NixOS Wiki

Nginx: Difference between revisions

← Older editNewer edit →
Visual
imported>Makefu
add 20.09 caveat for read-only fs
imported>Ymarkus
Authentication via PAM: Issue #93580 solved
Line 155: Line 155:
   ...
   ...
   virtualHosts."example.com".extraConfig = ''
   virtualHosts."example.com".extraConfig = ''
            auth_pam  "Password Required";
    auth_pam  "Password Required";
            auth_pam_service_name "nginx";
    auth_pam_service_name "nginx";
'';
  '';
};
};
</syntaxhighlight>
</syntaxhighlight>
However, if the password of the user is stored in /etc/shadow, nginx by default will not be able to check the password. Nginx needs to run as root. Running as root will not be needed if issue {{issue|93580}} gets solved. For now, the workaround is:
<syntaxhighlight lang="nix">
services.nginx = {
  user = "root"; # allow access to /etc/shadow
  appendConfig = let cfg = config.services.nginx; in ''user ${cfg.user} ${cfg.group};'';
  ...
};
</syntaxhighlight>


==== TLS reverse proxy ====
==== TLS reverse proxy ====
Retrieved from "https://wiki.nixos.org/wiki/Nginx"