这是indexloc提供的服务,不要输入任何密码
Skip to content

u5surf/nginx-sxg-module

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
.github/workflows
.github/workflows
 
 
accept_corpus
accept_corpus
 
 
packaging
packaging
 
 
params_corpus
params_corpus
 
 
preload_corpus
preload_corpus
 
 
terms_corpus
terms_corpus
 
 
testdata
testdata
 
 
.clang-format
.clang-format
 
 
.cmake-format.yaml
.cmake-format.yaml
 
 
CMakeLists.txt
CMakeLists.txt
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
accept_parser_dict.txt
accept_parser_dict.txt
 
 
accept_parser_fuzzer.cc
accept_parser_fuzzer.cc
 
 
config
config
 
 
get_term_length_dict.txt
get_term_length_dict.txt
 
 
get_term_length_fuzzer.cc
get_term_length_fuzzer.cc
 
 
ngx_http_sxg_filter_module.c
ngx_http_sxg_filter_module.c
 
 
ngx_sxg_utils.c
ngx_sxg_utils.c
 
 
ngx_sxg_utils.h
ngx_sxg_utils.h
 
 
ngx_sxg_utils_test.cc
ngx_sxg_utils_test.cc
 
 
param_is_preload_dict.txt
param_is_preload_dict.txt
 
 
param_is_preload_fuzzer.cc
param_is_preload_fuzzer.cc
 
 

Repository files navigation

NGINX SXG extension

Signed HTTP Exchange(SXG) support for nginx. Nginx will convert response from upstream application into SXG, only for clients request on Accept: application/signed-exchane;v=b3 with highest qvalue.

Configuration

Nginx-SXG module requires configuration on nginx.

Directives

sxg

Activation flag of SXG module.

  • on: Enable this plugin.
  • off: Disable this plugin.

Default value is off.

sxg_certificate

Full path for the certificate file. The certificate requires all of the conditions below to match.

  • Has CanSignHttpExchanges extension.
  • Uses ECDSA256 or ECDSA384.

This directive is always required.

sxg_certificate_key

Full path for the private key for the certificate.

This directive is always required.

sxg_cert_url

URL for CBOR encoded certificate file. The protocol must be https.

This directive is always required.

sxg_validity_url

URL for the validity information file. It must be https and must be the same origin with the website.

This directive is always required.

sxg_max_payload

Maximum HTTP body size this module can generate SXG from. Default value is 67108864(64MiB).

Config Example

load_module "modules/ngx_http_sxg_filter_module.so";

http {
    upstream app {
        server 127.0.0.1:3000;
    }
    include       mime.types;
    default_type  application/octet-stream;
    subrequest_output_buffer_size   4096k;

    server {
        listen    80;
        server_name  example.com;

        sxg on;
        sxg_certificate     /path/to/certificate-ecdsa.pem;
        sxg_certificate_key /path/to/private-key-ecdsa.key;
        sxg_cert_url        https://cdn.test.com/example.com.cert.cbor;
        sxg_validity_url    https://example.com/validity/resource.msg;

        location / {
            proxy_pass http://app;
        }
    }
}

About

NGINX SXG module

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

27 tags

Packages

No packages published

Languages

  • C 73.4%
  • C++ 12.0%
  • Shell 7.3%
  • CMake 4.2%
  • Dockerfile 2.9%
  • HTML 0.2%