Skip to content

Instantly share code, notes, and snippets.

View nginx-gists's full-sized avatar

NGINX Gists account nginx-gists

28 followers · 0 following
View GitHub Profile
@nginx-gists
nginx-gists / progressive_transition.conf
Last active November 10, 2022 23:44
Using the NGINX JavaScript Module to Progressively Transition Clients to a New Server
upstream old {
server 10.0.0.1;
server 10.0.0.2;
}
upstream new {
server 10.0.0.9;
server 10.0.0.10;
}
@nginx-gists
nginx-gists / logging.js
Last active April 27, 2021 22:37
Harnessing the Power and Convenience of JavaScript for Each Request with the NGINX JavaScript Module
function kvAccess(r) {
var log = `${r.variables.time_iso8601} client=${r.remoteAddress} method=${r.method} uri=${r.uri} status=${r.status}`;
r.rawHeadersIn.forEach(h => log += ` in.${h[0]}=${h[1]}`);
r.rawHeadersOut.forEach(h => log += ` out.${h[0]}=${h[1]}`);
return log;
}
export default { kvAccess }
@nginx-gists
nginx-gists / mask_ip.conf
Last active November 10, 2022 23:40
Data Masking for User Privacy with the NGINX JavaScript Module
log_format masked '$remote_addr_masked - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
js_import mask_ip_uri.js;
js_set $remote_addr_masked mask_ip_uri.maskRemoteAddress;
server {
listen 80;
@nginx-gists
nginx-gists / Dockerfile
Last active January 6, 2023 09:55
NGINX Plus for the IoT: Load Balancing MQTT
# Pull base image. The official docker openjdk-8 image is used here.
FROM java:8-jdk
# Copy HiveMQ to container
COPY hivemq.zip /tmp/
#Install wget and unzip, then download and install HiveMQ.
RUN \
apt-get install -y wget unzip &&\
unzip /tmp/hivemq.zip -d /opt/ &&\
@nginx-gists
nginx-gists / mqtt_client_auth.js
Last active March 21, 2023 12:53
NGINX Plus for the IoT: Encrypting and Authenticating MQTT Traffic
function parseCSKVpairs(cskvpairs, key) {
if ( cskvpairs.length ) {
var kvpairs = cskvpairs.split(',');
for ( var i = 0; i < kvpairs.length; i++ ) {
var kvpair = kvpairs[i].split('=');
if ( kvpair[0].toUpperCase() == key ) {
return kvpair[1];
}
}
}
@nginx-gists
nginx-gists / banned.html
Last active November 9, 2023 09:43
Dynamic IP Denylisting with NGINX Plus and fail2ban
<!DOCTYPE html>
<html>
<head>
<title>Banned</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
@nginx-gists
nginx-gists / defacement_detection_etag.conf
Last active November 10, 2022 23:49
Detecting Homepage Defacement With Active Health Checks
match homepage_etag {
header ETag = '"58ad6e69-264"';
}
upstream my_website {
server 10.0.0.1:80;
zone health 64k; # Allow workers to share health info
}
server {
@nginx-gists
nginx-gists / auth_jwt_snippet.conf
Last active November 10, 2022 23:50
Conditional Access Control with Microsoft Azure Active Directory
auth_jwt "Closed site";
auth_jwt_key_file /etc/nginx/azure.jwk;
# vim: syntax=nginx
@nginx-gists
nginx-gists / dynamic-upstream-configuration.conf
Last active November 10, 2022 23:50
Using NGINX Plus to Reduce the Frequency of Configuration Reloads
# This NGINX Plus configuration implements route-based session persistence
# and enables the NGINX Plus API. Because the NGINX Plus API is used to
# dynamically configure the servers in the upstream group, servers are not
# defined statically in this file.
# To add an upstream server, run this command, replacing
# <IP-ADDRESS:PORT> and <API-VERSION> with appropriate values:
#
# curl -sX POST -d '{"server":"<IP-ADDRESS:PORT>", "route":"www.example.com"}' http://127.0.0.1:8888/api/<API-VERSION>/http/upstreams/vhosts/servers
@nginx-gists
nginx-gists / api_backends.conf
Last active April 21, 2024 09:19 — forked from lcrilly/api_backends.conf
Deploying NGINX Plus as an API Gateway, Part 1
upstream warehouse_inventory {
zone inventory_service 64k;
server 10.0.0.1:80;
server 10.0.0.2:80;
server 10.0.0.3:80;
}
upstream warehouse_pricing {
zone pricing_service 64k;
server 10.0.0.7:80;