diff options
author | Sandro Jäckel <sandro.jaeckel@gmail.com> | 2022-10-15 17:18:36 +0200 |
---|---|---|
committer | Sandro Jäckel <sandro.jaeckel@gmail.com> | 2023-01-30 20:25:22 +0100 |
commit | 2d3efd330141b14ff8ba6133768ea44b65d660dd (patch) | |
tree | a8d887ff7f3895067bb6e0e186c1104ae1525d4a /nixos | |
parent | 5b6dcece880b1fe45532b383e1c1f9574ddac4cf (diff) |
nixos/nginx: clear clients Connection headers
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2305.section.xml | 7 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2305.section.md | 2 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 2 |
3 files changed, 11 insertions, 0 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml index 2ce4ce189cb4..87535cab12b3 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml @@ -704,6 +704,13 @@ </listitem> <listitem> <para> + <literal>services.nginx.recommendedProxySettings</literal> now + removes the <literal>Connection</literal> header preventing + clients from closing backend connections. + </para> + </listitem> + <listitem> + <para> Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store. diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index 148b317ba283..16f2714267d3 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -176,6 +176,8 @@ In addition to numerous new and upgraded packages, this release has the followin - `hip` has been separated into `hip`, `hip-common` and `hipcc`. +- `services.nginx.recommendedProxySettings` now removes the `Connection` header preventing clients from closing backend connections. + - Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store. - The `firewall` and `nat` module now has a nftables based implementation. Enable `networking.nftables` to use it. diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index c723b962c847..c0b90997ae9b 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -211,6 +211,8 @@ let proxy_send_timeout ${cfg.proxyTimeout}; proxy_read_timeout ${cfg.proxyTimeout}; proxy_http_version 1.1; + # don't let clients close the keep-alive connection to upstream + proxy_set_header "Connection" ""; include ${recommendedProxyConfig}; ''} |