Nginx: Stream module is missing

Help
1

Hi!

I’m using Nginx as reverse proxy and for a Gitea server, I’m trying to route SSH traffic through it. So I tried something like this:

services.nginx = {
    enable = true;

    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;

    appendHttpConfig = ''
      error_log stderr;
      access_log syslog:server=unix:/dev/log combined;
    '';

    streamConfig = ''
      server {
          listen 22;
          server_name git.mydomain.example;
          proxy_pass localhost:222;
      }
    '';
}

However, after building said configuration, nginx.service failed to start with the error that “server_name” directive is not allowed here in /nix/store/-nginx.conf:. Excerpt from /nix/store/-nginx.conf:

stream {
	server {
		listen 22;
		server_name git.mydomain.example; # <line-number> is here
		proxy_pass localhost:222;
	}
}

After searching a bit, I found that the error is usually caused by the stream module missing. So I checked the nixpkgs module but, as you can see, it is enabled by default.

I even tried to enable it explicitly with

services.nginx.package = (pkgs.nginx.override { withStream = true; });

but still no luck.

Any ideas what might be the problem?

Thank you in advance!

1 Like
2

I think this is an expected Nginx behavior. See Re: server_name within tcp server blocks

You can’t really use server_name for a TCP/UDP stream. The server_name concept is pretty much HTTP-specific. Nginx matches those using the Host HTTP header. You don’t have such a header for a bare TCP connection.

Try removing the server_name clause, it should then work. Provided this is the only service listening to port 22, it should be fine. If it’s not, you can listen on another port and alter your Gitea configuration to generate clone links with this new port.

[Edit]: add a link to Nginx forums to support my claim.

3 Likes
3

Apologies!

You are absolutely right, even my sources said that after reading them again.

Thank you very much :slight_smile:

1 Like