APIsentry Documentation
APIsentry Documentation
  • Knowledge Base
  • Getting Started
    • Login and MFA
    • Create Project
  • Installation Approach
    • Out-of-band Approach
    • In-line Approach
Powered by GitBook
On this page
  1. Installation Guide

OOB Approach: Nginx Configuration

This document provides a detailed guide on how to configure Nginx to mirror network traffic to an external IP address using the ApiSentry service. This can be useful for monitoring, logging, or auditi

Prerequisites

  • A working Nginx server setup.

  • Access to the Nginx configuration files.

  • The external IP address provided by ApiSentry.

Steps to Configure Nginx for Traffic Mirroring

  1. Install Nginx: If Nginx is not already installed, install it using the appropriate package manager for your system.

    sudo apt update
sudo apt install nginx

  2. Edit Nginx Configuration File: Open your Nginx configuration file (e.g., /etc/nginx/nginx.conf or a site-specific configuration file within /etc/nginx/conf.d/).

    sudo nano /etc/nginx/nginx.conf

  3. Add the Map Directive: Add a map directive at the top of your configuration file to handle query parameters correctly.

    map $args $project_id_param {
    default "";
    "" "project_id=your-project-token";
}

  4. Configure the Main Server Block: Modify the server block to include mirroring of requests.

    server {
    listen 80;
    server_name your.server.name;

    location / {
        include proxy_params;
        proxy_pass http://unix:/home/ec2-user/api/wiredassurance_api.sock;

        # Construct the full request URI
        set $full_request_uri "${uri}${is_args}${args}&${project_id_param}";
        
        if ($args = "") {
        # Add project_id as a query parameter
        set $full_request_uri "${uri}?${project_id_param}";
        }

        # Mirror request to internal location
        mirror /mirror;
        mirror_request_body on;  # Mirror request body if needed
    }

    location /mirror {
        internal;

        # Forward mirrored request to external IP
        proxy_pass http://apisentry-external-ip-address$full_request_uri;
        proxy_set_header X-Original-URI $request_uri;  # Include original URI in headers if needed
    }
}

    In this configuration:

    • mirror /mirror; enables request mirroring to the /mirror location.

    • mirror_request_body on; ensures that the request body is also mirrored if needed.

  5. Test Configuration: Test the Nginx configuration for syntax errors.

    sudo nginx -t

  6. Reload Nginx: Reload Nginx to apply the new configuration.

    sudo systemctl reload nginx

Example Request Flow

When a request is made to http://backend/login?user=admin:

  1. Nginx handles the original request and forwards it to the backend server.

  2. The request is mirrored to http://apisentry-external-ip-address/mirror/login?user=admin&project_id=your-project-token.

Notes

  • Ensure that the proxy_pass directive in the /mirror location uses the correct external IP address provided by ApiSentry.

  • Adjust project_id and other parameters as needed for your specific use case.

Troubleshooting

  • If Nginx fails to start or reload, check the syntax and ensure there are no typos in the configuration.

  • Use the Nginx error log (/var/log/nginx/error.log) to diagnose issues.

  • Verify network connectivity between your Nginx server and the ApiSentry external IP address.

By following this guide, you can successfully configure Nginx to mirror network traffic to an external IP address, providing enhanced monitoring and auditing capabilities for your application.

Last updated 12 months ago