Server-Side IntegrationNGINX - C Module

Module Configuration

Required NGINX Configuration

The following NGINX configurations are required to support the HUMAN NGINX C-Core module:

Resolver

The Resolver directive must be configured in the HTTP section of your NGINX configuration.

  • Set the resolver, resolver A.B.C.D;, to an external DNS resolver, such as Google (resolver 8.8.8.8;),

or

  • Set the resolver, resolver A.B.C.D;, to the internal IP address of your DNS resolver (resolver 10.1.1.1;).

This is required for NGINX to resolve the HUMAN API.

Required HUMAN Module Configuration

The following parameters are mandatory:

  • px_enabled
  • px_appId
  • px_cookie_secret
  • px_auth_token
$-- ## Required Parameters ##
>px_enabled true;
>px_appId "<PX_APP_ID>";
>px_auth_token "<PX_AUTH_TOKEN>";
>px_cookie_secret "<COOKIE_ENCRYPTION_KEY>";

  • px_appId - The HUMAN custom application id in the format of HUMAN**__** .
  • px_cookie_secret - The key used by the cookie signing page. The Cookie Key is generated in the HUMAN PortalPolicy page.
  • px_auth_token - The JWT token for REST API. The Authentication Token is generated in HUMAN PortalApplication page.

nginx.conf Example

The following nginx.conf example contains the minimum required configuration for the HUMAN NGINX C-Core module:

$worker_processes  auto;
>
>load_module /usr/lib/nginx/modules/ngx_http_pxnginx_module.so;
>thread_pool px_pool threads=10;
>
>error_log /var/log/nginx/error.log info;
>events {
>    worker_connections 1024;
>}
>
>http {
>    real_ip_header X-Forwarded-For;
>    resolver 8.8.8.8;
>
>    server {
>        listen 80;
>        listen [::]:80;
>
>        px_enabled true;
>        px_appId "<PX_APP_ID>";
>        px_auth_token "<PX_AUTH_TOKEN>";
>        px_cookie_secret "<COOKIE_ENCRYPTION_KEY>";
>
>        location / {
>            root   /nginx/www;
>            index  index.html;
>        }
>    }
>}

Using ’$’ character in Nginx configuration.

$ (dollar) character has a special meaning in Nginx configuration (it serves as the variable name prefix). 

In order to use ’$’ character in Enforcer configuration (such as RegEx values), this character must be escaped using the following workaround:

1geo $dollar {
2    default "$";
3}
4
5http {
6    ...
7    server {
8       ...
9       px_filter_by_domain "img\.example\.com$dollar|docs\.example\.com$dollar";
10       ...

In this example we want to add attheendofeachitem(img.example.com at the end of each item (**img\\.example\\.com), but as we need to escape ,thentheescapedstringwilllooklikethis:img.example.com, then the escaped string will look like this: **img\\.example\\.comdollar