Loading nixos/modules/services/web-servers/nginx/default.nix +15 −17 Original line number Diff line number Diff line Loading @@ -261,23 +261,6 @@ let ${proxyCachePathConfig} ${optionalString cfg.statusPage '' server { listen ${toString cfg.defaultHTTPListenPort}; ${optionalString enableIPv6 "listen [::]:${toString cfg.defaultHTTPListenPort};" } server_name localhost; location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; ${optionalString enableIPv6 "allow ::1;"} deny all; } } ''} ${vhosts} ${cfg.appendHttpConfig} Loading Loading @@ -1177,6 +1160,21 @@ in services.nginx.additionalModules = optional cfg.recommendedBrotliSettings pkgs.nginxModules.brotli ++ lib.optional cfg.recommendedZstdSettings pkgs.nginxModules.zstd; services.nginx.virtualHosts.localhost = mkIf cfg.statusPage { listenAddresses = lib.mkDefault ([ "0.0.0.0" ] ++ lib.optional enableIPv6 "[::]"); locations."/nginx_status" = { extraConfig = '' stub_status on; access_log off; allow 127.0.0.1; ${optionalString enableIPv6 "allow ::1;"} deny all; ''; }; }; systemd.services.nginx = { description = "Nginx Web Server"; wantedBy = [ "multi-user.target" ]; Loading nixos/tests/all-tests.nix +2 −1 Original line number Diff line number Diff line Loading @@ -535,11 +535,12 @@ in { nginx-http3 = handleTest ./nginx-http3.nix {}; nginx-modsecurity = handleTest ./nginx-modsecurity.nix {}; nginx-njs = handleTest ./nginx-njs.nix {}; nginx-proxyprotocol = handleTest ./nginx-proxyprotocol {}; nginx-pubhtml = handleTest ./nginx-pubhtml.nix {}; nginx-sandbox = handleTestOn ["x86_64-linux"] ./nginx-sandbox.nix {}; nginx-sso = handleTest ./nginx-sso.nix {}; nginx-status-page = handleTest ./nginx-status-page.nix {}; nginx-variants = handleTest ./nginx-variants.nix {}; nginx-proxyprotocol = handleTest ./nginx-proxyprotocol {}; nifi = handleTestOn ["x86_64-linux"] ./web-apps/nifi.nix {}; nitter = handleTest ./nitter.nix {}; nix-ld = handleTest ./nix-ld.nix {}; Loading nixos/tests/nginx-status-page.nix 0 → 100644 +72 −0 Original line number Diff line number Diff line import ./make-test-python.nix ({ pkgs, ... }: { name = "nginx-status-page"; meta = with pkgs.lib.maintainers; { maintainers = [ h7x4 ]; }; nodes = { webserver = { ... }: { virtualisation.vlans = [ 1 ]; networking = { useNetworkd = true; useDHCP = false; firewall.enable = false; }; systemd.network.networks."01-eth1" = { name = "eth1"; networkConfig.Address = "10.0.0.1/24"; }; services.nginx = { enable = true; statusPage = true; virtualHosts."localhost".locations."/index.html".return = "200 'hello world\n'"; }; environment.systemPackages = with pkgs; [ curl ]; }; client = { ... }: { virtualisation.vlans = [ 1 ]; networking = { useNetworkd = true; useDHCP = false; firewall.enable = false; }; systemd.network.networks."01-eth1" = { name = "eth1"; networkConfig.Address = "10.0.0.2/24"; }; environment.systemPackages = with pkgs; [ curl ]; }; }; testScript = { nodes, ... }: '' start_all() webserver.wait_for_unit("nginx") webserver.wait_for_open_port(80) def expect_http_code(node, code, url): http_code = node.succeed(f"curl -w '%{{http_code}}' '{url}'") assert http_code.split("\n")[-1].strip() == code, \ f"expected {code} but got following response:\n{http_code}" with subtest("localhost can access status page"): expect_http_code(webserver, "200", "http://localhost/nginx_status") with subtest("localhost can access other page"): expect_http_code(webserver, "200", "http://localhost/index.html") with subtest("client can not access status page"): expect_http_code(client, "403", "http://10.0.0.1/nginx_status") with subtest("client can access other page"): expect_http_code(client, "200", "http://10.0.0.1/index.html") ''; }) pkgs/servers/http/nginx/generic.nix +1 −1 Original line number Diff line number Diff line Loading @@ -178,7 +178,7 @@ stdenv.mkDerivation { passthru = { inherit modules; tests = { inherit (nixosTests) nginx nginx-auth nginx-etag nginx-globalredirect nginx-http3 nginx-pubhtml nginx-sandbox nginx-sso nginx-proxyprotocol; inherit (nixosTests) nginx nginx-auth nginx-etag nginx-globalredirect nginx-http3 nginx-proxyprotocol nginx-pubhtml nginx-sandbox nginx-sso nginx-status-page; variants = lib.recurseIntoAttrs nixosTests.nginx-variants; acme-integration = nixosTests.acme; } // passthru.tests; Loading Loading
