diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index b5ff630a4d48428..07eef07640dc020 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -129,12 +129,9 @@ let '')); commonHttpConfig = '' - # Load mime types. + # Load mime types and configure maximum size of the types hash tables. include ${cfg.defaultMimeTypes}; - # When recommendedOptimisation is disabled nginx fails to start because the mailmap mime.types database - # contains 1026 entries and the default is only 1024. Setting to a higher number to remove the need to - # overwrite it because nginx does not allow duplicated settings. - types_hash_max_size 4096; + types_hash_max_size ${toString cfg.typesHashMaxSize}; include ${cfg.package}/conf/fastcgi.conf; include ${cfg.package}/conf/uwsgi_params; @@ -896,6 +893,22 @@ in ''; }; + typesHashMaxSize = mkOption { + type = types.ints.positive; + default = if cfg.defaultMimeTypes == "${pkgs.mailcap}/etc/nginx/mime.types" then 2688 else 1024; + defaultText = literalExpression ''if cfg.defaultMimeTypes == "''${pkgs.mailcap}/etc/nginx/mime.types" then 2688 else 1024''; + description = '' + Sets the maximum size of the types hash tables. + + When recommendedOptimisation is disabled nginx fails to start because the + mailmap mime.types database contains 1026 entries and the default is only + 1024. Setting to a higher number to remove the need to overwrite it because + nginx does not allow duplicated settings. + + It is recommended that the minimum size be used. + ''; + }; + proxyCachePath = mkOption { type = types.attrsOf (types.submodule ({ ... }: { options = { diff --git a/nixos/tests/nginx.nix b/nixos/tests/nginx.nix index 8b1f921ec520901..b5f452209de22d2 100644 --- a/nixos/tests/nginx.nix +++ b/nixos/tests/nginx.nix @@ -98,6 +98,11 @@ import ./make-test-python.nix ({ pkgs, ... }: { wait_for_nginx_on_port(80) + with subtest("check optimal size of types_hash"): + webserver.fail( + "journalctl --unit nginx --grep 'could not build optimal types_hash'" + ) + with subtest("check ETag if serving Nix store paths"): old_etag = check_etag() webserver.succeed(