Pluribus One NGINX Module

Description

The Pluribus One NGINX Module is a certified dynamic module for NGINX. It collects data on incoming transactions, including headers and body of each HTTP request and response. The module sends the full contents of each transaction via UDP to a Seer Box instance.

References

https://www.nginx.com/products/nginx/modules/seerbox-pluribus-one/

Seer Box side configuration

To set Pluribus One NGINX Module as the source, simply select the Pluribus One NGINX Module value in the Log type field in step 3 of the traffic source creation.

No additional fields will be required.

Source side configuration

Supported environment

The supported distributions are:

• Rocky Linux 9
• Ubuntu 22.04 LTS
• Debian 11 Stable
• OpenSUSE Leap 15.3

Installation

1. Contact Pluribus One to obtain the installation package for one of the supported distributions
2. Install the package
3. Modify the configuration file /etc/nginx/nginx.conf adding the directive:

load_module /etc/nginx/modules/ngx_pluribus_one_http_seerbox_connector.so

4. Configure the module using the commands listed in section List of available commands
5. If SELinux is present in the environment, a policy module must be installed to enable communication between NGINX and the Seer Box instance. The policy module will be provided during step 1, and it can be installed using the command:

semodule -i MODULE_NAME.pp

During the package installation in step 2, the following shared objects .so are installed in /etc/nginx/modules:

• libseerbox_connector.so
• ngx_pluribus_one_http_seerbox_connector_module_X.XX.X.so

List of available commands

The Pluribus One NGINX Module provides the following configuration commands to be inserted into an NGINX configuration file:

seerbox_connector

Enable or disable the module functionality.

• Syntax : seerbox_connector on|off
• Context : http, server, location
• Default : off

seerbox_connector_local_port

Specify the port to use for connecting to the Seer Box listening instance.

• Syntax : seerbox_connector_local_port LOCAL_PORT
• Context : http, server
• Default : no

seerbox_destination

Specify the address and port of the Seer Box listening instance.

• Syntax : seerbox_connector_destination IP_HOST_SB:PORT_SB
• Context : http, server
• Default : no

Configuration example

...
load_module modules/ngx_pluribus_one_http_seerbox_connector.so;
...
http {
    seerbox_connector on;
    seerbox_connector_local_port 9999;
    seerbox_connector_destination 10.2.3.4:20050;
    ...
    
    server {
    ...
        location /test {
            seerbox_connector off;
            ...
        }
    }
}

Variables to be replaced

• IP_HOST_SB: IP address of the Seer Box instance.
• PORT_SB: the port of the Seer Box listening interface, related to the configured traffic source. The port number can be found under the source detailed information in the Seer Box web interface, on Settings - Traffic Sources page.