mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-09-11 15:08:33 +01:00
Code Issues Wiki Activity
nixpkgs/pkgs/servers
History
Raito Bezarius 69bb0f94de nixos/nginx: first-class PROXY protocol support 
PROXY protocol is a convenient way to carry information about the
originating address/port of a TCP connection across multiple layers of
proxies/NAT, etc.

Currently, it is possible to make use of it in NGINX's NixOS module, but
is painful when we want to enable it "globally".
Technically, this is achieved by reworking the defaultListen options and
the objective is to have a coherent way to specify default listeners in
the current API design.
See `mkDefaultListenVhost` and `defaultListen` for the details.

It adds a safeguard against running a NGINX with no HTTP listeners (e.g.
only PROXY listeners) while asking for ACME certificates over HTTP-01.

An interesting usecase of PROXY protocol is to enable seamless IPv4 to
IPv6 proxy with origin IPv4 address for IPv6-only NGINX servers, it is
demonstrated how to achieve this in the tests, using sniproxy.

Finally, the tests covers:

- NGINX `defaultListen` mechanisms are not broken by these changes;
- NGINX PROXY protocol listeners are working in a final usecase
  (sniproxy);
- uses snakeoil TLS certs from ACME setup with wildcard certificates;

In the future, it is desirable to spoof-attack NGINX in this scenario to
ascertain that `set_real_ip_from` and all the layers are working as
intended and preventing any user from setting their origin IP address to
any arbitrary, opening up the NixOS module to bad™ vulnerabilities.

For now, it is quite hard to achieve while being minimalistic about the
tests dependencies.
2023-05-26 19:48:26 +02:00
..
adguardhome adguardhome: 0.107.28 -> 0.107.29 2023-04-18 22:36:24 +02:00
adminer
aeron
akkoma beam/mixRelease: default stripDebug to false due frequent runtime errors (#232107) 2023-05-16 10:50:34 +02:00
alice-lg alice-lg: init at 6.0.0 2023-05-10 20:47:39 +02:00
allmark
alps
althttpd
amqp
ankisyncd ankisyncd: use bundled anki version 2023-04-05 19:58:50 +09:00
apache-kafka
apcupsd
ariang ariang: 1.3.5 -> 1.3.6 2023-05-20 06:16:53 +00:00
asouldocs
asterisk asterisk: drop pjsip 2.12 and patches, no longer used 2023-04-23 15:58:39 +02:00
atlassian
audiobookshelf audiobookshelf: 2.2.18 -> 2.2.20 2023-05-10 11:44:11 +01:00
authelia
baserow
bazarr bazarr: 1.2.0 -> 1.2.1 2023-05-09 09:10:29 +02:00
beanstalkd beanstalkd: 1.12 -> 1.13 2023-05-02 04:02:55 +00:00
bindle
binserve
bird bird: 2.0.12 -> 2.13 2023-04-23 17:44:48 +02:00
bird-lg bird-lg: Pass version and meta 2023-04-25 12:00:44 +02:00
birdwatcher birdwatcher: init at 2.2.4 2023-05-15 02:52:06 +02:00
bloat
blockbook
brickd
caddy maintainers: rename indeednotjames to emilylange 2023-05-21 16:01:35 +02:00
