forced GET Parameters

If you want a virtual host or a location to be jailed to certain GET parameters, use the rewrite module:

1
2
3

location /list {
  rewrite ^(.*)$ $1?list=true
}

an even smarter solution is to transport existing GET parameters, too:

1
2
3
4
5

location /list {

    rewrite ^(.*)$ $1?list=true&$args break;

}

this way, nginx forwards all other GET parameters. The jailed “list=true” should be safe, too. In my tests, the app behind used the “first come first serve” method:

http://example.com/list/?list=false

rewrites to:

/list/?list=true&list=false

evaluates to:

list = true

use the reverse proxy module for API calls

With the above, accessing external APIs gives you more possibilities: To hide details of the api calls (credentials, keys, service name, etc.) just add parameters at proxy level, keeping it away from your app and your visitors:

1
2
3
4
5
6

location /example-api {
  # updated on Feb. 8th 2013
  rewrite ^/example-api/(.*)$ /$1?apikey=secretKey&userid=exampleuser&$args break;
  proxy_pass http://api.example.com;

}

http basic auth should work, too (I didn’t test this, Feedback appreciated!):

1
2
3
4
5
6

location /example-api {

  rewrite ^(.*)$ $1?apikey=secretKey&$args break;
  proxy_pass http://user:password@api.example.com;

}