sxg_expiry_seconds
Sets the expiry time for signed HTTP exchanges (SXG) in seconds.
Description
The sxg_expiry_seconds directive specifies the lifespan of signed HTTP exchanges (SXG) generated by NGINX, determining how long these exchanges remain valid before they expire. This directive is particularly crucial for caching mechanisms and helps ensure that users are served up-to-date content without relying on expired signatures.
The value for sxg_expiry_seconds should be defined as a number representing the duration in seconds, and it should not exceed the limit of 604800 seconds, equivalent to one week. If not configured, it defaults to 86400 seconds (or 1 day), which means SXGs will automatically expire after one day unless otherwise specified. This setting enhances control over the content's validity period and assists in maintaining the integrity of the response data delivered to clients.
When properly set in the server context, NGINX adjusts the Expires header of the signed exchange response, indicating the actual time until the SXG can no longer be used for requests. In the absence of this directive, the default expiration value is applied, which may not align with the desired cache strategy of the application, thus careful consideration of its configuration is encouraged.
Config Example
server {
listen 80;
server_name example.com;
sxg;
sxg_expiry_seconds 3600; # Expires in 1 hour
sxg_certificate /path/to/certificate.pem;
sxg_certificate_key /path/to/certificate_key.pem;
sxg_cert_url https://example.com/cert.cbor;
sxg_validity_url https://example.com/validity.json;
}Ensure the value does not exceed 604800 seconds to avoid configuration errors.
Double-check the implementation context; this directive can only be used in the server context.