calibre-web treewide/servers: use top-level fetchPypi 2023-05-25 12:06:38 -04:00
cayley
chatgpt-retrieval-plugin chatgpt-retrieval-plugin: relax fastapi constraint 2023-05-05 11:16:33 -04:00
clickhouse clickhouse: build rust parts 2023-05-19 06:29:08 -04:00
code-server code-server: 4.8.3 -> 4.12.0 2023-04-26 20:06:38 +02:00
computing slurm: 23.02.1.1 -> 23.02.2.1 2023-05-10 14:04:23 +02:00
confluencepot
confluent-platform
consul
corosync
coturn
dante dante: disable getaddrinfo() checks if cross 2023-04-22 16:16:02 +03:00
dcnnt
demoit
dendrite
dex dex-oidc: 2.35.3 -> 2.36.0 2023-04-02 08:59:20 +00:00
dgraph
dico
dict
diod
dns Merge pull request #233854 from chkno/hook-spelling 2023-05-24 23:40:57 +03:00
documize-community
domoticz
duckling-proxy
echoip
elasticmq-server-bin
endlessh
endlessh-go
eris-go
etcd etcd_3_5: 3.5.7 -> 3.5.9 2023-05-24 07:25:31 +10:00
etebase
exhibitor
fastnetmon-advanced fastnetmon-advanced: add install checks 2023-05-02 15:34:30 +02:00
fcgiwrap
fedigroups fedigroups: 0.4.4 -> 0.4.5 2023-04-11 15:24:15 +02:00
felix
fiche
fileshare
filtron
firebird
fishnet
foundationdb foundationdb71: 7.1.26 -> 7.1.30 2023-04-26 16:35:10 +03:00
freeradius
frr frr: 8.5 -> 8.5.1 2023-04-28 14:42:49 +00:00
ftp
gemini stargazer: enable on darwin 2023-05-21 10:58:16 +04:00
geospatial martin: 0.8.2 -> 0.8.3 2023-05-26 06:37:57 +00:00
gerbera
gnss-share
go-autoconfig
go-cqhttp go-cqhttp: 1.0.0-rc5 -> 1.0.1 2023-04-15 16:28:32 +08:00
go-libp2p-daemon
gobetween
gonic nixos/gonic: init 2023-05-07 22:43:23 +02:00
gopher/gofish
gortr gortr: fix version, fix license 2023-04-29 21:51:31 -04:00
gotify
gotty
gpm pkgs: fix typos 2023-05-19 22:31:04 -04:00
gpsd gpsd: 3.24 -> 3.25 2023-04-16 23:43:00 +02:00
grocy grocy: mark as broken 2023-05-16 19:13:00 +02:00
h2
hashi-ui
haste-server haste-server: use node 18 to fix eol 2023-05-07 13:21:23 +02:00
hasura
hbase hbase: 2.4.16 -> 2.4.17, 2.5.3 -> 2.5.4 2023-05-22 05:06:32 +05:30
headphones
headscale headscale: add nixos test to passthru.tests 2023-05-21 01:41:14 -03:00
heisenbridge heisenbridge: 1.13.1 -> 1.14.2 2023-03-31 16:54:37 +02:00
hitch
hockeypuck
holochain-go
home-assistant treewide/servers: use top-level fetchPypi 2023-05-25 12:06:38 -04:00
home-automation/evcc evcc: 0.117.2 -> 0.117.4 2023-05-18 13:48:03 +02:00
honk
hqplayerd
http nixos/nginx: first-class PROXY protocol support 2023-05-26 19:48:26 +02:00
hydron
hylafaxplus
icecast
icecream
icingaweb2 icingaweb2-ipl: 0.11.1 -> 0.12.0 2023-05-20 23:25:25 +00:00
identd
imaginary
imgproxy imgproxy: 3.16.1 -> 3.17.0 2023-05-13 05:53:05 +00:00
interlock
invidious invidious: unstable-2023-04-30 -> unstable-2023-05-08 2023-05-09 08:47:24 +02:00
irc inspircdMinimal: 3.15.0 -> 3.16.0 2023-05-02 11:22:59 +02:00
irker
