sxg
The `sxg` directive enables or disables support for Signed HTTP Exchanges (SXG) in NGINX.
Description
The sxg directive is a flag used to activate the Signed HTTP Exchanges (SXG) module within NGINX. By setting this directive to on, NGINX will process requests that include the Accept: application/signed-exchange;v=b3 header and convert appropriate responses from upstream servers into Signed HTTP Exchanges. This enables features like more efficient caching and improved performance for web applications that leverage SXG, particularly in mobile and cross-domain contexts.
The sxg directive can be configured at both the server and location levels in the NGINX configuration. Its default value is off, meaning that SXG processing is disabled unless explicitly enabled. This directive relies on the presence of the corresponding SXG configuration settings, such as certificate paths and validity URLs, which are crucial for the successful signing of HTTP exchanges since the module uses these files to verify the legitimacy of the responses being exchanged in the SXG format.
Config Example
server {
listen 80;
server_name example.com;
sxg on;
sxg_certificate /path/to/your/certificate.pem;
sxg_certificate_key /path/to/your/private_key.pem;
sxg_cert_url https://example.com/cert-chain.cbor;
sxg_validity_url https://example.com/validity;
}Ensure your certificate meets the necessary conditions (e.g., CanSignHttpExchanges extension, ECDSA256 or ECDSA384) for SXG signing.
Ensure HTTPS is used for all URLs specified in sxg_cert_url and sxg_validity_url.
If using fallback hosts, ensure they are correctly set to avoid unexpected behavior.