Lessons Learned Writing A Zero Trust NGINX Module (in C) - How I Spent Hours Debugging NGINX

This page summarizes the projects mentioned and recommended in the original post on /r/cprogramming
Web

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • ngx_ziti_module

    An NGINX module that allows OpenZiti to front upstream servers

    • I authored my first NGINX module to offload OpenZiti connections into a legacy application deployment. That work can be seen in Github in the OpenZiti ngx_ziti_module and an article explaining its operation in the article NGINX& ZeroTrust API Security This article describes how the goals of the module were achieved and outlines some NGINX not-so-obvious-to-me gotchas.

  • ziti-sdk-c

    A C-based sdk for delivering secure applications over a Ziti Network

    • set(NGINX_CONFIGURE_ARGS "--with-threads" "--with-compat") if (DEBUG) set(NGINX_CONFIGURE_ARGS "--with-threads" "--with-compat" "--with-debug") endif() message("args ${NGINX_CONFIGURE_ARGS}") # build against nginx at the version specified by GIT_TAG. nginx uses custom auto configuration scripts that # creates header files that are specific to the current host and output to /objs/*.h. ExternalProject_Add( nginx PREFIX ${CMAKE_BINARY_DIR}/_deps/nginx GIT_REPOSITORY https://github.com/nginx/nginx.git GIT_TAG release-1.23.2 TIMEOUT 10 CONFIGURE_COMMAND ./auto/configure ${NGINX_CONFIGURE_ARGS} INSTALL_COMMAND "" #empty install command to disable install UPDATE_COMMAND "" #empty update command to disable update LOG_DOWNLOAD ON BUILD_IN_SOURCE 1 #build inside of the downloaded repo's source directory as expected by auto/configure ) if(NOT DEFINED $ENV{ZITI_SDK_C_BRANCH}) SET(ZITI_SDK_C_BRANCH "main") endif() FetchContent_Declare(ziti-sdk-c GIT_REPOSITORY https://github.com/openziti/ziti-sdk-c.git GIT_TAG ${ZITI_SDK_C_BRANCH} ) set(ZITI_BUILD_TESTS off) set(ZITI_BUILD_PROGRAMS off)a FetchContent_MakeAvailable(ziti-sdk-c) add_dependencies(${PROJECT_NAME} nginx) ExternalProject_Get_property(nginx SOURCE_DIR) message("project name ${PROJECT_NAME}") target_include_directories(${PROJECT_NAME} PUBLIC "${SOURCE_DIR}/objs" PUBLIC "${SOURCE_DIR}/src/core" PUBLIC "${SOURCE_DIR}/src/event" PUBLIC "${SOURCE_DIR}/src/event/modules" PUBLIC "${SOURCE_DIR}/src/http" PUBLIC "${SOURCE_DIR}/src/http/modules" PUBLIC "${SOURCE_DIR}/src/mail" PUBLIC "${SOURCE_DIR}/src/stream" PUBLIC "${SOURCE_DIR}/src/os/unix" ) target_link_libraries(${PROJECT_NAME} ziti)

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • Nginx

    An official read-only mirror of http://hg.nginx.org/nginx/ which is updated hourly. Pull requests on GitHub cannot be accepted and will be automatically closed. The proper way to submit changes to nginx is via the nginx development mailing list, see http://nginx.org/en/docs/contributing_changes.html

    • set(NGINX_CONFIGURE_ARGS "--with-threads" "--with-compat") if (DEBUG) set(NGINX_CONFIGURE_ARGS "--with-threads" "--with-compat" "--with-debug") endif() message("args ${NGINX_CONFIGURE_ARGS}") # build against nginx at the version specified by GIT_TAG. nginx uses custom auto configuration scripts that # creates header files that are specific to the current host and output to /objs/*.h. ExternalProject_Add( nginx PREFIX ${CMAKE_BINARY_DIR}/_deps/nginx GIT_REPOSITORY https://github.com/nginx/nginx.git GIT_TAG release-1.23.2 TIMEOUT 10 CONFIGURE_COMMAND ./auto/configure ${NGINX_CONFIGURE_ARGS} INSTALL_COMMAND "" #empty install command to disable install UPDATE_COMMAND "" #empty update command to disable update LOG_DOWNLOAD ON BUILD_IN_SOURCE 1 #build inside of the downloaded repo's source directory as expected by auto/configure ) if(NOT DEFINED $ENV{ZITI_SDK_C_BRANCH}) SET(ZITI_SDK_C_BRANCH "main") endif() FetchContent_Declare(ziti-sdk-c GIT_REPOSITORY https://github.com/openziti/ziti-sdk-c.git GIT_TAG ${ZITI_SDK_C_BRANCH} ) set(ZITI_BUILD_TESTS off) set(ZITI_BUILD_PROGRAMS off)a FetchContent_MakeAvailable(ziti-sdk-c) add_dependencies(${PROJECT_NAME} nginx) ExternalProject_Get_property(nginx SOURCE_DIR) message("project name ${PROJECT_NAME}") target_include_directories(${PROJECT_NAME} PUBLIC "${SOURCE_DIR}/objs" PUBLIC "${SOURCE_DIR}/src/core" PUBLIC "${SOURCE_DIR}/src/event" PUBLIC "${SOURCE_DIR}/src/event/modules" PUBLIC "${SOURCE_DIR}/src/http" PUBLIC "${SOURCE_DIR}/src/http/modules" PUBLIC "${SOURCE_DIR}/src/mail" PUBLIC "${SOURCE_DIR}/src/stream" PUBLIC "${SOURCE_DIR}/src/os/unix" ) target_link_libraries(${PROJECT_NAME} ziti)

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts