You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Snippets are for advanced NGINX users who need more control over the generated NGINX configuration,
18
18
and can be used in cases where Gateway API resources or NGINX extension policies don't apply.
19
19
20
-
Users can configure Snippets through the `SnippetsFilter` API. `SnippetsFilter`is an [HTTPRouteFilter](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteFilter)
21
-
that attaches to an HTTP/GRPCRoute rule and is intended to modify NGINX configuration specifically for that Route rule.
20
+
Users can configure Snippets through the `SnippetsFilter` API. `SnippetsFilter`can be an [HTTPRouteFilter](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteFilter) or [GRPCRouteFilter](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.GRPCRouteFilter),
21
+
that can be defined in an HTTP/GRPCRoute rule and is intended to modify NGINX configuration specifically for that Route rule. `SnippetsFilter` is an `extensionRef` type filter.
22
22
23
23
---
24
24
@@ -37,7 +37,7 @@ Snippets have the following disadvantages:
37
37
-_Decreased robustness_. An incorrect Snippet can invalidate NGINX configuration, causing reload failures. Until the snippet is fixed, it will prevent any new configuration updates, including updates for the other Gateway resources.
38
38
-_Security implications_. Snippets give access to NGINX configuration primitives, which are not validated by NGINX Gateway Fabric. For example, a Snippet can configure NGINX to serve the TLS certificates and keys used for TLS termination for Gateway resources.
39
39
40
-
{{< note >}} If the NGINX configuration includes an invalid Snippet, NGINX will continue to operate with the last valid configuration. {{< /note >}}
40
+
{{< note >}} If the NGINX configuration includes an invalid Snippet, NGINX will continue to operate with the last valid configuration. No new configuration will be applied until the invalid Snippet is fixed. {{< /note >}}
41
41
42
42
{{< note >}} If you end up using Snippets and run into situations where an NGINX directive fails to be applied, please create an issue in the
The Snippet uses the NGINX `limit_req_module` to configure rate limiting for this HTTPRoute and the
141
-
backend coffee application. This snippet will limit the request processing rate to 1 request per second, and if there
140
+
This `SnippetsFilter` defines two Snippets to configure rate limiting for this HTTPRoute and the
141
+
backend coffee application. The first one injects the value: `limit_req_zone \$binary_remote_addr zone=no-delay-rate-limiting-sf:10m rate=1r/s;`
142
+
into the `http` context. The second one injects the value: `limit_req zone=no-delay-rate-limiting-sf burst=3 nodelay;` into the location(s) for `/coffee`.
143
+
This `SnippetsFilter` will limit the request processing rate to 1 request per second, and if there
142
144
are more than 3 requests in queue, it will throw a 503 error.
0 commit comments