Skip to content

Update N1C getting started guide with instructions on how to enable metrics collection for a NGINX Plus API with SSL enabled #1496

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
dhurley wants to merge 3 commits into
base: main
Choose a base branch
from
+134 −57
Draft

Update N1C getting started guide with instructions on how to enable metrics collection for a NGINX Plus API with SSL enabled #1496

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b97da9f
Update N1C getting started guide with instructions on how to enable m…
dhurley Nov 27, 2025
5aa695e
chore: add important callout + add tabs
JTorreG Dec 4, 2025
0306016
docs: refactor nginx oss metrics setup content
spencerugbo Dec 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 54 additions & 0 deletions content/includes/use-cases/monitoring/enable-nginx-plus-api-with-ssl.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
---
nd-product: MSC
nd-files:
- content/nginx-one-console/getting-started.md
---

If SSL is enabled on the NGINX Plus API with self-signed certificates like this example:

```nginx
# This block enables the NGINX Plus API and dashboard with SSL
# For configuration and security recommendations, see:
# https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring/#configuring-the-api
server {
# Change the listen port if 9000 conflicts
# (8080 is the conventional API port)
listen 9000 ssl;
ssl_certificate /etc/nginx/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/nginx/certs/nginx-selfsigned.key;

location /api/ {
# To restrict write methods (POST, PATCH, DELETE), uncomment:
Copy link

@craigell craigell Nov 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Think we can take out the commented section for http basic auth. Keep the example clear for ssl only.

# limit_except GET {
# auth_basic "NGINX Plus API";
# auth_basic_user_file /path/to/passwd/file;
# }

# Enable API in write mode
api write=on;

# To restrict access by network, uncomment the following lines and set your network:
# allow 192.0.2.0/24; # replace with your network
# allow 127.0.0.1/32; # allow local NGINX Agent to call the NGINX Plus API to retrieve metrics
# deny all;
}

# Serve the built-in dashboard at /dashboard.html
location = /dashboard.html {
root /usr/share/nginx/html;
}
}
```

NGINX Agent configuration needs to be update with the following to enable the NGINX Agent to be able to call the NGINX Plus API.
```
data_plane_config:
nginx:
api_tls:
ca: "/etc/nginx/certs/nginx-selfsigned.crt"
```
Comment on lines +47 to +53
Copy link
Contributor

@nginx-seanmoloney nginx-seanmoloney Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
NGINX Agent configuration needs to be update with the following to enable the NGINX Agent to be able to call the NGINX Plus API.
```
data_plane_config:
nginx:
api_tls:
ca: "/etc/nginx/certs/nginx-selfsigned.crt"
```
#### Configure NGINX Agent to call the NGINX Plus API
To enable the Agent to call the NGINX Plus API, follow the steps below:
1. `sudo vim /etc/nginx-agent/nginx-agent.conf`
2. Open the file for editing
3. Add the following configuration:

data_plane_config:
nginx:
api_tls:
ca: "/etc/nginx/certs/nginx-selfsigned.crt"


4. Save and Restart
`sudo systemctl restart nginx-agent`

5. Run the following `sudo journalctl -u nginx-agent | grep "NGINX Plus API"`
The following output should be shown: `NGINX Plus API found, NGINX Plus receiver enabled to scrape metrics`


Here is an example of how to generate self-signed certificates
```
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/certs/nginx-selfsigned.key -out /etc/nginx/certs/nginx-selfsigned.crt -subj "/CN=localhost" -addext "subjectAltName=IP:127.0.0.1"
```
4 changes: 4 additions & 0 deletions content/nginx-one-console/getting-started.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,6 +163,10 @@ The NGINX One Console dashboard relies on APIs for NGINX Plus and NGINX Open Sou

{{< include "/use-cases/monitoring/enable-nginx-plus-api.md" >}}

### Enable NGINX Plus API with SSL

{{< include "/use-cases/monitoring/enable-nginx-plus-api-with-ssl.md" >}}

### Enable NGINX Open Source Stub Status API

{{< include "/use-cases/monitoring/enable-nginx-oss-stub-status.md" >}}
Expand Down