π NGINX Gateway
π Security Notes
- TLS/SSL termination must not be configured in NGINX
- No certificates, private keys, or SSL configs are stored in this repository
- HTTPS, certificates, and renewals are handled by Azure App Service Certificate Manager
- NGINX operates over internal HTTP only
- (TLS managed by Azure App Service)
π Recommended Folder Structure
gateway-nginx/
β
ββ docs/ # Gateway documentation
β ββ overview.md # Gateway purpose and responsibilities
β ββ routing.md # Routing rules and upstream design
β ββ security.md # Security headers, auth, rate limiting (NO TLS)
β ββ observability.md # Logging, metrics and monitoring
β ββ deployment.md # Deployment on Azure App Service
β
ββ tests/ # Gateway tests
β ββ smoke-tests/ # Basic routing and availability tests
β ββ security-tests/ # Headers, CORS and rate limit validation
β ββ performance-tests/ # Basic load and stress tests
β
ββ nginx/ # NGINX configuration
β ββ nginx.conf # Main NGINX configuration file
β β
β ββ conf.d/ # Modular included configurations
β β ββ upstreams.conf # Backend service definitions
β β ββ routes.conf # Routing rules
β β ββ security.conf # Security headers configuration
β β ββ cors.conf # CORS configuration
β β ββ rate-limit.conf # Rate limiting rules
β β
β ββ snippets/ # Reusable configuration blocks
β ββ proxy-headers.conf # Standard proxy headers to backends
β ββ logging.conf # Log format definitions
β
ββ Dockerfile # NGINX container image definition
ββ README.md # Gateway entry point and usage