Nginx: Difference between revisions

Line 3:

== Replace dependencies like openssl ==

In wake of the 2022 ~~openssl~~ library, ~~nix~~ can support in mitigating the library by downgrading (or replacing) the SSL library. For this, the [[Overlay|overlay]] facility of nixpkgs can be used:

In wake of the 2022 OpenSSL library, Nix can support in mitigating the library by downgrading (or replacing) the SSL library. For this, the [[Overlay|overlay]] facility of nixpkgs can be used:

nixpkgs.overlays = [

Line 12:

</syntaxHighlight>

When utilizing ~~Nixos~~ options the following configuration will also work:

When utilizing NixOS options the following configuration will also work:

services.nginx.package = pkgs.nginxStable.override { openssl = pkgs.libressl; };

Line 19:

== Let's Encrypt certificates ==

The nginx module for NixOS has native support for Let's ~~encrypt~~ certificates; {{nixos:option|services.nginx.+acme}}. The {{manual:nixos|sec=#module-security-acme-nginx|chapter=Chapter 20. SSL/TLS Certificates with ACME}} explains it in detail.

The nginx module for NixOS has native support for Let's Encrypt certificates; {{nixos:option|services.nginx.+acme}}. The {{manual:nixos|sec=#module-security-acme-nginx|chapter=Chapter 20. SSL/TLS Certificates with ACME}} explains it in detail.

=== Minimal Example ===

Assuming that <code>myhost.org</code> resolves to the ip address of your host and port 80 and 443 has been opened.

Assuming that <code>myhost.org</code> resolves to the IP address of your host and port 80 and 443 has been opened.

services.nginx.enable = true;

Line 70:

==== General ====

Nginx is run as ~~SystemD~~ service nginx, so <code>systemctl status nginx</code> may say something useful. If you have a problem with configuration, you can find the configuration location in the <code>systemctl status</code>, it should be at <code>/nix/store/*-nginx.conf</code>.

Nginx is run as the systemd service nginx, so <code>systemctl status nginx</code> may say something useful. If you have a problem with configuration, you can find the configuration location in the <code>systemctl status</code>, it should be at <code>/nix/store/*-nginx.conf</code>.

== Sample setups ==

@@ Line 3: / Line 3: @@
 == Replace dependencies like openssl ==
-In wake of the 2022 openssl library, nix can support in mitigating the library by downgrading (or replacing) the SSL library. For this, the [[Overlay|overlay]] facility of nixpkgs can be used:
+In wake of the 2022 OpenSSL library, Nix can support in mitigating the library by downgrading (or replacing) the SSL library. For this, the [[Overlay|overlay]] facility of nixpkgs can be used:
 <syntaxHighlight lang=nix>
 nixpkgs.overlays = [
@@ Line 12: / Line 12: @@
 </syntaxHighlight>
-When utilizing Nixos options the following configuration will also work:
+When utilizing NixOS options the following configuration will also work:
 <syntaxHighlight lang=nix>
 services.nginx.package = pkgs.nginxStable.override { openssl = pkgs.libressl; };
@@ Line 19: / Line 19: @@
 == Let's Encrypt certificates ==
-The nginx module for NixOS has native support for Let's encrypt certificates;  {{nixos:option|services.nginx.+acme}}. The {{manual:nixos|sec=#module-security-acme-nginx|chapter=Chapter 20. SSL/TLS Certificates with ACME}} explains it in detail.
+The nginx module for NixOS has native support for Let's Encrypt certificates;  {{nixos:option|services.nginx.+acme}}. The {{manual:nixos|sec=#module-security-acme-nginx|chapter=Chapter 20. SSL/TLS Certificates with ACME}} explains it in detail.
 === Minimal Example ===
-Assuming that <code>myhost.org</code> resolves to the ip address of your host and port 80 and 443 has been opened.
+Assuming that <code>myhost.org</code> resolves to the IP address of your host and port 80 and 443 has been opened.
 <syntaxHighlight lang=nix>
 services.nginx.enable = true;
@@ Line 70: / Line 70: @@
 ==== General ====
-Nginx is run as SystemD service nginx, so <code>systemctl status nginx</code> may say something useful. If you have a problem with configuration, you can find the configuration location in the <code>systemctl status</code>, it should be at <code>/nix/store/*-nginx.conf</code>.
+Nginx is run as the systemd service nginx, so <code>systemctl status nginx</code> may say something useful. If you have a problem with configuration, you can find the configuration location in the <code>systemctl status</code>, it should be at <code>/nix/store/*-nginx.conf</code>.
 == Sample setups ==