include apigw_backends.conf; include apigw_keys.conf; server { access_log /var/log/nginx/apigw_access.log main; listen 80; # listen 443 ssl; # server_name apigw_svc; # container name from stack config # server_name api.example.com; # TLS config # ssl_certificate /etc/ssl/certs/apigw.example.com.crt; # ssl_certificate_key /etc/ssl/private/apigw.example.com.key; # ssl_session_cache shared:SSL:10m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_protocols TLSv1.2 TLSv1.3; # API definitions, one per file include apigw_conf.d/*.conf; # Error responses # error_page 404 = @400; # Treat invalid paths as bad requests proxy_intercept_errors on; # Do not send backend errors to client include apigw_json_errors.conf; # API client-friendly JSON errors default_type application/json; # If no content-type, assume JSON # API key validation location = /_validate_apikey { internal; access_log /var/log/nginx/apigw_access.log main; error_log /var/log/nginx/apigw_error.log warn; if ($http_apikey = "") { return 401; # Unauthorized } if ($apigw_client_name = "") { return 403; # Forbidden } return 204; # OK (no content) } }