irrd irrd: init at 4.2.6 (#210565) 2023-04-26 14:52:31 +02:00
isso isso: 0.12.6.2 -> 0.13.0 2023-05-22 20:42:38 +02:00
jackett jackett: 0.21.17 -> 0.21.34 2023-05-26 02:32:55 +00:00
janus-gateway janus-gateway: 1.1.3 -> 1.1.4 2023-05-25 06:24:50 +00:00
jellyfin jellyfin-web: use buildNpmPackage 2023-05-07 10:40:00 +02:00
jellyseerr
jetbrains
jibri dpkg: add setup-hook for unpacking .deb files 2023-05-08 21:59:21 -07:00
jicofo
jitsi-videobridge
kanidm
kapowbang
keycloak Merge pull request #229344 from ngerstle/keycloak-update 2023-05-15 17:23:25 +02:00
klipper klipper: install klippy to $out/bin 2023-05-14 12:56:38 -04:00
komga
krill
kubemq-community
kwakd
ldap _389-ds-base: 2.3.1 -> 2.4.1 2023-05-26 13:31:03 +03:00
libreddit
lidarr lidarr: 1.0.2.2592 -> 1.1.4.3027 2023-04-23 08:23:51 +00:00
limesurvey limesurvey: mark as broken 2023-05-16 19:18:22 +02:00
livepeer
ma1sd
maddy
mail treewide: make fetchPypi more explicit 2023-05-25 21:37:59 +03:00
mastodon mastodon: 4.1.1 -> 4.1.2 2023-04-05 11:41:13 +02:00
matrix-appservice-discord
matrix-conduit
matrix-corporal
matrix-hebbot
matrix-synapse Merge pull request #228553 from chvp/bump-hookshot 2023-05-25 22:04:45 +02:00
matterbridge matterbridge: 1.25.2 -> 1.26.0 2023-04-26 11:00:27 +00:00
mattermost mattermost: 7.8.4 -> 7.8.5 2023-05-22 22:49:26 +02:00
mautrix-facebook
mautrix-googlechat
mautrix-signal
mautrix-telegram treewide/servers: use top-level fetchPypi 2023-05-25 12:06:38 -04:00
mautrix-whatsapp mautrix-whatsapp: 0.8.4 -> 0.8.5 2023-05-16 19:45:47 +02:00
mbusd
mediamtx mediamtx: fix version 2023-05-23 00:19:41 +03:00
memcached
memos memos: 0.12.2 -> 0.13.0 2023-05-25 12:32:02 +08:00
mesos-dns
metabase metabase: 0.46.1 -> 0.46.2 2023-05-07 15:22:45 +00:00
meteor
microbin
microserver
miniflux miniflux: 2.0.43 -> 2.0.44 2023-05-14 01:44:32 +00:00
minio minio: 2023-05-04T21-44-30Z -> 2023-05-18T00-05-36Z 2023-05-23 20:31:58 +00:00
mir mir: Pull patch to fix evdev device misses 2023-05-15 22:40:29 +02:00
mirrorbits
misc Merge pull request #233337 from figsoda/starcharts 2023-05-22 20:25:34 -06:00
mjolnir mjolnir: 1.5.0 -> 1.6.4, build with mkYarnPackage 2023-05-15 18:40:55 +08:00
mlflow-server mlflow-server: fix build 2023-05-04 20:45:18 +10:00
monitoring treewide/servers: use top-level fetchPypi 2023-05-25 12:06:38 -04:00
moonraker
mpd mpd: 0.23.12 -> 0.23.13 2023-05-22 22:39:08 +02:00
mqtt nanomq: 0.16.3 -> 0.18.2 2023-05-20 18:12:48 +01:00
mtprotoproxy mtprotoproxy: 1.1.0 -> 1.1.1 2023-04-27 13:29:51 -03:00
mx-puppet-discord nodejs*: normalise names to better fit other packages 2023-04-25 11:28:17 +02:00
mxisd
mycorrhiza mycorrhiza: 1.13.0 -> 1.14.0 2023-04-25 04:12:33 +00:00
nas nas: change self to finalAttrs 2023-04-20 22:22:23 -03:00
nats-server nats-server: 2.9.15 -> 2.9.16 2023-04-26 06:01:46 +00:00
