NGINX Gists account nginx-gists
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is the backend application we are protecting with OpenID Connect | |
| upstream cluster1-https { | |
| zone cluster1-https 256k; | |
| least_time last_byte; | |
| keepalive 16; | |
| #servers managed by NKL Controller | |
| state /var/lib/nginx/state/cluster1-https.state; | |
| } | |
| # Custom log format to include the 'sub' claim in the REMOTE_USER field |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http { | |
| map $proxy_protocol_tlv_aws_vpce_id $not_allowed_vpc_id { | |
| "12341234" 0; | |
| "12345678" 0; | |
| default 1; | |
| } | |
| server { | |
| listen 127.0.0.1:8080 proxy_protocol; | |
| location / { |
nginx-gists
/ action_chaining
Last active
November 11, 2022 00:23
NGINX Unit Greets Autumn 2022 with New Features (a Statistics Engine!) and Exciting Plans
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "action": [ | |
| { | |
| "pass": "applications/auth_check" | |
| }, | |
| { | |
| "pass": "applications/my_app" | |
| } | |
| ] | |
| } |
nginx-gists
/ jscode_integrated.conf
Last active
November 11, 2022 00:22
Make Your NGINX Config Even More Modular and Reusable with njs 0.7.7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 4001; | |
| js_import util from util.mjs; | |
| location /foo { | |
| js_content util.handler; | |
| } | |
| } |
nginx-gists
/ custom_jwt_validation_error.conf
Created
June 28, 2022 00:08
Announcing NGINX Plus R27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| location / { | |
| auth_jwt "closed site"; | |
| auth_jst_key_file /path/to/jwks; | |
| auth_jwt_require $req1 $req2 error=403; # return 403 on failure | |
| } | |
| # vim: syntax=nginx |
nginx-gists
/ full-self-service-vs-a.yaml
Last active
November 11, 2022 00:21
Enabling Multi-Tenancy and Namespace Isolation in Kubernetes with NGINX
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: k8s.nginx.org/v1 | |
| kind: VirtualServer | |
| metadata: | |
| name: bookinfo | |
| namespace: A | |
| spec: | |
| host: a.bookinfo.com | |
| upstreams: | |
| - name: productpageA | |
| service: productpageA |
nginx-gists
/ gc.yaml
Created
June 6, 2022 18:09
Load Balancing TCP and UDP Traffic in Kubernetes with NGINX
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: k8s.nginx.org/v1alpha1 | |
| kind: GlobalConfiguration | |
| metadata: | |
| name: nginx-configuration | |
| namespace: nginx-ingress | |
| spec: | |
| listeners: | |
| - name: syslog-udp | |
| port: 541 | |
| protocol: UDP |
nginx-gists
/ dns_filtering.conf
Last active
November 21, 2022 12:25
Using NGINX as a DoT or DoH Gateway
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| stream { | |
| # Key-value store for blocking domains (NGINX Plus only) | |
| keyval_zone zone=dns_config:64k state=/etc/nginx/zones/dns_config.zone; | |
| keyval $dns_qname $scrub_action zone=dns_config; | |
| keyval "blocked_domains" $blocked_domains zone=dns_config; | |
| keyval "blackhole_domains" $blackhole_domains zone=dns_config; | |
| # The DNS response packet; if we're scrubbing the domain, this gets set | |
| js_set $dns_response dns.get_response; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| log_format alpn '$time_iso8601 client=$remote_addr method=$request_method ' | |
| 'uri=$request_uri status=$status alpn=$ssl_alpn_protocol'; | |
| server { | |
| listen 443 ssl http2; | |
| ssl_certificate /etc/ssl/www.example.com.crt; | |
| ssl_certificate_key /etc/ssl/www.example.com.key; | |
| root /usr/share/nginx/html; | |
| access_log /var/log/nginx/access.log alpn; |
nginx-gists
/ api.conf
Last active
November 11, 2022 00:13
Over-the-Air Updates to IoT Devices with NGINX
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| log_format api_main '$remote_addr - $remote_user [$time_local] "$request"' | |
| '$status $body_bytes_sent "$http_referer" "$http_user_agent"'; | |
| server { | |
| access_log /var/log/nginx/api_access.log api_main; | |
| listen 443; | |
| server_name <domain-url>; | |
| location /ota { |
NewerOlder