Product guides

Module Configuration

Suggest Edits

Required NGINX Configuration

The following NGINX configurations are required to support the HUMAN NGINX C-Core module:

Resolver

The Resolver directive must be configured in the HTTP section of your NGINX configuration.

  • Set the resolver, resolver A.B.C.D;, to an external DNS resolver, such as Google (resolver 8.8.8.8;),

or

  • Set the resolver, resolver A.B.C.D;, to the internal IP address of your DNS resolver (resolver 10.1.1.1;).

This is required for NGINX to resolve the HUMAN API.

Required HUMAN Module Configuration

The following parameters are mandatory:

  • px_enabled
  • px_appId
  • px_cookie_secret
  • px_auth_token
-- ## Required Parameters ##
px_enabled true;
px_appId "<PX_APP_ID>";
px_auth_token "<PX_AUTH_TOKEN>";
px_cookie_secret "<COOKIE_ENCRYPTION_KEY>";

  • px_appId - The HUMAN custom application id in the format of HUMAN__ .
  • px_cookie_secret - The key used by the cookie signing page. The Cookie Key is generated in the HUMAN PortalPolicy page.
  • px_auth_token - The JWT token for REST API. The Authentication Token is generated in HUMAN PortalApplication page.

nginx.conf Example

The following nginx.conf example contains the minimum required configuration for the HUMAN NGINX C-Core module:

worker_processes  auto;

load_module /usr/lib/nginx/modules/ngx_http_pxnginx_module.so;
thread_pool px_pool threads=10;

error_log /var/log/nginx/error.log info;
events {
    worker_connections 1024;
}

http {
    real_ip_header X-Forwarded-For;
    resolver 8.8.8.8;

    server {
        listen 80;
        listen [::]:80;

        px_enabled true;
        px_appId "<PX_APP_ID>";
        px_auth_token "<PX_AUTH_TOKEN>";
        px_cookie_secret "<COOKIE_ENCRYPTION_KEY>";

        location / {
            root   /nginx/www;
            index  index.html;
        }
    }
}

Using '$' character in Nginx configuration.

$ (dollar) character has a special meaning in Nginx configuration (it serves as the variable name prefix). 

In order to use '$' character in Enforcer configuration (such as RegEx values), this character must be escaped using the following workaround:

geo $dollar {
    default "$";
}

http {
    ...
    server {
       ...
       px_filter_by_domain "img\.example\.com$dollar|docs\.example\.com$dollar";
       ...

In this example we want to add $ at the end of each item (img\.example\.com$), but as we need to escape $, then the escaped string will look like this: img\.example\.com$dollar

Updated 12 days ago