2024-03-04 19:59:16 +05:00
|
|
|
{ config, ... }: {
|
2023-08-17 21:46:39 +05:00
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
recommendedTlsSettings = true;
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
recommendedGzipSettings = true;
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
|
2024-03-16 13:54:41 +05:00
|
|
|
clientMaxBodySize = "512M";
|
|
|
|
|
2023-08-18 18:26:54 +05:00
|
|
|
commonHttpConfig = ''
|
|
|
|
# Add HSTS header with preloading to HTTPS requests.
|
|
|
|
# Adding this header to HTTP requests is discouraged
|
|
|
|
map $scheme $hsts_header {
|
|
|
|
https "max-age=31536000; includeSubdomains; preload";
|
|
|
|
}
|
|
|
|
add_header Strict-Transport-Security $hsts_header;
|
2023-08-22 10:50:50 +05:00
|
|
|
|
2024-03-04 19:59:16 +05:00
|
|
|
# Log 4xx and 5xx errors.
|
|
|
|
map $status $loggable {
|
|
|
|
~^[23] 0;
|
|
|
|
default 1;
|
|
|
|
}
|
|
|
|
access_log /var/log/nginx/access.log combined if=$loggable;
|
2024-05-01 12:51:42 +05:00
|
|
|
|
|
|
|
server_names_hash_bucket_size 128;
|
2024-03-04 19:59:16 +05:00
|
|
|
'';
|
2023-08-17 21:46:39 +05:00
|
|
|
};
|
|
|
|
|
2023-08-18 11:21:14 +05:00
|
|
|
users.users.nginx.extraGroups = [ "acme" ];
|
2023-08-17 21:46:39 +05:00
|
|
|
}
|