nats-streaming-server nats-streaming-server: 0.24.6 -> 0.25.4 2023-04-23 13:01:56 +00:00
neard treewide: Reduce jtojnar maintainership 2023-05-20 16:40:17 +02:00
networkaudiod
networking/exabgp exabgp: add raitobezarius as a maintainer 2023-05-22 14:52:32 +02:00
news/leafnode
nextcloud nextcloud-notify_push: 0.6.2 -> 0.6.3 2023-05-18 01:29:50 -07:00
nfd
nfs-ganesha nfs-ganesha: 5.0 -> 5.1 2023-05-03 17:39:17 +02:00
nginx-sso
nitter nitter: unstable-2023-03-28 -> unstable-2023-04-21 2023-04-26 08:49:40 +02:00
nominatim
nosql ferretdb: 1.2.0 -> 1.2.1 (#233950) 2023-05-25 11:39:29 +02:00
nostr-rs-relay nostr-rs-relay: init at 0.8.9 2023-05-08 01:14:09 +02:00
nsq
nzbhydra2
oauth2-proxy
olaris
ombi ombi: 4.35.10 -> 4.39.1 2023-05-19 04:40:15 +00:00
onlyoffice-documentserver tree-wide: do not depend on buildFHSEnvBubblewrap 2023-04-16 10:15:15 +02:00
openafs/1.8 openafs: Patch for Linux kernel 6.3 (#228217) 2023-04-26 23:26:58 -04:00
openbgpd
openvscode-server openvscode-server: 1.78.1 -> 1.78.2 2023-05-26 08:15:30 +02:00
osmocom libosmoabis, libosmo-{netif,sccp}: add markuskowa to maintainers 2023-05-15 15:07:20 +02:00
osrm-backend osrm-backend: Fix build on darwin. 2023-04-12 20:05:05 +05:30
owncast
oxigraph oxigraph: 0.3.14 -> 0.3.16 2023-05-06 09:27:55 +00:00
p910nd
peertube Merge pull request #218599 from Izorkin/update-peertube 2023-05-09 14:37:44 +02:00
persistent-evdev
photoprism
pies
pim6sd
pinnwand treewide/servers: use top-level fetchPypi 2023-05-25 12:06:38 -04:00
piping-server-rust
pleroma beam/mixRelease: default stripDebug to false due frequent runtime errors (#232107) 2023-05-16 10:50:34 +02:00
plex plex: 1.32.0.6973-a787c5a8e -> 1.32.1.6999-91e1e2e2c 2023-05-09 20:30:03 +02:00
plik
pocketbase pocketbase: 0.15.2 -> 0.15.3 2023-05-05 05:48:26 +00:00
polaris nodejs*: normalise names to better fit other packages 2023-04-25 11:28:17 +02:00
polipo
portunus
postfixadmin
pounce
pr-tracker
prayer
prowlarr prowlarr: 1.3.2.3006 -> 1.4.1.3258 2023-05-05 16:06:57 +00:00
ps3netsrv
psitransfer psitransfer: 2.0.1 -> 2.1.2 2023-05-06 14:33:43 -06:00
pufferpanel pufferpanel: fix build on i686-linux 2023-05-16 18:34:14 +03:00
pulseaudio
radarr radarr: 4.3.2.6857 -> 4.4.4.7068 2023-04-19 20:34:05 +00:00
radicale
rainloop
readarr
redpanda redpanda: 23.1.7 -> 23.1.10 2023-05-23 20:56:18 +00:00
reproxy
resgate
rippled rippled: mark as insecure 2023-05-26 00:54:15 +03:00
rmfakecloud rmfakecloud: 0.0.12 -> 0.0.13.2 2023-04-24 20:49:58 +02:00
roapi
roon-bridge
roon-server roon-server: 2.0-1259 -> 2.0-1272 2023-05-13 18:40:59 -04:00
roundcube
routinator
rpcbind
rpiplay
rt
rtrtr
rustypaste rustypaste: 0.9.0 -> 0.9.1 2023-05-26 01:51:00 +00:00
sabnzbd
samba samba: 4.17.5 -> 4.17.7 2023-04-11 22:35:02 +02:00
