sxg_validity_url
Specifies the URL for retrieving validity information for Signed HTTP Exchanges (SXG).
Description
The sxg_validity_url directive is used in the NGINX Signed HTTP Exchange (SXG) module to define a URL from which the validity information of the generated SXG file can be obtained. This URL must be served over HTTPS and must originate from the same host as the website serving the SXG.
By setting this directive, developers ensure that NGINX can retrieve important validation data that is necessary to confirm the signature's authenticity and its expiration. This is particularly essential for browser clients that need to verify these exchanges. The validity information typically includes details such as the certificate's status and any associated timestamps that indicate whether the SXG response is still valid and hasn't expired.
In order to configure this directive, it must be stated within a server context of the NGINX configuration file, along with the necessary SSL settings to facilitate secure data delivery. Without this directive, clients will not be able to confirm the validity of the SXG response they receive, undermining the main benefit of using SXGs for distributing signed content across the web.
Config Example
server {
listen 443 ssl;
server_name example.com;
sxg_validity_url https://example.com/validity.json;
sxg_certificate /etc/nginx/ssl/cert.pem;
sxg_certificate_key /etc/nginx/ssl/key.pem;
sxg_cert_url https://example.com/cert.cbor;
}Ensure the validity URL uses HTTPS, as required by SXG specifications.
Make sure the validity URL points to a resource with the appropriate validity information; otherwise, clients won't be able to verify SXG signatures properly.
This directive must be set within a server context to function correctly.