From afa97cb981c5de4cb68631b911e1de32aa83dcf7 Mon Sep 17 00:00:00 2001
From: Niklas Hambüchen <mail@nh2.me>
Date: Tue, 19 Dec 2017 19:53:02 +0100
Subject: nginx service: Make http2 an option.

HTTP 2 can break some things, for example due to this Chrome bug:

  https://bugs.chromium.org/p/chromium/issues/detail?id=796199

So the service hardcoding it to be enabled is not helpful.

This commit adds an option so you can turn it off.
---
 nixos/modules/services/web-servers/nginx/default.nix       |  3 ++-
 nixos/modules/services/web-servers/nginx/vhost-options.nix | 14 ++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

(limited to 'nixos')

diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index 97511aac97374..b4a075ce0ae07 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -167,7 +167,8 @@ let
 
         listenString = { addr, port, ssl, ... }:
           "listen ${addr}:${toString port} "
-          + optionalString ssl "ssl http2 "
+          + optionalString ssl "ssl "
+          + optionalString vhost.http2 "http2 "
           + optionalString vhost.default "default_server "
           + ";";
 
diff --git a/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixos/modules/services/web-servers/nginx/vhost-options.nix
index 801601aafd9d6..29f08cc4f307e 100644
--- a/nixos/modules/services/web-servers/nginx/vhost-options.nix
+++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix
@@ -114,6 +114,20 @@ with lib;
       description = "Path to server SSL certificate key.";
     };
 
+    http2 = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        Whether to enable HTTP 2.
+        Note that (as of writing) due to nginx's implementation, to disable
+        HTTP 2 you have to disable it on all vhosts that use a given
+        IP address / port.
+        If there is one server block configured to enable http2,then it is
+        enabled for all server blocks on this IP.
+        See https://stackoverflow.com/a/39466948/263061.
+      '';
+    };
+
     root = mkOption {
       type = types.nullOr types.path;
       default = null;
-- 
cgit 1.4.1