For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
HUMAN DashboardHUMAN WebsiteRequest a Demo
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
  • General
    • About Enforcers
    • Support first-party HUMAN calls
    • Troubleshoot Enforcer configurations
  • Enforcer frameworks
    • Akamai ESI
    • Apache - C Module
    • ASP.NET
    • Callout Enforcer
    • Envoy Proxy
    • F5 BIGIP
    • Fastly JavaScript Compute@Edge
    • Google Cloud Platform (GCP) Callout Enforcer
    • Kong Plugin
    • NGINX - C Module
      • NGINX changelog
      • Supported Features
      • Installation
      • Module Configuration
      • Configuration Options
      • Enrichment
      • First Party Configuration
      • Nginx Docker Image
      • Ingress NGINX Controller with HUMAN Enforcer
    • NGINX - LUA Module
    • PHP
    • Python
    • Ruby
    • Salesforce Commerce Cloud Cartridge
LogoLogo
Login
Login
HUMAN DashboardHUMAN WebsiteRequest a Demo
On this page
  • Required NGINX Configuration
  • Resolver
  • Required HUMAN Module Configuration
  • nginx.conf Example
  • Using ’$’ character in Nginx configuration.
Enforcer frameworksNGINX - C Module

Module Configuration

Was this page helpful?
Previous

Configuration Options

Next
Built with

Required NGINX Configuration

The following NGINX configurations are required to support the HUMAN NGINX C-Core module:

Resolver

The Resolver directive must be configured in the HTTP section of your NGINX configuration.

  • Set the resolver, resolver A.B.C.D;, to an external DNS resolver, such as Google (resolver 8.8.8.8;),

or

  • Set the resolver, resolver A.B.C.D;, to the internal IP address of your DNS resolver (resolver 10.1.1.1;).

This is required for NGINX to resolve the HUMAN API.

Required HUMAN Module Configuration

The following parameters are mandatory:

  • px_enabled
  • px_appId
  • px_cookie_secret
  • px_auth_token
$-- ## Required Parameters ##
$px_enabled true;
$px_appId "<PX_APP_ID>";
$px_auth_token "<PX_AUTH_TOKEN>";
$px_cookie_secret "<COOKIE_ENCRYPTION_KEY>";

  • px_appId - The HUMAN custom application id in the format of HUMAN**__** .
  • px_cookie_secret - The key used by the cookie signing page. The Cookie Key is generated in the HUMAN PortalPolicy page.
  • px_auth_token - The JWT token for REST API. The Authentication Token is generated in HUMAN PortalApplication page.

nginx.conf Example

The following nginx.conf example contains the minimum required configuration for the HUMAN NGINX C-Core module:

$worker_processes  auto;
$
$load_module /usr/lib/nginx/modules/ngx_http_pxnginx_module.so;
$thread_pool px_pool threads=10;
$
$error_log /var/log/nginx/error.log info;
$events {
>    worker_connections 1024;
>}
$
$http {
>    real_ip_header X-Forwarded-For;
>    resolver 8.8.8.8;
>
>    server {
>        listen 80;
>        listen [::]:80;
>
>        px_enabled true;
>        px_appId "<PX_APP_ID>";
>        px_auth_token "<PX_AUTH_TOKEN>";
>        px_cookie_secret "<COOKIE_ENCRYPTION_KEY>";
>
>        location / {
>            root   /nginx/www;
>            index  index.html;
>        }
>    }
>}

Using ’$’ character in Nginx configuration.

$ (dollar) character has a special meaning in Nginx configuration (it serves as the variable name prefix). 

In order to use ’$’ character in Enforcer configuration (such as RegEx values), this character must be escaped using the following workaround:

1geo $dollar {
2    default "$";
3}
4
5http {
6    ...
7    server {
8       ...
9       px_filter_by_domain "img\.example\.com$dollar|docs\.example\.com$dollar";
10       ...

In this example we want to add attheendofeachitem(∗∗img.example.com at the end of each item (**img\\.example\\.comattheendofeachitem(∗∗img.example.com), but as we need to escape ,thentheescapedstringwilllooklikethis:∗∗img.example.com, then the escaped string will look like this: **img\\.example\\.com,thentheescapedstringwilllooklikethis:∗∗img.example.comdollar