curl -H "X-Padding: $(jot -ns '' -b X 1400)" 'http://localhost:9000/#[0-9]'
I am super excited about this new release! On October 19th 2021 NGINX launched the latest version of NGINX njs 0.7.0.
This represents a significant step forward for njs and introduces highly anticipated features and functionality including support for the ECMAScript6 (ES6) feature async/await
and the implementation of the webcrypto API. In this post, we’ll explore these aspects in more detail, starting with async/await
and Promises
. Once these concepts are understood, we’ll then dig into the webcrypto functionality.
Let’s get started!
absolute_redirect | |
accept_mutex | |
accept_mutex_delay | |
access_log | |
access_log | |
add_after_body | |
add_before_body | |
add_header | |
add_trailer | |
addition_types |
This is a complete demo of 2 different cookie security techniques:
- Cookie jar - NGINX Plus stores new cookies in the key-value store and issues the client an opaque reference to access them
- Signed cookies - NGINX creates signatures for all new cookies and validates that presented cookies match the signature
Requires NGINX Plus with JavaScript module (njs 0.5.1+)
#!/usr/bin/perl | |
use Crypt::JWT; | |
use Crypt::Misc; | |
use Data::Dumper; | |
$Data::Dumper::Terse = 1; | |
# specify the key to encrypt payload and produce tag - it should match enc algorithm used | |
# In our case for a A128CBC-HS256 key we need 256bit base64u encoded key-string. |
sub copy_file($) { | |
my ($name) = @_; | |
my $srcdir; | |
if (defined $ENV{TEST_NGINX_SRC}) { | |
$srcdir = $ENV{TEST_NGINX_SRC}; | |
} else { | |
$srcdir = "."; | |
} |
Requirement is for NGINX Plus to back off and stop sending new connections to an upstream node if the network utilization for that node exceeds a given threshhold.
Create a simple HTTP-accessible script that runs on each upstream node. Script returns 200 OK
(HTTP status code) if
node is not overloaded, and 503 Too Busy
if node is overloaded.
function auth(r) { | |
r.subrequest("/auth2", {}, reply => { | |
var header = reply.headersOut['WWW-Authenticate']; | |
r.log(header); | |
var nonce = header.match(/(nonce=")(.*?)(?=")/i); |
server { | |
listen 80; | |
server_name lev-fos-bayern.de www.lev-fos-bayern.de; | |
location / { | |
rewrite ^ https://www.lev-fos-bayern.de$request_uri? permanent; | |
} |
fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=fcgicache:100m inactive=60m; | |
fastcgi_cache_key "$scheme$request_method$host$request_uri"; | |
server { | |
listen 443 ssl http2; | |
server_name www.lev-fos-bayern.de; | |
****** | |
gzip on; | |
gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css; |