Skip to content

Instantly share code, notes, and snippets.

@nginx-gists
Last active November 11, 2022 00:13
Show Gist options
  • Save nginx-gists/2d3f1837c2c9570aebae9099c7a1b5f5 to your computer and use it in GitHub Desktop.
Save nginx-gists/2d3f1837c2c9570aebae9099c7a1b5f5 to your computer and use it in GitHub Desktop.
Announcing NGINX Plus R26
log_format alpn '$time_iso8601 client=$remote_addr method=$request_method '
'uri=$request_uri status=$status alpn=$ssl_alpn_protocol';
server {
listen 443 ssl http2;
ssl_certificate /etc/ssl/www.example.com.crt;
ssl_certificate_key /etc/ssl/www.example.com.key;
root /usr/share/nginx/html;
access_log /var/log/nginx/access.log alpn;
}
# vim: syntax=nginx
stream {
upstream filer {
server 10.0.0.100:990;
server 10.0.0.110:990;
}
server {
listen 990 ssl;
ssl_certificate /usr/local/nginx/conf/cert.pem;
ssl_certificate_key /usr/local/nginx/conf/cert.key;
proxy_pass filer;
ssl_alpn ftp; # Accept only ALPN/FTP connections
}
}
# vim: syntax=nginx
let msg = [];
function test(r) {
setTimeout(() => {msg.push('a')}, 100);
setTimeout(() => {msg.push('b')}, 20);
setTimeout(() => {msg.push('c')}, 0);
r.return(200, msg.join('-'));
}
export default {test}
function test(r) {
let p1 = new Promise((resolve) => {
setTimeout(() => {msg.push("a"); resolve()}, 100, resolve)
});
let p2 = new Promise((resolve) => {
setTimeout(() => {msg.push("b"); resolve()}, 20, resolve)
});
Promise.all([p1, p2]).then(() => {
r.return(200, `${msg.join()}\n`)
})
}
js_import host from conf.d/host.js;
js_set $hosthash host.host_hash;
server {
listen 80;
location / {
return 200 $hosthash;
}
}
# vim: syntax=nginx
async function host_hash(r) {
let hash = await crypto.subtle.digest('SHA-512', r.headersIn.host);
r.setReturnValue(Buffer.from(hash).toString('hex'));
}
export default { host_hash }
http {
proxy_cache_path /var/cache/nginx/jwk levels=1 keys_zone=jwk:64k max_size=1m;
server {
listen 127.0.0.1:8080;
auth_jwt "closed site";
auth_jwt_key_cache 3h;
auth_jwt_key_request /_jwks_uri;
location / {
proxy_pass http://my_backend;
}
location = /_jwks_uri {
internal;
proxy_cache jwk; # Cache the JWK Set recieved from IdP
proxy_cache_valid 200 12h; # How long to consider keys "fresh"
proxy_cache_use_stale error timeout updating; # Use old JWK Set if cannot reach IdP
proxy_ssl_server_name on; # For SNI to the IdP
proxy_method GET; # In case client request was non-GET
proxy_set_header Content-Length ""; # ''
proxy_pass https://idp-jwk-endpoint;
proxy_ignore_headers Cache-Control Expires Set-Cookie; # Does not influence caching
}
}
}
# vim: syntax=nginx
http {
server {
listen 127.0.0.1:8080;
auth_jwt "closed site";
auth_jwt_key_cache 3h;
auth_jwt_key_file conf.d/jwk.json;
location / {
proxy_pass http://my_backend;
}
}
}
# vim: syntax=nginx
const fs = require('fs').promises;
function test(r) {
myFileread('user.txt').then((data) => r.return(200, data)).catch((msg) => r.return(400, msg))
}
let myFileread = async(filename) => {
if (filename != "user.txt") {
throw new Error(`Filename not allowed`);
}
else {
let r = await fs.readFile(`/etc/nginx/conf.d/${filename}`);
return r;
}
}
const fs = require('fs').promises;
function test(r) {
myFileread('user.txt').then((data) => r.return(200, data)).catch((msg) => r.return(400, msg))
}
let myFileread = async(filename) => {
if (filename != "user.txt") {
return Promise.reject("Error: Filename not allowed");
}
else {
let r = await fs.readFile(`/etc/nginx/conf.d/${filename}`);
return r;
}
}
js_import conf.d/random_number.js;
server {
listen 80;
location / {
js_content random_number.random;
}
}
# vim: syntax=nginx
require('crypto');
function random(r) {
const buffer = crypto.getRandomValues(new Uint32Array(8));
return r.return(200, buffer.toString());
}
export default { random }
@nginx-gists
Copy link
Author

For a discussion of these files, see Announcing NGINX Plus R26

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment