Module ngx_stream_js_module

Example Configuration
Directives
     js_access
     js_fetch_buffer_size
     js_fetch_ciphers
     js_fetch_max_response_buffer_size
     js_fetch_protocols
     js_fetch_timeout
     js_fetch_trusted_certificate
     js_fetch_verify
     js_fetch_verify_depth
     js_filter
     js_import
     js_include
     js_path
     js_periodic
     js_preload_object
     js_preread
     js_set
     js_shared_dict_zone
     js_var
Session Object Properties

The ngx_stream_js_module module is used to implement handlers in njs — a subset of the JavaScript language.

Download and install instructions are available here.

Example Configuration

The example works since 0.4.0.

stream {
    js_import stream.js;

    js_set $bar stream.bar;
    js_set $req_line stream.req_line;

    server {
        listen 12345;

        js_preread stream.preread;
        return     $req_line;
    }

    server {
        listen 12346;

        js_access  stream.access;
        proxy_pass 127.0.0.1:8000;
        js_filter  stream.header_inject;
    }
}

http {
    server {
        listen 8000;
        location / {
            return 200 $http_foo\n;
        }
    }
}

The stream.js file:

var line = '';

function bar(s) {
    var v = s.variables;
    s.log("hello from bar() handler!");
    return "bar-var" + v.remote_port + "; pid=" + v.pid;
}

function preread(s) {
    s.on('upload', function (data, flags) {
        var n = data.indexOf('\n');
        if (n != -1) {
            line = data.substr(0, n);
            s.done();
        }
    });
}

function req_line(s) {
    return line;
}

// Read HTTP request line.
// Collect bytes in 'req' until
// request line is read.
// Injects HTTP header into a client's request

var my_header =  'Foo: foo';
function header_inject(s) {
    var req = '';
    s.on('upload', function(data, flags) {
        req += data;
        var n = req.search('\n');
        if (n != -1) {
            var rest = req.substr(n + 1);
            req = req.substr(0, n + 1);
            s.send(req + my_header + '\r\n' + rest, flags);
            s.off('upload');
        }
    });
}

function access(s) {
    if (s.remoteAddress.match('^192.*')) {
        s.deny();
        return;
    }

    s.allow();
}

export default {bar, preread, req_line, header_inject, access};

Directives

Syntax: js_access function | module.function;
Default:
Context: stream, server

Sets an njs function which will be called at the access phase. Since 0.4.0, a module function can be referenced.

The function is called once at the moment when the stream session reaches the access phase for the first time. The function is called with the following arguments:

s
the Stream Session object

At this phase, it is possible to perform initialization or register a callback with the s.on() method for each incoming data chunk until one of the following methods are called: s.allow(), s.decline(), s.done(). As soon as one of these methods is called, the stream session processing switches to the next phase and all current s.on() callbacks are dropped.

Syntax: js_fetch_buffer_size size;
Default:
js_fetch_buffer_size 16k;
Context: stream, server

This directive appeared in version 0.7.4.

Sets the size of the buffer used for reading and writing with Fetch API.

Syntax: js_fetch_ciphers ciphers;
Default:
js_fetch_ciphers HIGH:!aNULL:!MD5;
Context: stream, server

This directive appeared in version 0.7.0.

Specifies the enabled ciphers for HTTPS connections with Fetch API. The ciphers are specified in the format understood by the OpenSSL library.

The full list can be viewed using the “openssl ciphers” command.

Syntax: js_fetch_max_response_buffer_size size;
Default:
js_fetch_max_response_buffer_size 1m;
Context: stream, server

This directive appeared in version 0.7.4.

Sets the maximum size of the response received with Fetch API.

Syntax: js_fetch_protocols [TLSv1] [TLSv1.1] [TLSv1.2] [TLSv1.3];
Default:
js_fetch_protocols TLSv1 TLSv1.1 TLSv1.2;
Context: stream, server

This directive appeared in version 0.7.0.

