPv6 = config.networking.enableIPv6;
|
enableIPv6 = config.networking.enableIPv6;
|
||||||
|
|
||||||
|
# Mime.types values are taken from brotli sample configuration - https://github.com/google/ngx_brotli
|
||||||
|
# and Nginx Server Configs - https://github.com/h5bp/server-configs-nginx
|
||||||
|
compressMimeTypes = [
|
||||||
|
"application/atom+xml"
|
||||||
|
"application/geo+json"
|
||||||
|
"application/json"
|
||||||
|
"application/ld+json"
|
||||||
|
"application/manifest+json"
|
||||||
|
"application/rdf+xml"
|
||||||
|
"application/vnd.ms-fontobject"
|
||||||
|
"application/wasm"
|
||||||
|
"application/x-rss+xml"
|
||||||
|
"application/x-web-app-manifest+json"
|
||||||
|
"application/xhtml+xml"
|
||||||
|
"application/xliff+xml"
|
||||||
|
"application/xml"
|
||||||
|
"font/collection"
|
||||||
|
"font/otf"
|
||||||
|
"font/ttf"
|
||||||
|
"image/bmp"
|
||||||
|
"image/svg+xml"
|
||||||
|
"image/vnd.microsoft.icon"
|
||||||
|
"text/cache-manifest"
|
||||||
|
"text/calendar"
|
||||||
|
"text/css"
|
||||||
|
"text/csv"
|
||||||
|
"text/html"
|
||||||
|
"text/javascript"
|
||||||
|
"text/markdown"
|
||||||
|
"text/plain"
|
||||||
|
"text/vcard"
|
||||||
|
"text/vnd.rim.location.xloc"
|
||||||
|
"text/vtt"
|
||||||
|
"text/x-component"
|
||||||
|
"text/xml"
|
||||||
|
];
|
||||||
|
|
||||||
defaultFastcgiParams = {
|
defaultFastcgiParams = {
|
||||||
SCRIPT_FILENAME = "$document_root$fastcgi_script_name";
|
SCRIPT_FILENAME = "$document_root$fastcgi_script_name";
|
||||||
QUERY_STRING = "$query_string";
|
QUERY_STRING = "$query_string";
|
||||||
|
@ -140,6 +177,16 @@ let
|
||||||
ssl_stapling_verify on;
|
ssl_stapling_verify on;
|
||||||
''}
|
''}
|
||||||
|
|
||||||
|
${optionalString (cfg.recommendedBrotliSettings) ''
|
||||||
|
brotli on;
|
||||||
|
brotli_static on;
|
||||||
|
brotli_comp_level 5;
|
||||||
|
brotli_window 512k;
|
||||||
|
brotli_min_length 256;
|
||||||
|
brotli_types ${lib.concatStringsSep " " compressMimeTypes};
|
||||||
|
brotli_buffers 32 8k;
|
||||||
|
''}
|
||||||
|
|
||||||
${optionalString (cfg.recommendedGzipSettings) ''
|
${optionalString (cfg.recommendedGzipSettings) ''
|
||||||
gzip on;
|
gzip on;
|
||||||
gzip_proxied any;
|
gzip_proxied any;
|
||||||
|
@ -456,6 +503,16 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
recommendedBrotliSettings = mkOption {
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Enable recommended brotli settings. Learn more about compression in Brotli format [here](https://github.com/google/ngx_brotli/blob/master/README.md).
|
||||||
|
|
||||||
|
This adds `pkgs.nginxModules.brotli` to `services.nginx.additionalModules`.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
recommendedGzipSettings = mkOption {
|
recommendedGzipSettings = mkOption {
|
||||||
default = false;
|
default = false;
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
|
@ -537,11 +594,10 @@ in
|
||||||
additionalModules = mkOption {
|
additionalModules = mkOption {
|
||||||
default = [];
|
default = [];
|
||||||
type = types.listOf (types.attrsOf types.anything);
|
type = types.listOf (types.attrsOf types.anything);
|
||||||
example = literalExpression "[ pkgs.nginxModules.brotli ]";
|
example = literalExpression "[ pkgs.nginxModules.echo ]";
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Additional [third-party nginx modules](https://www.nginx.com/resources/wiki/modules/)
|
Additional [third-party nginx modules](https://www.nginx.com/resources/wiki/modules/)
|
||||||
to install. Packaged modules are available in
|
to install. Packaged modules are available in `pkgs.nginxModules`.
|
||||||
`pkgs.nginxModules`.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -999,6 +1055,8 @@ in
|
||||||
groups = config.users.groups;
|
groups = config.users.groups;
|
||||||
}) dependentCertNames;
|
}) dependentCertNames;
|
||||||
|
|
||||||
|
services.nginx.additionalModules = optional cfg.recommendedBrotliSettings pkgs.nginxModules.brotli;
|
||||||
|
|
||||||
systemd.services.nginx = {
|
systemd.services.nginx = {
|
||||||
description = "Nginx Web Server";
|
description = "Nginx Web Server";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
|
@ -102,15 +102,15 @@ let self = {
|
||||||
|
|
||||||
brotli = {
|
brotli = {
|
||||||
name = "brotli";
|
name = "brotli";
|
||||||
src = let gitsrc = fetchFromGitHub {
|
src = let src' = fetchFromGitHub {
|
||||||
name = "brotli";
|
name = "brotli";
|
||||||
owner = "google";
|
owner = "google";
|
||||||
repo = "ngx_brotli";
|
repo = "ngx_brotli";
|
||||||
rev = "25f86f0bac1101b6512135eac5f93c49c63609e3";
|
rev = "6e975bcb015f62e1f303054897783355e2a877dc";
|
||||||
sha256 = "02hfvfa6milj40qc2ikpb9f95sxqvxk4hly3x74kqhysbdi06hhv";
|
sha256 = "sha256-G0IDYlvaQzzJ6cNTSGbfuOuSXFp3RsEwIJLGapTbDgo=";
|
||||||
}; in
|
}; in
|
||||||
runCommand "ngx_brotli-src" { } ''
|
runCommand "brotli" { } ''
|
||||||
cp -a ${gitsrc} $out
|
cp -a ${src'} $out
|
||||||
substituteInPlace $out/filter/config \
|
substituteInPlace $out/filter/config \
|
||||||
--replace '$ngx_addon_dir/deps/brotli/c' ${lib.getDev brotli}
|
--replace '$ngx_addon_dir/deps/brotli/c' ${lib.getDev brotli}
|
||||||
'';
|
'';
|
||||||
|
|
Loading…
Reference in a new issue