-
Notifications
You must be signed in to change notification settings - Fork 5
/
nginx-plus-api.conf
101 lines (88 loc) · 3.93 KB
/
nginx-plus-api.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# This sample NGINX Plus configuration enables the NGINX Plus API, for live
# activity monitoring and the built-in dashboard, dynamic configuration of
# upstream groups, and key-value stores. Keep in mind that any features
# added to the API in future NGINX Plus releases will be enabled
# automatically by this file.
# Created in May 2018 by NGINX, Inc. for NGINX Plus R14 and later.
# Documentation:
# https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring/
# https://www.nginx.com/blog/live-activity-monitoring-nginx-plus-3-simple-steps
# To conform with the conventional configuration scheme, place this file in
# the /etc/nginx/conf.d directory and add an 'include' directive that
# references it in the main configuration file, /etc/nginx/nginx.conf,
# either by name or with a wildcard expression. Then validate and reload
# the configuration, for example with this command:
#
# nginx -t && nginx -s reload
# Note that additional directives are required in other parts of the
# configuration:
#
# For metrics to be gathered for an HTTP or TCP/UDP virtual server, you must
# include the 'status_zone' directive in its 'server' block. See:
# http://nginx.org/r/status_zone
#
# Similarly, for metrics to be gathered for an upstream server group, you
# must include the 'zone' directive in the 'upstream' block. See:
# http://nginx.org/r/zone
#
# For more information and instructions, see:
# https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring#status_data
# We strongly recommend that you restrict access to the NGINX Plus API so
# that only authorized users can view metrics and configuration, change
# configuration, or both. Here are a few options:
#
# (1) Configure your firewall to limit access to port 8080.
#
# (2) Use SSL/TLS client certificates. See:
# https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/
#
# (3) Enable HTTP Basic authentication (RFC 7617) by uncommenting the
# 'auth_basic*' directives in the 'server' block below. You can add users
# with an htpasswd generator, which is readily available, or reuse an
# existing htpasswd file (from an Apache HTTP Server, for example). See:
# http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
#
# (4) Enable access from a defined network and disable it from all others,
# by uncommenting the 'allow' and 'deny' directives in the 'server' block
# below and specifying the appropriate network ranges. See:
# http://nginx.org/en/docs/http/ngx_http_access_module.html
#
# You can create further restrictions on write operations, to distinguish
# between users with read permission and those who can change configuration.
# Uncomment the sample 'limit_except' directive in the 'location api'
# block below. In addition to the HTTP Basic authentication shown, other
# authentication schemes are supported. See:
# http://nginx.org/r/limit_except
server {
# Conventional port for the NGINX Plus API is 8080
listen 8080;
# Uncomment to use HTTP Basic authentication; see (3) above
#auth_basic "NGINX Plus API";
#auth_basic_user_file /etc/nginx/users;
# Uncomment to use permissions based on IP address; see (4) above
#allow 10.0.0.0/8;
#deny all;
# Conventional location for accessing the NGINX Plus API
location /api/ {
# Enable in read-write mode
api write=on;
# Uncomment to further restrict write permissions; see note above
#limit_except GET {
#auth_basic "NGINX Plus API";
#auth_basic_user_file /etc/nginx/admins;
#}
}
# Conventional location of the NGINX Plus dashboard
location = /dashboard.html {
root /usr/share/nginx/html;
}
# Redirect requests for "/" to "/dashboard.html"
location / {
return 301 /dashboard.html;
}
# Redirect requests for pre-R14 dashboard
location /status.html {
return 301 /dashboard.html;
}
}
# vim: syntax=nginx