Module ngx_mgmt_module (original) (raw)

The ngx_mgmt_module module enables NGINX Plus license verification and usage reporting. This is mandatory for eachnginx/1.27.2 (nginx-plus-r33) instance.

A JWT license file named license.jwtshould be located at/etc/nginx/ for Linux or/usr/local/etc/nginx/ for FreeBSD or at the path specified by the license_token directive. The license file is available fromMyF5.

Usage report is sent directly or via proxyto F5 licensing endpointevery hour using thesecure connection. Optionally, in network-restricted environments reporting can be configured toF5 NGINX Instance Manager from which the report can be sent to F5 licensing endpoint.

By default, if the initial usage reportis not received by F5 licensing endpoint, nginx will stop processing traffic.

This module is available as part of ourcommercial subscription.

Example Configuration

mgmt {

in case if custom path is required

license_token custom/file/path/license.jwt;

in case of reporting to NGINX Instance Manager

usage_report endpoint=NIM_FQDN; }

Directives

Provides the configuration file context in which usage reporting and license management directives are specified.

This directive appeared in version 1.27.2.

Enables or disables the 180-day grace period for sending the initial usage report.

The initial usage report is sent immediately upon nginx first start after installation. By default, if the initial report is not received by F5 licensing endpoint, nginx stops processing traffic until the report is successfully delivered. Setting the directive value to off enables the 180-day grace period during which the initial usage report must be received by F5 licensing endpoint.

This directive appeared in version 1.27.2.

Specifies a JWT license _file_. By default, the _license.jwt_ file is expected to be at/etc/nginx/ for Linux or at/usr/local/etc/nginx/ for FreeBSD.

This directive appeared in version 1.27.4.

Sets the HTTP CONNECT proxy used for sending the usage report.

This directive appeared in version 1.27.4.

Sets the user name used for authentication on the proxy.

This directive appeared in version 1.27.4.

Sets the password used for authentication on the proxy.

The password is sent unencrypted by default. If the proxy supports TLS, the connection to the proxy can be protected with the streammodule:

mgmt { proxy 127.0.0.1:8080; proxy_username ; proxy_password ; }

stream { server { listen 127.0.0.1:8080;

   proxy_ssl                     on;
   proxy_ssl_verify              on;
   proxy_ssl_trusted_certificate <proxy_ca_file>;

   proxy_pass <proxy_host>:<proxy_port>;

} }

| Syntax: | resolver address ... [valid=_time_] [ipv4=on|off] [ipv6=on|off] [status_zone=_zone_]; | | -------- | --------------------------------------------------------------------------------------------------------- | | Default: | — | | Context: | mgmt |

Configures name servers used to resolve usage reporting endpoint name. By default, the system resolver is used.

See resolver for details.

Specifies a _file_ with revoked certificates (CRL) in the PEM format used to verifythe certificate of the usage reporting endpoint.

Specifies a _file_ with trusted CA certificates in the PEM format used to verifythe certificate of the usage reporting endpoint.

Enables or disables verification of the usage reporting endpoint certificate.

Before 1.27.2, the default value was off.

This directive appeared in version 1.27.2.

Defines a directory for storing state files (nginx-mgmt-*) created by the ngx_mgmt_module module. The default directory for Linux is /var/lib/nginx/state, for FreeBSD is /var/db/nginx/state.

Sets the _address_ and _port_of the usage reporting endpoint. The interval parameter sets an interval between two consecutive reports.

Before 1.27.2, the default values werenginx-mgmt.local and30m.