Enables the specified protocols for HTTPS connections with Fetch API.

Syntax: js_fetch_timeout time;
Default:
js_fetch_timeout 60s;
Context: stream, server

This directive appeared in version 0.7.4.

Defines a timeout for reading and writing for Fetch API. The timeout is set only between two successive read/write operations, not for the whole response. If no data is transmitted within this time, the connection is closed.

Syntax: js_fetch_trusted_certificate file;
Default:
Context: stream, server

This directive appeared in version 0.7.0.

Specifies a file with trusted CA certificates in the PEM format used to verify the HTTPS certificate with Fetch API.

Syntax: js_fetch_verify on | off;
Default:
js_fetch_verify on;
Context: stream, server

This directive appeared in version 0.7.4.

Enables or disables verification of the HTTPS server certificate with Fetch API.

Syntax: js_fetch_verify_depth number;
Default:
js_fetch_verify_depth 100;
Context: stream, server

This directive appeared in version 0.7.0.

Sets the verification depth in the HTTPS server certificates chain with Fetch API.

Syntax: js_filter function | module.function;
Default:
Context: stream, server

Sets a data filter. Since 0.4.0, a module function can be referenced. The filter function is called once at the moment when the stream session reaches the content phase.

The filter function is called with the following arguments:

s
the Stream Session object

At this phase, it is possible to perform initialization or register a callback with the s.on() method for each incoming data chunk. The s.off() method may be used to unregister a callback and stop filtering.

As the js_filter handler returns its result immediately, it supports only synchronous operations. Thus, asynchronous operations such as ngx.fetch() or setTimeout() are not supported.

Syntax: js_import module.js | export_name from module.js;
Default:
Context: stream, server

This directive appeared in version 0.4.0.

Imports a module that implements location and variable handlers in njs. The export_name is used as a namespace to access module functions. If the export_name is not specified, the module name will be used as a namespace.

js_import stream.js;

Here, the module name stream is used as a namespace while accessing exports. If the imported module exports foo(), stream.foo is used to refer to it.

Several js_import directives can be specified.

The directive can be specified on the server level since 0.7.7.

Syntax: js_include file;
Default:
Context: stream

Specifies a file that implements server and variable handlers in njs:

nginx.conf:
js_include stream.js;
js_set     $js_addr address;
server {
    listen 127.0.0.1:12345;
    return $js_addr;
}

stream.js:
function address(s) {
    return s.remoteAddress;
}

The directive was made obsolete in version 0.4.0 and was removed in version 0.7.1. The js_import directive should be used instead.

Syntax: js_path path;
Default:
Context: stream, server

This directive appeared in version 0.3.0.

Sets an additional path for njs modules.

The directive can be specified on the server level since 0.7.7.

Syntax: js_periodic function | module.function [interval=time] [jitter=number] [worker_affinity=mask];
Default:
Context: server

This directive appeared in version 0.8.1.

Specifies a content handler to run at regular interval. The handler receives a session object as its first argument, it also has access to global objects such as ngx.

The optional interval parameter sets the interval between two consecutive runs, by default, 5 seconds.

The optional jitter parameter sets the time within which the location content handler will be randomly delayed, by default, there is no delay.

By default, the js_handler is executed on worker process 0. The optional worker_affinity parameter allows specifying particular worker processes where the location content handler should be executed. Each worker process set is represented by a bitmask of allowed worker processes. The all mask allows the handler to be executed in all worker processes.

Example:

example.conf:

location @periodics {
    # to be run at 1 minute intervals in worker process 0
    js_periodic main.handler interval=60s;

    # to be run at 1 minute intervals in all worker processes
    js_periodic main.handler interval=60s worker_affinity=all;

    # to be run at 1 minute intervals in worker processes 1 and 3
    js_periodic main.handler interval=60s worker_affinity=0101;

    resolver 10.0.0.1;
    js_fetch_trusted_certificate /path/to/ISRG_Root_X1.pem;
}

example.js:

async function handler(s) {
    let reply = await ngx.fetch('https://nginx.org/en/docs/njs/');
    let body = await reply.text();

    ngx.log(ngx.INFO, body);
}

Syntax: js_preload_object name.json | name from file.json;
Default:
Context: stream, server

This directive appeared in version 0.7.8.