nixos/modules/services/web-servers/nginx/default.nix +15 −17 Original line number Diff line number Diff line Loading @@ -261,23 +261,6 @@ let ${proxyCachePathConfig} ${optionalString cfg.statusPage '' server { listen ${toString cfg.defaultHTTPListenPort}; ${optionalString enableIPv6 "listen [::]:${toString cfg.defaultHTTPListenPort};" } server_name localhost; location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; ${optionalString enableIPv6 "allow ::1;"} deny all; } } ''} ${vhosts} ${cfg.appendHttpConfig} Loading Loading @@ -1177,6 +1160,21 @@ in services.nginx.additionalModules = optional cfg.recommendedBrotliSettings pkgs.nginxModules.brotli ++ lib.optional cfg.recommendedZstdSettings pkgs.nginxModules.zstd; services.nginx.virtualHosts.localhost = mkIf cfg.statusPage { listenAddresses = lib.mkDefault ([ "0.0.0.0" ] ++ lib.optional enableIPv6 "[::]"); locations."/nginx_status" = { extraConfig = '' stub_status on; access_log off; allow 127.0.0.1; ${optionalString enableIPv6 "allow ::1;"} deny all; ''; }; }; systemd.services.nginx = { description = "Nginx Web Server"; wantedBy = [ "multi-user.target" ]; Loading
nixos/tests/all-tests.nix +2 −1 Original line number Diff line number Diff line Loading @@ -535,11 +535,12 @@ in { nginx-http3 = handleTest ./nginx-http3.nix {}; nginx-modsecurity = handleTest ./nginx-modsecurity.nix {}; nginx-njs = handleTest ./nginx-njs.nix {}; nginx-proxyprotocol = handleTest ./nginx-proxyprotocol {}; nginx-pubhtml = handleTest ./nginx-pubhtml.nix {}; nginx-sandbox = handleTestOn ["x86_64-linux"] ./nginx-sandbox.nix {}; nginx-sso = handleTest ./nginx-sso.nix {}; nginx-status-page = handleTest ./nginx-status-page.nix {}; nginx-variants = handleTest ./nginx-variants.nix {}; nginx-proxyprotocol = handleTest ./nginx-proxyprotocol {}; nifi = handleTestOn ["x86_64-linux"] ./web-apps/nifi.nix {}; nitter = handleTest ./nitter.nix {}; nix-ld = handleTest ./nix-ld.nix {}; Loading
nixos/tests/nginx-status-page.nix 0 → 100644 +72 −0 Original line number Diff line number Diff line import ./make-test-python.nix ({ pkgs, ... }: { name = "nginx-status-page"; meta = with pkgs.lib.maintainers; { maintainers = [ h7x4 ]; }; nodes = { webserver = { ... }: { virtualisation.vlans = [ 1 ]; networking = { useNetworkd = true; useDHCP = false; firewall.enable = false; }; systemd.network.networks."01-eth1" = { name = "eth1"; networkConfig.Address = "10.0.0.1/24"; }; services.nginx = { enable = true; statusPage = true; virtualHosts."localhost".locations."/index.html".return = "200 'hello world\n'"; }; environment.systemPackages = with pkgs; [ curl ]; }; client = { ... }: { virtualisation.vlans = [ 1 ]; networking = { useNetworkd = true; useDHCP = false; firewall.enable = false; }; systemd.network.networks."01-eth1" = { name = "eth1"; networkConfig.Address = "10.0.0.2/24"; }; environment.systemPackages = with pkgs; [ curl ]; }; }; testScript = { nodes, ... }: '' start_all() webserver.wait_for_unit("nginx") webserver.wait_for_open_port(80) def expect_http_code(node, code, url): http_code = node.succeed(f"curl -w '%{{http_code}}' '{url}'") assert http_code.split("\n")[-1].strip() == code, \ f"expected {code} but got following response:\n{http_code}" with subtest("localhost can access status page"): expect_http_code(webserver, "200", "http://localhost/nginx_status") with subtest("localhost can access other page"): expect_http_code(webserver, "200", "http://localhost/index.html") with subtest("client can not access status page"): expect_http_code(client, "403", "http://10.0.0.1/nginx_status") with subtest("client can access other page"): expect_http_code(client, "200", "http://10.0.0.1/index.html") ''; })
pkgs/servers/http/nginx/generic.nix +1 −1 Original line number Diff line number Diff line Loading @@ -178,7 +178,7 @@ stdenv.mkDerivation { passthru = { inherit modules; tests = { inherit (nixosTests) nginx nginx-auth nginx-etag nginx-globalredirect nginx-http3 nginx-pubhtml nginx-sandbox nginx-sso nginx-proxyprotocol; inherit (nixosTests) nginx nginx-auth nginx-etag nginx-globalredirect nginx-http3 nginx-proxyprotocol nginx-pubhtml nginx-sandbox nginx-sso nginx-status-page; variants = lib.recurseIntoAttrs nixosTests.nginx-variants; acme-integration = nixosTests.acme; } // passthru.tests; Loading
