nginx-gists

# This sample NGINX Plus configuration enables the NGINX Plus API, for live 
# activity monitoring and the built-in dashboard, dynamic configuration of 
# upstream groups, and key-value stores. Keep in mind that any features 
# added to the API in future NGINX Plus releases will be enabled 
# automatically by this file.
# Created in May 2018 by NGINX, Inc. for NGINX Plus R14 and later.

# Documentation: 
# https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring/
# https://www.nginx.com/blog/live-activity-monitoring-nginx-plus-3-simple-steps

nginx-gists

js_import batch-api-min.js;

# keyval_zone for APIs where the last portion of the URI is an argument
# The key is the portion of the URL before the last part
keyval_zone zone=batch_api:64k state=/etc/nginx/state-files/batch-api.json;
keyval $uri_prefix $batch_api zone=batch_api;

# keyval_zone for APIs where the last portion of the URI is an argument
# The key is the URI
keyval_zone zone=batch_api2:64k state=/etc/nginx/state-files/batch-api2.json;

nginx-gists

include api_backends.conf;
include api_keys.conf;

limit_req_zone $binary_remote_addr zone=client_ip_10rs:1m rate=1r/s;
limit_req_zone $http_apikey        zone=apikey_200rs:1m   rate=200r/s;

server {
    access_log /var/log/nginx/api_access.log main; # Each API may also log to a 
                                                   # separate file

nginx-gists

# Standard HTTP-to-gRPC status code mappings
# Ref: https://github.com/grpc/grpc/blob/master/doc/http-grpc-status-mapping.md
#
error_page 400 = @grpc_internal;
error_page 401 = @grpc_unauthenticated;
error_page 403 = @grpc_permission_denied;
error_page 404 = @grpc_unimplemented;
error_page 429 = @grpc_unavailable;
error_page 502 = @grpc_unavailable;
error_page 503 = @grpc_unavailable;

nginx-gists

function method_up(s) {
    var proxy_proto_header = '';
    var req = '';

    s.on('upload', function(data, flags) {
        var n;

	  req += data;
	  n = req.search('\n');

nginx-gists

ARG RELEASE=bookworm
FROM debian:${RELEASE}-slim

LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"

# Define NGINX versions for NGINX Plus and NGINX Plus modules
# Uncomment this block and the versioned nginxPackages block in the main RUN
# instruction to install a specific release
# ARG RELEASE
# ENV NGINX_VERSION      31

nginx-gists

server {
    listen 443 ssl;

    ssl_certificate      /etc/ssl/$ssl_server_name.crt; # Lazy load from SNI    
    ssl_certificate_key  /etc/ssl/$ssl_server_name.key; # ditto                     
    ssl_protocols        TLSv1.3 TLSv1.2 TLSv1.1;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_set_header Host $host;

nginx-gists

server {
    listen 80;

    location / {
        auth_request /_oauth2_token_introspection;                              
        proxy_pass http://my_backend;
    }

    location = /_oauth2_token_introspection {
        internal;

nginx-gists

function signCookie(r) {
    if (r.headers["set-cookie"].length) {
        // Response includes a new cookie
        var cookie_data = r.headers["set-cookie"].split(";");
        var c = require('crypto');
        var h = c.createHmac('sha256').update(cookie_data[0] + r.remoteAddress);
        return "signature=" + h.digest('hex');
    }
    return "";
}

nginx-gists

keyval_zone zone=denylist:128K type=ip timeout=24h;
keyval $remote_addr $in_denylist zone=denylist;

server {
    listen 80;

    location / {
        if ($in_denylist) {
            return 403; # Forbidden
        }