scylladb
seafile-server
search elk7: 7.17.9 -> 7.17.10 2023-05-20 00:33:51 +02:00
ser2net ser2net: 4.3.11 -> 4.3.12 2023-04-21 06:16:16 +00:00
serf
serviio
sftpgo nixos/tests/sftpgo: init 2023-05-25 22:46:15 +02:00
shairplay
shairport-sync shairport-sync: switch to openssl 3 2023-05-19 19:04:08 -04:00
sharing
shishi
sickbeard
silc-server
simple-http-server simple-http-server: 0.6.6 -> 0.6.7 2023-04-24 09:44:55 -04:00
simplehttp2server
sip freeswitch: remove misuzu as maintainer 2023-04-17 19:32:16 +03:00
sks
skydns
slimserver
smcroute
snac2 snac2: build on darwin 2023-05-23 20:10:43 +03:00
snappymail snappymail: 2.27.2 -> 2.27.3 2023-04-20 00:35:44 +00:00
soft-serve soft-serve: 0.4.7 -> 0.5.4 2023-05-21 00:19:11 +00:00
softether
sonarr
sozu
spicedb spicedb: 1.20.0 -> 1.21.0 2023-05-13 02:18:14 +00:00
sql timescaledb_toolkit: mark broken on darwin 2023-05-26 06:07:33 -04:00
squid
sshportal sshportal: 1.19.3 -> 1.19.5 2023-05-24 06:24:26 +00:00
sslh
static-web-server static-web-server: 2.15.0 -> 2.16.0 (#228048) 2023-04-25 15:51:19 +02:00
stayrtr
sunshine sunshine: 0.18.4 -> 0.19.1 2023-04-10 12:11:30 -05:00
swego
syncstorage-rs
tacacsplus
tailscale tailscale: 1.40.1 -> 1.42.0 2023-05-26 09:11:07 +02:00
tang tang: 12 -> 13 2023-05-11 06:59:54 +02:00
tarantool
tarssh treewide: remove file-wide with rustPlatform;s 2023-04-17 16:33:08 -04:00
tautulli tautulli: 2.12.2 -> 2.12.3 2023-04-16 01:27:41 +02:00
telegram-bot-api
teleport teleport_11: 11.3.5 -> 11.3.10 2023-04-08 20:08:23 +03:00
tidb tidb: 6.6.0 -> 7.0.0 2023-04-16 10:25:26 +00:00
timetagger
tmate-ssh-server
tracing tempo: 2.1.0 -> 2.1.1 2023-04-28 21:50:23 +03:00
traefik traefik: 2.10.0 -> 2.10.1 2023-04-30 10:43:58 +00:00
trezord trezord: 2.0.32 -> 2.0.33 2023-04-30 11:22:11 +02:00
trickster
tt-rss tt-rss: unstable-2022-10-15 -> unstable-2023-04-13, module use PHP 8.1 2023-04-27 11:46:38 +02:00
ttyd
tvheadend
u9fs
ucarp
udpt
uftp
uhub
ums
unfs3
unifi remove myself (erictapen) from packages which I don't use anymore 2023-04-03 17:07:16 +02:00
unifi-video
unifiedpush-common-proxies
unpackerr unpackerr: 0.11.1 -> 0.11.2 2023-05-01 09:24:10 +02:00
unpfs
ursadb
urserver
uwsgi
uxplay uxplay: 1.63.2 -> 1.64 2023-04-30 12:26:17 +00:00
varnish varnish73: init at 7.3.0 2023-05-20 13:49:24 +02:00
vouch-proxy
web-apps outline: add xanderio to maintainers 2023-05-23 12:03:39 +02:00
webdav
webdav-server-rs
webmetro
wesher
wishlist wishlist: 0.10.0 -> 0.11.0 2023-05-05 05:39:12 +00:00
wsdd
x11 Merge pull request #231664 from Artturin/libxcvtupd 2023-05-15 20:37:34 +03:00
xandikos
xinetd
xmpp ejabberd: 21.04 -> 23.01 2023-04-19 09:13:19 +02:00
xteve
zigbee2mqtt zigbee2mqtt: 1.30.3 -> 1.30.4 2023-05-01 19:54:24 +02:00
zoneminder
zookeeper zookeeper: 3.6.3 -> 3.7.1 2023-04-14 16:33:32 +01:00