Skip to content

Commit

Permalink
Only disable nginx ETags if etag patch is missing
Browse files Browse the repository at this point in the history 
Since NixOS/nixpkgs#48337 we no longer have the
issue that we get the same ETags for different store paths but the hash
of the store path is now the ETag.

This means, that we no longer need to disable caching if the patch is
applied to nginx.

Unfortunately, the patch is only in NixOS Unstable at the moment, hence
the conditional on whether the patch exists. Even if the patch is
backported to 19.03, we'd still need it in 18.09, which we currently
still support as well.

In order to apply the patch for eg. NixOS 19.03, something like this
needs to be put in the system configuration:

  { pkgs, lib, ... }:

  {
    # ... other configuration definitions

    services.nginx.package = pkgs.nginx.overrideAttrs (drv: {
      patches = (drv.patches or []) ++ lib.singleton (fetchurl {
        url = "https://raw.githubusercontent.com/NixOS/nixpkgs/master/"
            + "pkgs/servers/http/nginx/nix-etag-1.15.4.patch";
        sha256 = "0w7sbvfrf0s20lyfr99r5d13rd97nd3c4n569n9ldy7a1r7nx019";
      });
    });

    # ... other configuration definitions
  }

Signed-off-by: aszlig <aszlig@nix.build>
  • Loading branch information
@aszlig
aszlig committed May 15, 2019
1 parent d8080a2 commit 0984a0b
Showing 1 changed file with 11 additions and 3 deletions.
14 changes: 11 additions & 3 deletions default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -517,13 +517,21 @@ in autoCalledOr {
forceSSL = cfg.useSSL;
enableACME = cfg.useACME;
locations = let
# This is ugly as hell and basically disables caching.
# See https://github.com/NixOS/nixpkgs/issues/25485
storeDirWorkaround = ''
# Check whether nginx has the etag patch applied from
# https://github.com/NixOS/nixpkgs/pull/48337 and only disable
# caching if it's not the case.
hasEtagPatch = let
inherit (config.services.nginx.package) patches;
matchEtagPatch = builtins.match ".*nix-etag.*patch";
in lib.any (p: matchEtagPatch p.name != null) patches;

# Workaround for https://github.com/NixOS/nixpkgs/issues/25485
storeDirWorkaround = lib.optionalString (!hasEtagPatch) ''
if_modified_since off;
add_header Last-Modified "";
etag off;
'';

commonHeaders = let
frameAncestors = let
allowed = lib.concatStringsSep " " cfg.allowEmbedFrom;
Expand Down

1 comment on commit 0984a0b

@aszlig
Copy link
Member Author

@aszlig aszlig commented on 0984a0b May 15, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The configuration example for applying the patch is actually wrong, here is the correct way to add the patch:

{ pkgs, lib, ... }:

{
  # ... other configuration definitions

  services.nginx.package = pkgs.nginx.overrideAttrs (drv: {
    patches = (drv.patches or []) ++ lib.singleton (pkgs.fetchurl {
      url = "https://raw.githubusercontent.com/NixOS/nixpkgs/master/"
          + "pkgs/servers/http/nginx/nix-etag-1.15.4.patch";
      sha256 = "0i2lfz66204kcm1qdqws07cbq5nh1grxcz1ycp6qhmypl3da8hq4";
      postFetch = ''
        substituteInPlace "$out" \
          --subst-var-by nixStoreDir "$NIX_STORE" \
          --subst-var-by nixStoreDirLen "''${#NIX_STORE}"
      '';
    });
  });

  # ... other configuration definitions
}

Please sign in to comment.