11. Nginx and javascript module

1. Introduction

While Nodejs admits some javascript coding, Nginx has a javascript module that enables giving more security and flexibility to this web server (diagnostic logging, response filtering, custom authentication schemes...)

2. Installation

2.1 Try this installation (in Linux Mint does not work for me)

I have had problems installing Nginx javascript, so I had to reinstall Nginx using this site and this one.

#Install the prerequisites:
sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring

#Import an official nginx signing key so apt could verify the packages authenticity. Fetch the key:
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null

#Verify that the downloaded file contains the proper key:
gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
#The output should contain the full fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 as follows:
#
#pub   rsa2048 2011-08-19 [SC] [expires: 2024-06-14]
#      573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
#uid                      nginx signing key <signing-key@nginx.com>
#If the fingerprint is different, remove the file.

#To set up the apt repository for stable nginx packages, run the following command:
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list

#If you would like to use mainline nginx packages, run the following command instead:
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list

#Set up repository pinning to prefer our packages over distribution-provided ones:
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
    | sudo tee /etc/apt/preferences.d/99nginx

#To install nginx, run the following commands:
sudo apt update
sudo apt install nginx

#Now install javascript module
sudo apt install nginx-module-njs
sudo apt install nginx-module-njs-dbg

#Now reload Nginx
sudo service nginx restart



2.2 Try this installation if the previous does not work (for Linux Mint)
See Johnny Tordgeman simple and effective instructions

#1. Start by adding the NGINX PPA key by running:
curl -s https://nginx.org/keys/nginx_signing.key | sudo apt-key add -

#2. Setup the repository key by running:
sudo sh -c 'echo "deb http://nginx.org/packages/ubuntu/ focal nginx" >> /etc/apt/sources.list.d/nginx.list'

#3. Update the repository list by running
sudo apt update.

#4. Install NJS by running 
sudo apt install nginx-module-njs.
sudo apt install nginx-module-njs-dbg

#5. Now reload Nginx
sudo service nginx restart

3. Adjust the etc/nginx/nginx.conf file
Add these 2 lines to the top of the ect/nginx/nginx.conf file
load_module modules/ngx_http_js_module.so;
load_module modules/ngx_stream_js_module.so;

 
4. Adjusting the configuration 
In the last post we were using the file
/etc/nginx/sites-enabled/default
But this nginx version prefers using this file

/etc/nginx/conf.d/default.conf

So there are 2 exclusive options:
1) (NOT RECOMENDED!!!) Continue using the old file  
/etc/nginx/sites-enabled/default 
Edit the file /etc/nginx/nginx.conf and add the yellow backgrounded lines (see Fegno). 
user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*.conf;
    include /etc/nginx/sites-enabled/default;
}
2) Use the recomended file /etc/nginx/conf.d/default.conf instead. So copy the content of the file 
/etc/nginx/sites-enabled/default 
into the file
 /etc/nginx/conf.d/default.conf  . 
And NO MODIFY the /etc/nginx/nginx.conf file. 
Now reestart the nginx server:
sudo service nginx restart
and verify that the application works (in the browser navigate to https://localhost:9999/ )
 
5. Basic usage of njs (Nginx's javascript module) . DN encryption
You can follow this examples to learn more
"Extending NGIX with Custom Code"


1. Create a javascript file in the conf.d folder (for instance ximo.js). This file must include a function (for instance san(r) that receives the request parameter "r"). Take into account that this folders can only be modified "sudoing"
function reord_base (text) {
    let a=text
    let b=""
    const len=text.length
    for (let i = 0; i < len; i++) {
  	    let c=Math.floor(Math.random()*(len-i));
        b+= a.slice(c,c+1);
        a=a.slice(0,c)+a.slice(c+1)
    }
    return b
}

function reord (text ,base10, baseLess10) {
    let a=""
    let b=""
    const len=text.length
    const n10=Math.floor(len/10) // Number of groups of 10 characters
    
    for (let ii = 0; ii < n10 ; ii++) {
        a=text.slice(ii*10, (ii+1)*10)
        for (let i = 0; i < 10; i++) {
            let j=parseInt(base10.slice(i, i+1))
            b+= a.slice(j,j+1);
        }    
    }

    const jj=10*n10
    a=text.slice(jj, len)
    for (let i = 0; i < len-jj; i++) {
        let j=parseInt(baseLess10.slice(i, i+1))
        b+= a.slice(j,j+1);
    }
    return b
}

function unreord_base(text) {
    const len=text.length
    let b=""
    for (let i=0; i<len; i++){
        /* DOESN'T ACCEPT DOUBLE LOOPS !!!!
        for (j=0; j<len; j++) {
            if (i==parseInt(text.slice(j,j+1))) {
                b+=j.toString()
            }
        }*/
        b+=text.indexOf(i.toString())
    }
    return b
}


function san(r) {
    const a10="0123456789"
    const base10=reord_base (a10)
    
    
    const mydate=r.variables.date_gmt 
    const text = r.variables.ssl_client_s_dn + '!@' + mydate 
    
    const baseLess10a=reord_base(a10.slice(0,text.length%10))
    
    const encrya=reord (text ,base10, baseLess10a)
    const encrya64=btoa(encrya)

    const baseLess10b=reord_base(a10.slice(0,encrya64.length%10))
    
    const encryb=reord (encrya64 ,base10, baseLess10b)
    const encryb64=btoa(encryb)
    
