Directive Reference

sxg_cert_url

The `sxg_cert_url` directive specifies the URL for the CBOR encoded certificate file for Signed HTTP Exchanges.

Signed HTTP Exchange(SXG) support for NGINX · server
Syntaxsxg_cert_url URL;
Defaultnone
Contextserver
Arguments1

Description

The sxg_cert_url directive is a required configuration for enabling Signed HTTP Exchange (SXG) in NGINX. This directive must be set within a server context and specifies the HTTPS URL where the CBOR-encoded certificate can be accessed. This certificate is crucial for validating signed exchanges and must be retrievable by clients, as it helps in establishing a trust chain for the exchanged content. When the client makes a request indicating support for SXG (using Accept: application/signed-exchange;v=b3), NGINX uses this URL to provide the necessary certificate data.

For the configuration to be valid, the URL specified by sxg_cert_url must adhere to HTTPS protocol guarantees to ensure security. Typically, this URL points to a dynamically generated certificate file that is encoded in CBOR format, aligning with the standards required for signed exchanges. Clients will then utilize this URL to fetch the certificate during the processing of signed exchanges, facilitating the reliability of content transmission without compromising data integrity.

Config Example

server {
    listen 80;
    server_name example.com;
    sxg_cert_url https://example.com/cert.cbor;
    # Other directives...
}

Ensure the URL uses HTTPS; HTTP will cause validation errors.

The URL must point to a valid and accessible CBOR encoded certificate file; otherwise, SXG validation will fail.

Make sure to configure related directives like sxg_certificate and sxg_certificate_key correctly, as they are required alongside sxg_cert_url.

Related Directives

sxg_certificatesxg_certificate_keysxg_validity_url
← Back to all directives