|
8 | 8 | To collect comprehensive metrics for NGINX Plus -- including bytes streamed, information about upstream systems and caches, and counts of all HTTP status codes -- add the following to your NGINX Plus configuration file (for example, `/etc/nginx/nginx.conf` or an included file): |
9 | 9 |
|
10 | 10 | ```nginx |
11 | | -# Server block for enabling the NGINX Plus API and dashboard |
12 | | -# |
13 | | -# This block requires NGINX Plus. It turns on the API in write mode |
14 | | -# and serves the built-in dashboard for monitoring. |
| 11 | +# This block: |
| 12 | +# - Enables the read-write NGINX Plus API under /api/ |
| 13 | +# - Serves the built-in dashboard at /dashboard.html |
| 14 | +# - Restricts write methods (POST, PATCH, DELETE) to authenticated users |
| 15 | +# and a specified IP range |
15 | 16 | # Change the listen port if 9000 conflicts; 8080 is the conventional API port. |
16 | | -# For production, secure the API with TLS and limit access by IP or auth. |
17 | 17 | server { |
18 | | - # Listen for API and dashboard traffic |
19 | | - listen 9000 default_server; |
20 | | - server_name localhost; |
| 18 | + # Listen on port 9000 for API and dashboard traffic |
| 19 | + listen 9000 default_server; |
21 | 20 |
|
22 | | - # Handle API calls under /api/ in read-write mode |
| 21 | + # Respond to requests for this server name |
| 22 | + server_name localhost; |
| 23 | +
|
| 24 | + # Handle API calls under /api/ |
23 | 25 | location /api/ { |
| 26 | + # Enable write operations (POST, PATCH, DELETE) |
24 | 27 | api write=on; |
| 28 | +
|
| 29 | + # Allow GET requests from any IP |
| 30 | + allow 0.0.0.0/0; |
| 31 | + # Deny all other requests by default |
| 32 | + deny all; |
| 33 | +
|
| 34 | + # For methods other than GET, require auth and restrict to a network |
| 35 | + limit_except GET { |
| 36 | + # Prompt for credentials with this realm |
| 37 | + auth_basic "NGINX Plus API"; |
| 38 | + # Path to the file with usernames and passwords |
| 39 | + auth_basic_user_file /etc/nginx/conf.d/api.htpasswd; |
| 40 | +
|
| 41 | + # Allow only this example IP range (replace with your own) |
| 42 | + allow 192.0.2.0/24; |
| 43 | + # Deny all other IPs |
| 44 | + deny all; |
| 45 | + } |
25 | 46 | } |
26 | 47 |
|
27 | 48 | # Serve the dashboard page at /dashboard.html |
28 | 49 | location = /dashboard.html { |
| 50 | + # Files are located under this directory |
29 | 51 | root /usr/share/nginx/html; |
30 | 52 | } |
31 | 53 |
|
32 | | - # Redirect any request to the root path “/” to the dashboard |
| 54 | + # Redirect any request for / to the dashboard |
33 | 55 | location / { |
34 | 56 | return 301 /dashboard.html; |
35 | 57 | } |
36 | 58 | } |
37 | 59 | ``` |
38 | 60 |
|
39 | | -For more details, see the [NGINX Plus API module documentation](https://nginx.org/en/docs/http/ngx_http_api_module.html). |
| 61 | +For more details, see the [NGINX Plus API module documentation](https://nginx.org/en/docs/http/ngx_http_api_module.html) and [Configuring the NGINX Plus API]({{< ref “nginx/admin-guide/monitoring/live-activity-monitoring.md#configuring-the-api” >}}). |
40 | 62 |
|
41 | | -After saving the changes, reload NGINX to apply the new configuration: |
| 63 | +After saving the changes, reload NGINX: |
42 | 64 |
|
43 | 65 | ```shell |
44 | 66 | nginx -s reload |
|
0 commit comments