diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index a22ef10..4f2cffd 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -14,7 +14,15 @@ let php = pkgs.php.override { apacheHttpd = httpd; }; - getPort = cfg: if cfg.port != 0 then cfg.port else if cfg.enableSSL then 443 else 80; + defaultListen = cfg: if cfg.enableSSL + then [{ip = "*"; port = 443;}] + else [{ip = "*:"; port = 80;}]; + + getListen = cfg: if cfg.listen == [] + then defaultListen cfg + else cfg.listen; + + listenToString = l: "${l.ip}:${toString l.port}"; extraModules = attrByPath ["extraModules"] [] mainCfg; extraForeignModules = filter isAttrs extraModules; @@ -23,10 +31,13 @@ let makeServerInfo = cfg: { # Canonical name must not include a trailing slash. - canonicalName = - (if cfg.enableSSL then "https" else "http") + "://" + - cfg.hostName + - (if getPort cfg != (if cfg.enableSSL then 443 else 80) then ":${toString (getPort cfg)}" else ""); + canonicalNames = + let defaultPort = (head (defaultListen cfg)).port; in + map (port: + (if cfg.enableSSL then "https" else "http") + "://" + + cfg.hostName + + (if port != defaultPort then ":${toString port}" else "") + ) (map (x: x.port) (getListen cfg)); # Admin address: inherit from the main server if not specified for # a virtual host. @@ -218,7 +229,7 @@ let ''; in '' - ServerName ${serverInfo.canonicalName} + ${concatStringsSep "\n" (map (n: "ServerName ${n}") serverInfo.canonicalNames)} ${concatMapStrings (alias: "ServerAlias ${alias}\n") cfg.serverAliases} @@ -315,9 +326,9 @@ let ${let - ports = map getPort allHosts; - uniquePorts = uniqList {inputList = ports;}; - in concatMapStrings (port: "Listen ${toString port}\n") uniquePorts + listen = concatMap getListen allHosts; + uniqueListen = uniqList {inputList = listen;}; + in concatMapStrings (listen: "Listen ${listenToString listen}\n") uniqueListen } User ${mainCfg.user} @@ -370,15 +381,15 @@ let # Always enable virtual hosts; it doesn't seem to hurt. ${let - ports = map getPort allHosts; - uniquePorts = uniqList {inputList = ports;}; - directives = concatMapStrings (port: "NameVirtualHost *:${toString port}\n") uniquePorts; + listen = concatMap getListen allHosts; + uniqueListen = uniqList {inputList = listen;}; + directives = concatMapStrings (listen: "NameVirtualHost ${listenToString listen}\n") uniqueListen; in optionalString (!version24) directives } ${let makeVirtualHost = vhost: '' - + ${perServerConf false vhost} ''; diff --git a/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix b/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix index 53f34e2..35a225b 100644 --- a/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix +++ b/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix @@ -24,6 +24,7 @@ with pkgs.lib; ''; }; + /* port = mkOption { type = types.int; default = 0; @@ -32,6 +33,31 @@ with pkgs.lib; and 443 for https (i.e. when enableSSL is set). ''; }; + */ + + listen = mkOption { + type = types.listOf (types.submodule ( + { + options = { + port = mkOption { + type = types.int; + description = "port to listen on"; + }; + ip = mkOption { + type = types.string; + default = "*"; + description = "Ip to listen on. 0.0.0.0 for ipv4 only, * for all."; + }; + }; + } )); + + default = []; + description = '' + ["*:80"] means listen on all ip addresses. + ["127.0.0.1:8080"] means listen on localhost only + [] means default port, thus "*:80" for http and "*:443" for https + ''; + }; enableSSL = mkOption { type = types.bool;