NGINX Gists account nginx-gists

## ubuntu_install.sh
#!/usr/bin/env bash

if [ "$EUID" -ne 0 ];then
  >&2 echo "This script requires root level access to run"
  exit 1
fi

if [ -z "${WORDPRESS_DB_PASSWORD}" ]; then
  >&2 echo "WORDPRESS_DB_PASSWORD must be set"
  >&2 echo "Here is a random one that you can paste:"

## api_backends.conf
upstream warehouse_inventory {
    zone inventory_service 64k;
    server 10.0.0.1:80;
    server 10.0.0.2:80;
    server 10.0.0.3:80;
}

upstream warehouse_pricing {
    zone pricing_service 64k;
    server 10.0.0.7:80;

## auth_request.conf
server {
    listen 80;

    location / {
        auth_request /_oauth2_token_introspection;
        proxy_pass http://my_backend;
    }

    location = /_oauth2_token_introspection {
        internal;

## Dockerfile
ARG RELEASE=bookworm
FROM debian:${RELEASE}-slim

LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"

# Define NGINX versions for NGINX Plus and NGINX Plus modules
# Uncomment this block and the versioned nginxPackages block in the main RUN
# instruction to install a specific release
# ARG RELEASE
# ENV NGINX_VERSION      31

## banned.html
<!DOCTYPE html>
<html>
<head>
<title>Banned</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }

## nlk_openid_frontend.conf
# This is the backend application we are protecting with OpenID Connect
upstream cluster1-https {
   zone cluster1-https 256k;
   least_time last_byte;
   keepalive 16;
   #servers managed by NKL Controller
   state /var/lib/nginx/state/cluster1-https.state;
}

# Custom log format to include the 'sub' claim in the REMOTE_USER field

## Dockerfile
# Builds NGINX from the QUIC+HTTP/3 development branch
# - Based on the official NGINX docker image, including all modules built by default
# - OpenSSL replaced with LibreSSL to support QUIC's TLS requirements (statically linked)
#
# docker build --no-cache -t nginx:quic .
# docker run -d -p 443:443 -p 443:443/udp nginx:quic
#
# Note that a suitable configuration file and TLS certificates are required for testing!
# See <https://quic.nginx.org/readme.html> for more info

## app-virtual-server.yaml
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
  name: app-ingress
spec:
  host: app.example.com
  tls:
    secret: app-secret-ecc
  upstreams:
  - name: web-server-payload

## mqtt_client_auth.js
function parseCSKVpairs(cskvpairs, key) {
    if ( cskvpairs.length ) {
        var kvpairs = cskvpairs.split(',');
        for ( var i = 0; i < kvpairs.length; i++ ) {
            var kvpair = kvpairs[i].split('=');
            if ( kvpair[0].toUpperCase() == key ) {
                return kvpair[1];
            }
        }
    }

## batch-api-min.conf
js_import batch-api-min.js;

# keyval_zone for APIs where the last portion of the URI is an argument
# The key is the portion of the URL before the last part
keyval_zone zone=batch_api:64k state=/etc/nginx/state-files/batch-api.json;
keyval $uri_prefix $batch_api zone=batch_api;

# keyval_zone for APIs where the last portion of the URI is an argument
# The key is the URI
keyval_zone zone=batch_api2:64k state=/etc/nginx/state-files/batch-api2.json;
	#!/usr/bin/env bash

	if [ "$EUID" -ne 0 ];then
	>&2 echo "This script requires root level access to run"
	exit 1
	fi

	if [ -z "${WORDPRESS_DB_PASSWORD}" ]; then
	>&2 echo "WORDPRESS_DB_PASSWORD must be set"
	>&2 echo "Here is a random one that you can paste:"
	upstream warehouse_inventory {
	zone inventory_service 64k;
	server 10.0.0.1:80;
	server 10.0.0.2:80;
	server 10.0.0.3:80;
	}

	upstream warehouse_pricing {
	zone pricing_service 64k;
	server 10.0.0.7:80;
	server {
	listen 80;

	location / {
	auth_request /_oauth2_token_introspection;
	proxy_pass http://my_backend;
	}

	location = /_oauth2_token_introspection {
	internal;
	ARG RELEASE=bookworm
	FROM debian:${RELEASE}-slim

	LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"

	# Define NGINX versions for NGINX Plus and NGINX Plus modules
	# Uncomment this block and the versioned nginxPackages block in the main RUN
	# instruction to install a specific release
	# ARG RELEASE
	# ENV NGINX_VERSION 31
	<!DOCTYPE html>
	<html>
	<head>
	<title>Banned</title>
	<style>
	body {
	width: 35em;
	margin: 0 auto;
	font-family: Tahoma, Verdana, Arial, sans-serif;
	}
	# This is the backend application we are protecting with OpenID Connect
	upstream cluster1-https {
	zone cluster1-https 256k;
	least_time last_byte;
	keepalive 16;
	#servers managed by NKL Controller
	state /var/lib/nginx/state/cluster1-https.state;
	}

	# Custom log format to include the 'sub' claim in the REMOTE_USER field
	# Builds NGINX from the QUIC+HTTP/3 development branch
	# - Based on the official NGINX docker image, including all modules built by default
	# - OpenSSL replaced with LibreSSL to support QUIC's TLS requirements (statically linked)
	#
	# docker build --no-cache -t nginx:quic .
	# docker run -d -p 443:443 -p 443:443/udp nginx:quic
	#
	# Note that a suitable configuration file and TLS certificates are required for testing!
	# See <https://quic.nginx.org/readme.html> for more info
	apiVersion: k8s.nginx.org/v1
	kind: VirtualServer
	metadata:
	name: app-ingress
	spec:
	host: app.example.com
	tls:
	secret: app-secret-ecc
	upstreams:
	- name: web-server-payload
	function parseCSKVpairs(cskvpairs, key) {
	if ( cskvpairs.length ) {
	var kvpairs = cskvpairs.split(',');
	for ( var i = 0; i < kvpairs.length; i++ ) {
	var kvpair = kvpairs[i].split('=');
	if ( kvpair[0].toUpperCase() == key ) {
	return kvpair[1];
	}
	}
	}
	js_import batch-api-min.js;

	# keyval_zone for APIs where the last portion of the URI is an argument
	# The key is the portion of the URL before the last part
	keyval_zone zone=batch_api:64k state=/etc/nginx/state-files/batch-api.json;
	keyval $uri_prefix $batch_api zone=batch_api;

	# keyval_zone for APIs where the last portion of the URI is an argument
	# The key is the URI
	keyval_zone zone=batch_api2:64k state=/etc/nginx/state-files/batch-api2.json;