Version 5.1 supports:
- NGINX Instance Manager 2.14+
- NGINX One Cloud Console
- NGINX Plus R30, R31, R32
- NGINX App Protect WAF 4 with precompiled policy bundles
The JSON schema is self explanatory. See also the sample Postman collection for usage examples
.output.type
defines how NGINX configuration will be returned:- nms - NGINX configuration is published as a Staged Config to NGINX Instance Manager
.output.nms.url
the NGINX Instance Manager URL.output.nms.username
the NGINX Instance Manager authentication username.output.nms.password
the NGINX Instance Manager authentication password.output.nms.instancegroup
the NGINX Instance Manager instance group to publish the configuration to.output.nms.synctime
optional, used for GitOps autosync. When specified and the declaration includes HTTP(S) references to NGINX App Protect policies, TLS certificates/keys/chains, the HTTP(S) endpoints will be checked everysynctime
seconds and if external contents have changed, the updated configuration will automatically be published to NGINX Instance Manager.output.nms.modules
an optional array of NGINX module names (ie. 'ngx_http_app_protect_module', 'ngx_http_js_module','ngx_stream_js_module').output.nms.certificates
an optional array of TLS certificates/keys/chains to be published.output.nms.certificates[].type
the item type ('certificate', 'key', 'chain').output.nms.certificates[].name
the certificate/key/chain name with no path/extension (ie. 'test-application').output.nms.certificates[].contents
the content: this can be either base64-encoded or be a HTTP(S) URL that will be fetched dynamically from a source of truth
.output.nms.policies[]
an optional array of NGINX App Protect security policies.output.nms.policies[].type
the policy type ('app_protect').output.nms.policies[].name
the policy name (ie. 'prod-policy').output.nms.policies[].active_tag
the policy tag to enable among all available versions (ie. 'v1').output.nms.policies[].versions[]
array with all available policy versions.output.nms.policies[].versions[].tag
the policy version's tag name.output.nms.policies[].versions[].displayName
the policy version's display name.output.nms.policies[].versions[].description
the policy version's description.output.nms.policies[].versions[].contents
this can be either base64-encoded or be a HTTP(S) URL that will be fetched dynamically from a source of truth
- nginxone - NGINX configuration is published to a NGINX One Cloud Console config sync group
.output.nginxone.url
the NGINX One Cloud Console URL.output.nginxone.namespace
the NGINX One Cloud Console namespace.output.nginxone.token
the authentication token.output.nginxone.configsyncgroup
the NGINX One Cloud Console config sync group name.output.nginxone.synctime
optional, used for GitOps autosync. When specified and the declaration includes HTTP(S) references to NGINX App Protect policies, TLS certificates/keys/chains, the HTTP(S) endpoints will be checked everysynctime
seconds and if external contents have changed, the updated configuration will automatically be published to NGINX One Cloud Console.output.nginxone.modules
an optional array of NGINX module names (ie. 'ngx_http_app_protect_module', 'ngx_http_js_module','ngx_stream_js_module').output.nginxone.certificates
an optional array of TLS certificates/keys/chains to be published.output.nginxone.certificates[].type
the item type ('certificate', 'key', 'chain').output.nginxone.certificates[].name
the certificate/key/chain name with no path/extension (ie. 'test-application').output.nginxone.certificates[].contents
the content: this can be either base64-encoded or be a HTTP(S) URL that will be fetched dynamically from a source of truth
- nms - NGINX configuration is published as a Staged Config to NGINX Instance Manager
.declaration
describes the NGINX configuration to be created.declaration.http[]
NGINX HTTP definitions.declaration.layer4[]
NGINX TCP/UDP definitions.declaration.resolvers[]
DNS resolvers definitions
POST /v5.1/config/
- Publish a new declarationPATCH /v5.1/config/{config_uid}
- Update an existing declaration- Per-HTTP server CRUD
- Per-HTTP upstream CRUD
- Per-Stream server CRUD
- Per-Stream upstream CRUD
- Per-NGINX App Protect WAF policy CRUD
GET /v5.1/config/{config_uid}
- Retrieve an existing declarationDELETE /v5.1/config/{config_uid}
- Delete an existing declaration