Official NixOS Wiki

Nginx: Difference between revisions

← Older editNewer edit →
imported>Nathan-gs
VisualWikitext
imported>Jtbx
m Fix capitalisation
imported>Nathan-gs
NGINX: PAM auth, no longer needed to disable hardening features
Line 152: Line 152:
   systemd.services.nginx.serviceConfig = {
   systemd.services.nginx.serviceConfig = {
     SupplementaryGroups = [ "shadow" ];
     SupplementaryGroups = [ "shadow" ];
    NoNewPrivileges = lib.mkForce false;
    PrivateDevices = lib.mkForce false;
    ProtectHostname = lib.mkForce false;
    ProtectKernelTunables = lib.mkForce false;
    ProtectKernelModules = lib.mkForce false;
    RestrictAddressFamilies = lib.mkForce [ ];
    LockPersonality = lib.mkForce false;
    MemoryDenyWriteExecute = lib.mkForce false;
    RestrictRealtime = lib.mkForce false;
    RestrictSUIDSGID = lib.mkForce false;
    SystemCallArchitectures = lib.mkForce "";
    ProtectClock = lib.mkForce false;
    ProtectKernelLogs = lib.mkForce false;
    RestrictNamespaces = lib.mkForce false;
    SystemCallFilter = lib.mkForce "";
   };
   };


Retrieved from "https://wiki.nixos.org/wiki/Nginx"