Version 5.3 supports:
- NGINX Instance Manager 2.14+. Version 2.18+ is required for NGINX R33 and above
- NGINX One Console
- NGINX Plus R31+
- NGINX App Protect WAF v4 or v5 with precompiled policy bundles
The JSON schema is self explanatory. See also the sample Postman collection for usage examples
.output.licensedefines the JWT license to use for NGINX Plus R33+.output.license.endpointthe usage reporting endpoint (defaults toproduct.connect.nginx.com). NGINX Instance Manager address can be used here.output.license.tokenthe JWT license token. If this field is omitted, it is assumed that a/etc/nginx/license.jwttoken already exists on the instance and it won't be replaced.output.license.ssl_verifyset tofalseto trust all SSL certificates (not recommended). Useful for reporting to NGINX Instance Manager without a local PKI..output.license.grace_periodSet to 'true' to begin the 180-day reporting enforcement grace period. Reporting must begin or resume before the end of the grace period to ensure continued operation
.output.typedefines how NGINX configuration will be returned:- nms - NGINX configuration is published as a Staged Config to NGINX Instance Manager
.output.nms.urlthe NGINX Instance Manager URL.output.nms.usernamethe NGINX Instance Manager authentication username.output.nms.passwordthe NGINX Instance Manager authentication password.output.nms.instancegroupthe NGINX Instance Manager instance group to publish the configuration to.output.nms.synctimeoptional, used for GitOps autosync. When specified and the declaration includes HTTP(S) references to NGINX App Protect policies, TLS certificates/keys/chains, the HTTP(S) endpoints will be checked everysynctimeseconds and if external contents have changed, the updated configuration will automatically be published to NGINX Instance Manager.output.nms.synchronousoptional, when set toTrue(default) the NGINX Declarative API waits for NGINX Instance Manager successful reply after publishing the NGINX configuration. Setting this toFalseenqueues the request, supporting multiple JSON declarations to be submitted at the same time/from multiple clients. Currently supported forPATCHoperations only..output.nms.modulesan optional array of NGINX module names (ie. 'ngx_http_app_protect_module', 'ngx_http_js_module','ngx_stream_js_module').output.nms.certificatesan optional array of TLS certificates/keys/chains to be published.output.nms.certificates[].typethe item type ('certificate', 'key', 'chain').output.nms.certificates[].namethe certificate/key/chain name with no path/extension (ie. 'test-application').output.nms.certificates[].contentsthe content: this can be either base64-encoded or be a HTTP(S) URL that will be fetched dynamically from a source of truth
.output.nms.policies[]an optional array of NGINX App Protect security policies.output.nms.policies[].typethe policy type ('app_protect').output.nms.policies[].namethe policy name (ie. 'prod-policy').output.nms.policies[].active_tagthe policy tag to enable among all available versions (ie. 'v1').output.nms.policies[].versions[]array with all available policy versions.output.nms.policies[].versions[].tagthe policy version's tag name.output.nms.policies[].versions[].displayNamethe policy version's display name.output.nms.policies[].versions[].descriptionthe policy version's description.output.nms.policies[].versions[].contentsthis can be either base64-encoded or be a HTTP(S) URL that will be fetched dynamically from a source of truth
- nginxone - NGINX configuration is published to a NGINX One Console config sync group
.output.nginxone.urlthe NGINX One Console URL.output.nginxone.namespacethe NGINX One Console namespace.output.nginxone.tokenthe authentication token.output.nginxone.configsyncgroupthe NGINX One Console config sync group name.output.nginxone.synctimeoptional, used for GitOps autosync. When specified and the declaration includes HTTP(S) references to NGINX App Protect policies, TLS certificates/keys/chains, the HTTP(S) endpoints will be checked everysynctimeseconds and if external contents have changed, the updated configuration will automatically be published to NGINX One Cloud Console.output.nms.synchronousoptional, when set toTrue(default) the NGINX Declarative API waits for NGINX One Console successful reply after publishing the NGINX configuration. Setting this toFalseenqueues the request, supporting multiple JSON declarations to be submitted at the same time/from multiple clients. Currently supported forPATCHoperations only..output.nginxone.modulesan optional array of NGINX module names (ie. 'ngx_http_app_protect_module', 'ngx_http_js_module','ngx_stream_js_module').output.nginxone.certificatesan optional array of TLS certificates/keys/chains to be published.output.nginxone.certificates[].typethe item type ('certificate', 'key', 'chain').output.nginxone.certificates[].namethe certificate/key/chain name with no path/extension (ie. 'test-application').output.nginxone.certificates[].contentsthe content: this can be either base64-encoded or be a HTTP(S) URL that will be fetched dynamically from a source of truth
- nms - NGINX configuration is published as a Staged Config to NGINX Instance Manager
.declarationdescribes the NGINX configuration to be created.declaration.http[]NGINX HTTP definitions.declaration.layer4[]NGINX TCP/UDP definitions.declaration.resolvers[]DNS resolvers definitions
POST /v5.3/config/- Publish a new declarationPATCH /v5.3/config/{config_uid}- Update an existing declaration- Per-HTTP server CRUD
- Per-HTTP upstream CRUD
- Per-Stream server CRUD
- Per-Stream upstream CRUD
- Per-NGINX App Protect WAF policy CRUD
GET /v5.3/config/{configUid}/submission/{submissionUid}- Retrieve a submission (asynchronousPATCHrequest) statusGET /v5.3/config/{config_uid}- Retrieve an existing declarationDELETE /v5.3/config/{config_uid}- Delete an existing declaration