Directive Reference

ajp_secret

The `ajp_secret` directive specifies a shared secret for securing AJP connections in NGINX.

Support AJP protocol proxy with NGINX · locationif in location
Syntaxajp_secret string;
Defaultnone
Contextlocation, if in location
Arguments1

Description

The ajp_secret directive is used to define a secret key that ensures the authenticity of the messages sent between NGINX and an AJP backend server (such as Apache or Tomcat). This directive can help prevent unauthorized access by ensuring that only requests that include this secret can be processed by the backend. When the ajp_secret is defined in a configuration, NGINX will include this secret in the AJP requests it sends, which can then be validated by the AJP server.

It can be specified in the context of a location block, enabling you to apply it to specific routes in your application. This flexibility allows for fine-grained control over security, especially in environments where different locations may require different levels of access control based on different backend services. The ajp_secret directive requires one argument, which is the actual secret string, and it should be defined carefully to match what the backend expects to avoid connection issues.

Config Example

location /app {
    ajp_pass tomcats;
    ajp_secret mysecretkey;
}

Ensure that the provided secret matches what is configured on the AJP backend; otherwise, requests will be rejected.

Avoid using easily guessable strings as secrets; use complex, unpredictable values instead.

Related Directives

ajp_passajp_buffersajp_buffer_sizeajp_cache
← Back to all directives