Skip to content

Updated the config snippet for enabling the NGINX Plus API and dashboard #739

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Jun 25, 2025
Merged

Updated the config snippet for enabling the NGINX Plus API and dashboard #739

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
c67d692
updated the nginx config snippet for enabling the NGINX Plus API and …
travisamartin Jun 25, 2025
134158b
edits
travisamartin Jun 25, 2025
07f8d78
Update content/includes/use-cases/monitoring/enable-nginx-plus-api.md
travisamartin Jun 25, 2025
31957a5
edits per tech review
travisamartin Jun 25, 2025
a327b2c
Merge branch 'main' into enable-nplus-api-dashboard-edits
travisamartin Jun 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 42 additions & 0 deletions content/includes/config-snippets/enable-nplus-api-dashboard.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
---
docs:
files:
- content/nginx-one/workshops/lab5/upgrade-nginx-plus-to-latest-version.md
- content/includes/use-cases/monitoring/enable-nginx-plus-api.md
---

```nginx
# This block enables the NGINX Plus API and dashboard
# For configuration and security recommendations, see:
# https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring/#configuring-the-api
server {
# Change the listen port if 9000 conflicts
# (8080 is the conventional API port)
listen 9000;

location /api/ {
# To restrict write methods (POST, PATCH, DELETE), uncomment:
# limit_except GET {
# auth_basic "NGINX Plus API";
# auth_basic_user_file /path/to/passwd/file;
# }

# Enable API in write mode
api write=on;

# To restrict access by network, uncomment and set your network:
# allow 192.0.2.0/24 # replace with your network
# deny all;
}

# Serve the built-in dashboard at /dashboard.html
location = /dashboard.html {
root /usr/share/nginx/html;
}

# Redirect any request to the root path "/" to the dashboard
location / {
return 301 /dashboard.html;
}
}
```
62 changes: 8 additions & 54 deletions content/includes/use-cases/monitoring/enable-nginx-plus-api.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,61 +4,15 @@ files:
- content/nim/monitoring/overview-metrics.md
- content/nginx-one/getting-started.md
---
<!-- include in content/nginx-one/getting-started.md disabled, hopefully temporarily -->
To collect comprehensive metrics for NGINX Plus -- including bytes streamed, information about upstream systems and caches, and counts of all HTTP status codes -- add the following to your NGINX Plus configuration file (for example, `/etc/nginx/nginx.conf` or an included file):

```nginx
# This block:
# - Enables the read-write NGINX Plus API under /api/
# - Serves the built-in dashboard at /dashboard.html
# - Restricts write methods (POST, PATCH, DELETE) to authenticated users
# and a specified IP range
# Change the listen port if 9000 conflicts; 8080 is the conventional API port.
server {
# Listen on port 9000 for API and dashboard traffic
listen 9000 default_server;
To collect comprehensive metrics for NGINX Plus, including bytes streamed, information about upstream systems and caches, and counts of all HTTP status codes, add the following to your NGINX Plus configuration file, for example `/etc/nginx/nginx.conf` or an included file:

# Handle API calls under /api/
location /api/ {
# Enable write operations (POST, PATCH, DELETE)
api write=on;
{{< include "config-snippets/enable-nplus-api-dashboard.md" >}}

# Allow GET requests from any IP
allow 0.0.0.0/0;
# Deny all other requests by default
deny all;
{{< call-out "note" "Security tip" >}}
- By default, all clients can call the API.
- To limit who can call **any** API method, uncomment the `allow`/`deny` lines under `api write=on` and replace the example CIDR with your trusted network.
- To restrict write methods (`POST`, `PATCH`, `DELETE`), uncomment and configure the `limit_except GET` block.
{{</ call-out >}}

# For methods other than GET, require auth and restrict to a network
limit_except GET {
# Prompt for credentials with this realm
auth_basic "NGINX Plus API";
# Path to the file with usernames and passwords
auth_basic_user_file /path/to/passwd/file;

# Allow only this IP range (replace with your own)
allow 192.0.2.0/24;
# Deny all other IPs
deny all;
}
}

# Serve the dashboard page at /dashboard.html
location = /dashboard.html {
# Files are located under this directory
root /usr/share/nginx/html;
}

# Redirect any request for / to the dashboard
location / {
return 301 /dashboard.html;
}
}
```

For more details, see the [NGINX Plus API module documentation](https://nginx.org/en/docs/http/ngx_http_api_module.html) and [Configuring the NGINX Plus API]({{< ref "nginx/admin-guide/monitoring/live-activity-monitoring.md#configuring-the-api" >}}).

After saving the changes, reload NGINX:

```shell
nginx -s reload
```
For more details, see the [NGINX Plus API module](https://nginx.org/en/docs/http/ngx_http_api_module.html) documentation and [Configuring the NGINX Plus API]({{< ref "nginx/admin-guide/monitoring/live-activity-monitoring.md#configuring-the-api" >}}).