September 25, 2015

nginScript - JavaScript Meets NGINX

By Paulo Silva | 2 min read

nginScript - JavaScript Meets NGINX

NGINX is a well-known HTTP server but it can also be used as a mail server, reverse proxy or even “an open-source, high performance, low rules maintenance WAF” (Nasix). Going even further, on Evan Miller’s words, it could be the Batman’s belt.

NGINX is free, open-source and truly performant, with a really thin but complex core. Most of the features are provided as modules which are written in C language and compiled together with the core (instead of dynamically linked).

The notorious lack of documentation makes modules development painful and time consuming: any mistake and NGINX’s performance will drop. We’ve been there! In order to ease this process, at least for smaller features/tasks, NGINX introduced Perl and also Lua Scripting.

Lua was widely spread by video games companies to allow users to create their own game levels and automate tasks. It is also used in products like Redis, Photoshop and VLC Media Player, however Lua is not a so common programming language like, for instance, JavaScript, the #1 programming language on GitHub (Q4/14).

That’s why NGINX has launched nginScript which is a subset of JavaScript for NGINX. It doesn’t offer all of JavaScript functionalities but anyone who has ever written a few lines of JavaScript can now confidently extend NGINX capabilities.

According to Igor Sysoev, NGINX’s author, “nginScript has a wide range of potential uses

  • Defend against security threats – nginScript can dynamically respond to abusive traffic sources by rate-limiting or denying requests.
  • Gain richer control over traffic – You can implement flexible control over how traffic is routed using information in the request or other sources.
  • Consolidate functions across applications – You can move duplicated functionality out of applications and into the application delivery platform.
  • Speed application development with function libraries – nginScript code can be developed, reused, improved, stored, and shared.”

and this is what the famous “hello world” example would look like

location / {   
    js_run "       
    var res;       
    res = $r.response;       
    res.status = 200;       
    res.send('Hello World!');       

This is a sign of JavaScript growth as it adoption spreads to new contexts. It is becoming the universal programming language.

If you want to learn more about nginScript, refer here.


  1. Nasix
  2. Emiller’s Guide To Nginx Module Development
  3. Launching nginScript and Looking Ahead
  4. nginScript Documentation

Try Jscrambler For Free

Paulo SilvaPaulo Silva is a Security Researcher with a degree in Computer Sciences. In the last +10 years he has been building software but now he's having fun also breaking it.
View All Posts

Subscribe to our weekly newsletter

Learn more about new security threats and technologies.

Projeto Co-Financiado por (Mais info)Norte 2020, Portugal 2020, FEDR