    
    //==================================
    /*
    const base10u=unreord_base (base10)
    const baseLess10au=unreord_base(baseLess10a)
    const baseLess10bu=unreord_base(baseLess10b)
    
    const encrybu=atob(encryb64)
    const encrya64u=reord (encrybu ,base10u, baseLess10bu)
    const encryau=atob(encrya64u)
    const bou=reord (encryau ,base10u, baseLess10au)
    
    //======================================
    */
    //const encrypted=""+base10+"a"+baseLess10a+"b"+ baseLess10b+"c"+encryb64+          "d"+base10u+"e"+baseLess10au+"f"+baseLess10bu+bou
    const encripted=""+base10+"a"+baseLess10a+"b"+ baseLess10b+"c"+encryb64
    return encrypted
    
    
}

export default {san};    





2. In the conf.d folder, edit the file default.conf as follows. the marked lines are the lines to add to the file
#1. use the javascript file
js_path "/etc/nginx/conf.d/njs";
js_import main from ximo.js;

# OR js_import main from conf.d/njs/ximo.js;

#2. Create the variable $dnencr for the output of the function "san" in the ximo.js file
js_set $dnencr main.san;

#Example of using maps
map $args $newargs {
    default 0;
     ~^(?<prefix>.*&|)verify(?<suffix>=.*)$            ${prefix}ok$suffix;
}

server {
	listen 8081 default_server;
	
	listen [::]:8081 default_server;

	root /home/ximo/my-react-app;
	
	index index.html;

	server_name _;

	location / {
                try_files $uri $uri/  /index.html index.html =404;
	}
}

server {
	# SSL configuration
        listen 9999 ssl default_server;
	
	listen [::]:9999 ssl default_server;

	ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        #ssl_ciphers         AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
        
	ssl_certificate        /home/ximo/my-react-app/keystores/my_crt.pem;         ## 
    	ssl_certificate_key    /home/ximo/my-react-app/keystores/my_key.pem;         ## 
	ssl_client_certificate /home/ximo/my-react-app/keystores/cacert.pem;         ## CA Bundle
    	ssl_verify_client on;

        
	root /home/ximo/my-app05;

	#4. Define the access_log
	access_log /home/ximo/log/nginx.access.log allheaders;

        index index.html;

	server_name _;
	#error_log /home/ximo/log/nginx_log debug;

	location / {
		try_files $uri $uri/  /index.html =404;  #VA
	}
	location = /login {
	    

	# 4. Use the variable   
        if ($arg_dnencr = "") {
             rewrite ^ /login?dnencr=$dnencr redirect;
        }
   
        try_files /index.html =404;
        }
}	



3. Restart server
sudo service nginx restart
and verify that the application works (in the browser navigate to https://localhost:9999/ )



Comentarios

Publicar un comentario

Entradas populares de este blog

15. Next.js Tutorial (2). Fetching data. Async functions getStaticProps, getServerSideProps, getStaticPaths

Imagen
 1. Fetching data at the beginning of the application In the index.tsx (index.ts) you can use one of these 2 asyncfunctions: getStaticProps()  which works in client-side pre-rendering and the content is reused. So only one call is made, and it is made at build time . This is quicker. getServerSideProps()  that works on the server-side rendering and every call can produce different results as data changes. Use only if you need to render a page whose data must be fetched at request time such as authorization. //export async function getStaticProps() { / / only on pre-rendering export async function getServerSideProps ( ) { // only on server side rendering const allPostsData = getSortedPostsData ( ) ; return { props : { allPostsData , } , } ; } export default function Home ( { allPostsData } : { allPostsData : PostData [ ] } ) { return ( < Layout home > . . . . . . . Do not use API route inside getServ...
Leer más

14. Next.js Tutorial (1)

 1. Introduction. (No Next.js) Basic example. Load React, React-Dom, and Bable from unpkg.com !-- index . html --> < html > < body > < div id = "app" > </ div > <!-- React--> < script src = "https://unpkg.com/react@17/umd/react.development.js" > </ script > <!-- React-DOM --> < script src = "https://unpkg.com/react-dom@17/umd/react-dom.development.js" > </ script > <!-- Babel Script --> < script src = "https://unpkg.com/@babel/standalone/babel.min.js" > </ script > <!--script type="text/javascript"--> < script type = "text/jsx" > const app = document . getElementById ( ' app ' ) ; ReactDOM . render ( < h1 > Develop . Preview . Ship . < / h1 > , app ) ; </ script > </ body > </ html > Three dependencies are enclo...
Leer más

10. React deployment on Nginx (5). Passing client certificate DN to react client

Imagen
 0. Nginx installation #------------------------------------------------------ # INSTALLATION # @see Mohammad Faisal #------------------------------------------------------ #1. Install nginx sudo apt-get update sudo apt-get install nginx #2. verify installation sudo nginx -v #------------------------------------------------------ # STARTUP SETTINGS #------------------------------------------------------ #start Nginx when server restarts sudo systemctl enable nginx #only for checking if nginx is running systemctl status nginx Now, change the local port (for instance to 8081) if you have another server (apache) in port 80 sudo nano /etc/nginx/sites-available/default ( OLD VERSIONS of NGINX !!! ) In newer versions of nginx use this file instead sudo nano /etc/nginx/conf.d/default.conf and edit the port from 80 to 8081 and also change the root from /var/www/html   to another folder like /home/ximo/my-react-app , but to avoid router probl...
Leer más