Skip to content

Commit f3bcfc9

Browse files
fabriziofioruccifabriziofiorucci
authored
4.2.7 (#56)
* 20240503-01 usage updated * 20240503-01 * 20240503-01 * 20240503-02 * 20240503-02 * 20240502-05 commit Serverside mTLS authentication * 20240502-06 commit Serverside mTLS authentication * 20240502-07 commit Serverside mTLS authentication * 20240509-01 commit Postman collection updated FEATURES updated
1 parent b4fc44d commit f3bcfc9

File tree

10 files changed

+525
-347
lines changed

10 files changed

+525
-347
lines changed

.gitignore

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,8 +20,8 @@ Thumbs.db
2020
=======
2121
/.idea/
2222
/src/__pycache__/
23-
/src/v4_0/__pycache__/
2423
/src/v4_1/__pycache__/
2524
/src/v4_2/__pycache__/
25+
/src/v4_3/__pycache__/
2626
/contrib/devportal/redocly/src/__pycache__/
2727
/venv/

FEATURES.md

Lines changed: 30 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -2,21 +2,21 @@
22

33
### NGINX `http` and `stream` servers
44

5-
| Feature | API v4.1 | API v4.2 | Notes |
6-
|-----------------------------|-----------|----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
7-
| Upstreams | CRUD | CRUD | <li>Snippets supported: static and from source of truth</li> |
8-
| HTTP servers | CRUD | CRUD | <li>Snippets supported (`http`, `servers`, `locations`): static and from source of truth</li> |
9-
| TCP/UDP servers | CRUD | CRUD | <li>Snippets supported (`streams`, `servers`): static and from source of truth</li> |
10-
| TLS | CRUD | CRUD | <li>Certificates and keys can be dynamically fetched from source of truth</li> |
11-
| Client authentication | X | X | See [client authentication profiles](#Client-authentication-profiles) |
12-
| Server authentication | X | X | See [server authentication profiles](#Upstream-and-Source-of-truth-authentication-profiles) |
13-
| Rate limiting | X | X | |
14-
| Active healthchecks | X | X | |
15-
| Cookie-based stickiness | X | X | |
16-
| HTTP headers manipulation | | X | <li>To server: set, delete</li><li>To client: add, delete, replace</li> |
17-
| Maps | X | X | |
18-
| NGINX Plus REST API access | X | X | |
19-
| NGINX App Protect WAF | X | X | <li>Per-policy CRUD at `server` and `location` level</li><li>Support for dataplane-based bundle compilation</li><li>Security policies can be fetched from source of truth</li> |
5+
| Feature | API v4.1 | API v4.2 | Notes |
6+
|----------------------------|-----------|----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
7+
| Upstreams | CRUD | CRUD | <li>Snippets supported: static and from source of truth</li> |
8+
| HTTP servers | CRUD | CRUD | <li>Snippets supported (`http`, `servers`, `locations`): static and from source of truth</li> |
9+
| TCP/UDP servers | CRUD | CRUD | <li>Snippets supported (`streams`, `servers`): static and from source of truth</li> |
10+
| TLS | CRUD | CRUD | <li>Certificates and keys can be dynamically fetched from source of truth</li> |
11+
| Client authentication | X | X | See [client authentication](#Client-authentication) |
12+
| Upstream authentication | X | X | See [upstream and Source of truth authentication](#Upstream-and-Source-of-truth-authentication) |
13+
| Rate limiting | X | X | |
14+
| Active healthchecks | X | X | |
15+
| Cookie-based stickiness | X | X | |
16+
| HTTP headers manipulation | | X | <li>To server: set, delete</li><li>To client: add, delete, replace</li> |
17+
| Maps | X | X | |
18+
| NGINX Plus REST API access | X | X | |
19+
| NGINX App Protect WAF | X | X | <li>Per-policy CRUD at `server` and `location` level</li><li>Support for dataplane-based bundle compilation</li><li>Security policies can be fetched from source of truth</li> |
2020

2121
### API Gateway
2222

@@ -120,6 +120,7 @@ Client-side authorization profiles to be defined under `.declaration.http.author
120120
| Bearer token | Authentication token as Authorization Bearer | X | X | `Bearer` Authorization header is injected in requests to upstreams and source of truth |
121121
| Basic Auth | Authentication token as Authorization Basic | | X | `Basic` Authorization header is injected in requests to upstreams and source of truth |
122122
| HTTP header | Authentication token in custom HTTP header | X | X | HTTP header is injected in requests to upstreams and source of truth |
123+
| mTLS | Mutual TLS | X | X | Client certificate is sent to upstream / source of truth |
123124

124125
#### Examples
125126

@@ -166,6 +167,20 @@ Server-side authentication profiles to be defined under `.declaration.http.authe
166167
}
167168
```
168169

170+
- mTLS authentication profile
171+
172+
```json
173+
"server": [
174+
{
175+
"name": "<PROFILE_NAME>",
176+
"type": "mtls",
177+
"mtls": {
178+
"certificate": "<CLIENT_CERTIFICATE>",
179+
"key": "<CLIENT_KEY>"
180+
}
181+
}
182+
```
183+
169184
### HTTP Headers manipulation
170185

171186
| Type | API v4.1 | API v4.2 | Notes |

0 commit comments

Comments
 (0)