Contents x
    Module Configuration
    • 14 Nov 2023
    • Print
    • Dark
      Light
    Contents

    Module Configuration

    • Updated on 14 Nov 2023
    • Print
    • Dark
      Light
    Article Summary

    Required NGINX Configuration

    The following NGINX configurations are required to support the HUMAN NGINX C-Core module:

    Resolver

    The Resolver directive must be configured in the HTTP section of your NGINX configuration.

    • Set the resolver, resolver A.B.C.D;, to an external DNS resolver, such as Google (resolver 8.8.8.8;),

    or

    • Set the resolver, resolver A.B.C.D;, to the internal IP address of your DNS resolver (resolver 10.1.1.1;).

    This is required for NGINX to resolve the HUMAN API.

    Required HUMAN Module Configuration

    The following parameters are mandatory:

    • px_enabled
    • px_appId
    • px_cookie_secret
    • px_auth_token
    -- ## Required Parameters ##
px_enabled true;
px_appId "<PX_APP_ID>";
px_auth_token "<PX_AUTH_TOKEN>";
px_cookie_secret "<COOKIE_ENCRYPTION_KEY>";
    • px_appId - The HUMAN custom application id in the format of HUMAN__ .
    • px_cookie_secret - The key used by the cookie signing page. The Cookie Key is generated in the HUMAN PortalPolicy page.
    • px_auth_token - The JWT token for REST API. The Authentication Token is generated in HUMAN PortalApplication page.

    nginx.conf Example

    The following nginx.conf example contains the minimum required configuration for the HUMAN NGINX C-Core module:

    worker_processes  auto;

load_module /usr/lib/nginx/modules/ngx_http_pxnginx_module.so;
thread_pool px_pool threads=10;

error_log /var/log/nginx/error.log info;
events {
    worker_connections 1024;
}

http {
    real_ip_header X-Forwarded-For;
    resolver 8.8.8.8;

    server {
        listen 80;
        listen [::]:80;

        px_enabled true;
        px_appId "<PX_APP_ID>";
        px_auth_token "<PX_AUTH_TOKEN>";
        px_cookie_secret "<COOKIE_ENCRYPTION_KEY>";

        location / {
            root   /nginx/www;
            index  index.html;
        }
    }
}


    Using '$' character in Nginx configuration.

    $ (dollar) character has a special meaning in Nginx configuration (it serves as the variable name prefix). 

    In order to use '$' character in Enforcer configuration (such as RegEx values), this character must be escaped using the following workaround:

    geo $dollar {
    default "$";
}

http {
    ...
    server {
       ...
       px_filter_by_domain "img\.example\.com$dollar|docs\.example\.com$dollar";
       ...

    In this example we want to add $ at the end of each item (img\.example\.com$), but as we need to escape $, then the escaped string will look like this: img\.example\.com$dollar

    Was this article helpful?
    What's Next