Announcing NGINX Plus R23

cache_manager_min_free.conf

proxy_cache_path /var/cache/nginx keys_zone=cache_zone:10m min_free=100M;

server {
    #...
    location / {
        proxy_pass http://backend;
        proxy_cache cache_zone;
        proxy_cache_key $uri;
    }
}
# vim: syntax=nginx

cookie_flags.conf

upstream my_backend {
    server 127.0.0.1:8080;
    server 127.0.0.1:8081;
}

default_type "text/html";

server {
    listen 85;

    location / {
        proxy_pass http://my_backend;
        proxy_cookie_flags appcookie httponly secure samesite=strict;
    }
}

server {
    listen 8080;

    location / {
        add_header Set-Cookie "appcookie=appserver1";
        return 200 "Server 1\n";
    }
}

server {
    listen 8081;

    location / {
        add_header Set-Cookie "appcookie=appserver2";
        return 200 "Server 2\n";
    }
}
# vim: syntax=nginx

default_https_server.conf

server {
    # Default server to catch all unconfigured HTTPS traffic
    listen 443 default_server ssl;
    ssl_reject_handshake on;
}
# vim: syntax=nginx

dns_lb.conf

upstream dns_backends {
    zone dns_backends 64k;
    server 10.0.0.1:53;
    server 10.0.0.2:53;
}

keyval_zone zone=dns_timestamp:1M timeout=24h;
keyval $remote_addr $timestamp zone=dns_timestamp;

server {
    listen 53; # tcp
    listen 53    udp;
    proxy_pass dns_backends;
    set $timestamp $time_iso8601; # Update the dns_timestamp keyval
}
# vim: syntax=nginx

grpc_health.conf

upstream grpc_backend {
    zone grpc_backend 64k;
    server 10.0.0.1:50051;
    server 10.0.0.2:50051;
}

server {
    listen 443 ssl http2;
    ssl_certificate ...;
    ssl_certificate_key ...;

    location / {
        grpc_pass grpcs://grpc_backend; # Use grpc:// to proxy as plaintext
        health_check mandatory type=grpc;
    }
}
# vim: syntax=nginx

grpc_health_generic.conf

location / {
    grpc_pass grpc://grpc_backend;
    health_check type=grpc grpc_status=12; # 12=unimplemented
}
# vim: syntax=nginx

grpc_health_service.conf

health_check type=grpc grpc_service=MyStatus;
# vim: syntax=nginx

oidc_pkce.conf

map $host $oidc_pkce_enable {
    www.example.com 1;
    default 0;
}
# vim: syntax=nginx

set_stream.conf

set $src_tuple $remote_addr:$remote_port;
# vim: syntax=nginx

sticky_cookie_flags.conf

upstream backend {
    server backend1.example.com;
    server backend2.example.com;
    sticky cookie srv_id expires=1h domain=.example.com httponly samesite=strict secure path=/;
}
# vim: syntax=nginx

tls_ciphers.conf

ssl_protocols TLSv1.2 TLSv1.3;
# For TLS 1.2
ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
# For TLS 1.3
ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
# vim: syntax=nginx

tls_upgrade.conf

upstream my_backend {
    zone my_backend 64k;
    server 10.0.0.1:8443;
}

server {
    listen 443 ssl;
    ssl_protocols       TLSv1.1 TLSv1.2;
    ssl_certificate     /etc/ssl/api.example.com.crt;
    ssl_certificate_key /etc/ssl/api.example.com.key;

    location / {
        proxy_pass https://my_backend;
        proxy_ssl_protocols    TLSv1.3;
        proxy_ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384;
    }
}
# vim: syntax=nginx

For a discussion of these files, see Announcing NGINX Plus R23