Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Announcing NGINX Plus R23
proxy_cache_path /var/cache/nginx keys_zone=cache_zone:10m min_free=100M;
server {
#...
location / {
proxy_pass http://backend;
proxy_cache cache_zone;
proxy_cache_key $uri;
}
}
# vim: syntax=nginx
server {
# Default server to catch all unconfigured HTTPS traffic
listen 443 default_server ssl;
ssl_reject_handshake on;
}
# vim: syntax=nginx
upstream dns_backends {
zone dns_backends 64k;
server 10.0.0.1:53;
server 10.0.0.2:53;
}
keyval_zone zone=dns_timestamp:1M timeout=24h;
keyval $remote_addr $timestamp zone=dns_timestamp;
server {
listen 53; # tcp
listen 53 udp;
proxy_pass dns_backends;
set $timestamp $time_iso8601; # Update the dns_timestamp keyval
}
# vim: syntax=nginx
upstream grpc_backend {
zone grpc_backend 64k;
server 10.0.0.1:50051;
server 10.0.0.2:50051;
}
server {
listen 443 ssl http2;
ssl_certificate ...;
ssl_certificate_key ...;
location / {
grpc_pass grpcs://grpc_backend; # Use grpc:// to proxy as plaintext
health_check mandatory type=grpc;
}
}
# vim: syntax=nginx
location / {
grpc_pass grpc://grpc_backend;
health_check type=grpc grpc_status=12; # 12=unimplemented
}
# vim: syntax=nginx
health_check type=grpc grpc_service=MyStatus;
# vim: syntax=nginx
map $host $oidc_pkce_enable {
www.example.com 1;
default 0;
}
# vim: syntax=nginx
set $src_tuple $remote_addr:$remote_port;
# vim: syntax=nginx
ssl_protocols TLSv1.2 TLSv1.3;
# For TLS 1.2
ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
# For TLS 1.3
ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
# vim: syntax=nginx
upstream my_backend {
zone my_backend 64k;
server 10.0.0.1:8443;
}
server {
listen 443 ssl;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_certificate /etc/ssl/api.example.com.crt;
ssl_certificate_key /etc/ssl/api.example.com.key;
location / {
proxy_pass https://my_backend;
proxy_ssl_protocols TLSv1.3;
proxy_ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384;
}
}
# vim: syntax=nginx
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment