mirai@makinata.eu writes: > From: Bruno Victal > > * gnu/services/web.scm (): Add > ssl-stapling? and ssl-stapling-verify?. > * doc/guix.texi (NGINX): Document this. > --- > doc/guix.texi | 7 +++++ > gnu/services/web.scm | 69 +++++++++++++++++++++++++------------------- > 2 files changed, 46 insertions(+), 30 deletions(-) Hi Bruno, Thanks for the patch, and sorry it's taken so long to reply. > @@ -647,6 +654,8 @@ (define-syntax-rule (and/l x tail ...) > " server_name " (config-domain-strings server-name) ";\n" > (and/l ssl-certificate " ssl_certificate " <> ";\n") > (and/l ssl-certificate-key " ssl_certificate_key " <> ";\n") > + " ssl_stapling " (if ssl-stapling? "on" "off") ";\n" > + " ssl_stapling_verify " (if ssl-stapling-verify? "on" "off") ";\n" > (if (not (equal? "" root)) > (list " root " root ";\n") > "") > > base-commit: 68925b5ee7e0d96b0c84ae98a633eea5097bf511 Generally this looks good to me. There's some unnecessary indentation changes that should probably go in another commit if they're made, but I did spot something in the above diff. I'm no expert in NGinx configs, but I do wonder if this change will break using nginx if it's built without the ngx_http_ssl_module? With the other module specific configuration (e.g. ssl_certificate), it's possible to specify a value in the that means the line won't be included in the configuration. I think it would be good to continue that here. I'm not sure how to enable not including these config lines. Maybe a symbol value like 'noval could be used (this should also be the default, rather than #f), or maybe 'on and 'off could be used as the values with #f meaning the line isn't included. Does that make sense? Thanks, Chris