Preloads an immutable object at configure time. The name is used as a name of the global variable though which the object is available in njs code. If the name is not specified, the file name will be used instead.

js_preload_object map.json;

Here, the map is used as a name while accessing the preloaded object.

Several js_preload_object directives can be specified.

Syntax: js_preread function | module.function;
Default:
Context: stream, server

Sets an njs function which will be called at the preread phase. Since 0.4.0, a module function can be referenced.

The function is called once at the moment when the stream session reaches the preread phase for the first time. The function is called with the following arguments:

s
the Stream Session object

At this phase, it is possible to perform initialization or register a callback with the s.on() method for each incoming data chunk until one of the following methods are called: s.allow(), s.decline(), s.done(). When one of these methods is called, the stream session switches to the next phase and all current s.on() callbacks are dropped.

As the js_preread handler returns its result immediately, it supports only synchronous callbacks. Thus, asynchronous callbacks such as ngx.fetch() or setTimeout() are not supported. Nevertheless, asynchronous operations are supported in s.on() callbacks in the preread phase. See this example for more information.

Syntax: js_set $variable function | module.function;
Default:
Context: stream, server

Sets an njs function for the specified variable. Since 0.4.0, a module function can be referenced.

The function is called when the variable is referenced for the first time for a given request. The exact moment depends on a phase at which the variable is referenced. This can be used to perform some logic not related to variable evaluation. For example, if the variable is referenced only in the log_format directive, its handler will not be executed until the log phase. This handler can be used to do some cleanup right before the request is freed.

As the js_set handler returns its result immediately, it supports only synchronous callbacks. Thus, asynchronous callbacks such as ngx.fetch() or setTimeout() are not supported.

The directive can be specified on the server level since 0.7.7.

Syntax: js_shared_dict_zone zone=name:size [timeout=time] [type=string|number] [evict];
Default:
Context: stream

This directive appeared in version 0.8.0.

Sets the name and size of the shared memory zone that keeps the key-value dictionary shared between worker processes.

By default the shared dictionary uses a string as a key and a value. The optional type parameter allows redefining the value type to number.

The optional timeout parameter sets the time after which all shared dictionary entries are removed from the zone.

The optional evict parameter removes the oldest key-value pair when the zone storage is exhausted.

Example:

example.conf:
    # Creates a 1Mb dictionary with string values,
    # removes key-value pairs after 60 seconds of inactivity:
    js_shared_dict_zone zone=foo:1M timeout=60s;

    # Creates a 512Kb dictionary with string values,
    # forcibly removes oldest key-value pairs when the zone is exhausted:
    js_shared_dict_zone zone=bar:512K timeout=30s evict;

    # Creates a 32Kb permanent dictionary with number values:
    js_shared_dict_zone zone=num:32k type=number;

example.js:
    function get(r) {
        r.return(200, ngx.shared.foo.get(r.args.key));
    }

    function set(r) {
        r.return(200, ngx.shared.foo.set(r.args.key, r.args.value));
    }

    function del(r) {
        r.return(200, ngx.shared.bar.delete(r.args.key));
    }

    function increment(r) {
        r.return(200, ngx.shared.num.incr(r.args.key, 2));
    }

Syntax: js_var $variable [value];
Default:
Context: stream, server

This directive appeared in version 0.5.3.

Declares a writable variable. The value can contain text, variables, and their combination.

The directive can be specified on the server level since 0.7.7.

Session Object Properties

Each stream njs handler receives one argument, a stream session object.