Announcing NGINX Plus R24

Home   »   Announcing NGINX Plus R24

map $scheme $secure_flag {
    http  '';
    https 'Secure';
}

server {
    #...
    location / {
        proxy_cookie_flags appcookie HttpOnly SameSite=strict $secure_flag;
        proxy_pass http://my_backend;
    }
}

# vim: syntax=nginx
function jar(r) {
    // Replace Set-Cookie response headers with an opaque reference
    if (r.headersOut['Set-Cookie'].length) {
        var kvs = [];
        r.headersOut['Set-Cookie'].forEach(c => kvs.push(c.split(';')[0])); // Omit cookie flags
        r.variables.new_session = kvs.join('; '); // Store in keyval cookie jar
        r.headersOut['Set-Cookie'] = "session=" + r.variables.request_id + "; SameSite=Lax";
    }
}

export default { jar }
var response = "";

function maskAwsKeys(r, data, flags) {
    response += data; // Collect the entire response,
    if (flags.last) { //  until we get the last byte.
        var masked = response.replace(/([^A-Z0-9]|^)(AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)([A-Z0-9]{12,})/g,
            function ($0, $1) {
                return $1 + (new Array($0.length).join('*'));
            }
        );
        r.sendBuffer(masked, flags);
    }
}

export default { maskAwsKeys }
location /private/ {
    auth_jwt          "Private";
    auth_jwt_type     encrypted;
    auth_jwt_key_file conf/api_secret.jwk;

    proxy_pass http://my_backend;
    }

# vim: syntax=nginx
upstream my_backend {
    zone my_backend 64k;
    server 10.0.0.1;
    server 10.0.0.2;
}

server {
    #...
    location / {
        proxy_pass http://my_backend;
        health_check mandatory persistent;
     }
}

# vim: syntax=nginx
js_import conf.d/cookies.js;

keyval_zone zone=cookie_jar:16M;
keyval $cookie_session $cookies zone=cookie_jar;
keyval $request_id $new_session zone=cookie_jar;

server {
    listen 80;

    location / {
        proxy_pass http://my_backend;
        proxy_set_header Cookie $cookies; # Replace reference cookie with original
        js_header_filter cookies.jar;     # Intercept and replace Set-Cookie
    }
}

# vim: syntax=nginx
js_import conf.d/filter.js;

server {
    listen 80;
    location / {
        proxy_pass http://my_backend;
        js_body_filter filter.maskAwsKeys;
    }
}

# vim: syntax=nginx
stream {
    js_import stream.js;

    server {
        listen 3306; # MySQL default port

        js_access  stream.access;
        proxy_pass mysql_backend;
    }
}

# vim: syntax=nginx

Leave a Reply

Your email address will not be published. Required fields are marked *