lcrilly

#!/bin/sh
#
# compile_module.sh (c) NGINX, Inc. [v0.6 28-Aug-2018] Liam Crilly <liam.crilly@nginx.com>
#
# This script supports Ubuntu, RedHat and CentOS package managers
# Installs the minimum necessary prerequisite packages to build 3rd party modules for NGINX Plus
# Obtains source for module and NGINX OSS, compiles the module .so and cleans up.
# Inspects module configuration and attempts to rewrite for dynamic build if necessary.
#
# CHANGELOG

lcrilly

#!/usr/bin/env bash
# get_server.sh (c) NGINX, Inc. [v0.3 10-Jul-2019] Liam Crilly <liam.crilly@nginx.com>

if [ $# -lt 1 ]; then
	echo "USAGE: ${0##*/} [URI ...]"
	exit 1
fi

for site in "$@"; do
	echo -n "$site "

lcrilly

js_import json_log.js;
js_set $json_debug_log json_log.debugLog;

log_format access_debug escape=none $json_debug_log;
access_log /var/log/nginx/access_debug.log access_debug if=$is_error;

map $status $is_error {
    # List of response codes that warrant a detailed log file
    400     1; # Bad request, including expired client cert
    495     1; # Client cert error

lcrilly

js_import conf.d/echo.js;

map $request_method $return_code {
    "POST"   201;
    "DELETE" 204;
    default  200;
}

keyval_zone zone=kv:32k;
keyval '1' $has_keyval zone=kv;

lcrilly

This solution is obsolete

This solution is for NGINX Plus prior to R23. Since NGINX Plus R23, gRPC health checks can be enabled with

health_check type=grpc;

https://www.nginx.com/blog/nginx-plus-r23-released/#grpc-health-checks

lcrilly

Cookie Security with NGINX and NGINX Plus

This is a complete demo of 2 different cookie security techniques:

1. Cookie jar - NGINX Plus stores new cookies in the key-value store and issues the client an opaque reference to access them
2. Signed cookies - NGINX creates signatures for all new cookies and validates that presented cookies match the signature

Requires NGINX Plus with JavaScript module (njs 0.5.1+)

lcrilly

Workshop: Deploying NGINX as an API Gateway

NGINX is the world’s number one API gateway, delivering the vast majority of today’s API traffic, deployed as standalone gateways or embedded in API management products. This workshop is about deploying NGINX as a lightweight API gateway in a way that supports long-term maintenance and can be automated with common DevOps tooling.

In this hands-on workshop, you will configure NGINX to perform the common API gateway functions of request routing, rate limiting, and authentication for multiple APIs. We will also touch on advanced use cases such as HTTP method enforcement, and JSON validation.

Previous experience of NGINX is valuable, but not essential. Technical requirements:

• Mandatory: laptop with internet connection
• Highly recommended: clean installation of NGINX (minimum 1.14.0) - limited assistance for this task will be available at the workshop

lcrilly

Prometheus metrics for NGINX open source

Converts the output of the NGINX stub_status module to Prometheus format so that basic metrics can be scraped from a /metrics endpoint.

The NGINX JavaScript module is used to filter the stub_status response.

$ curl -i http://localhost:8080/metrics

lcrilly

Logging request headers with njs

This configuration can be used to log all of the request headers presented by a client. We use the JavaScript (njs) module to iterate over each header, returning a list of JSON key-value pairs which are then included in a JSON log format.

nginx.conf

js_include functions.js;
js_set $headers_json headers_to_json;

log_format json escape=none '{"timestamp":"$time_iso8601",'

lcrilly

JWT tools

create_jwt.sh Reads a JSON payload and creates a JWT, with or without a signature

decode_jwt.sh Reads a JWT from stdin and decodes as human-readable JSON to stdout