nginx.conf

user             nginx;
worker_processes 1;
pid              /var/run/nginx.pid;
error_log        /var/log/nginx/error.log;

events {
  worker_connections  1024;
}

map $http_x_apikey $enabled {
  default "";
  "EXAMPLE-API-KEY" false;
}

http {
  sendfile                  on;
  tcp_nopush                on;
  gzip                      on;
  ssl_prefer_server_ciphers on;
  keepalive_timeout         65;
  types_hash_max_size       2048;
  default_type              application/octet-stream;
  ssl_protocols             TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  access_log                /var/log/nginx/access.log;
  include                   /etc/nginx/mime.types;

  server {
    listen               80      default_server; # IPv4 Listener
    listen               [::]:80 default_server; # IPv6 Listener
    server_name          _;                      # Server's name (domain name). By default `_`, which is any.
    client_max_body_size 1M;                     # Default max body size of 1 Megabyte. If more is needed, increase this number, to eg: 300M

    # If you wish to do authorization externally, you can modify this location and its rules
    location /authorize {
      internal;

      if ($enabled = false) {
        return 403; # Forbidden
      }

      if ($http_x_apikey = "") {
        return 401; # Unauthorized
      }

      return 204; # OK
    }

    location / {
      if ($request_method = 'OPTIONS') {
        add_header Access-Control-Allow-Headers "X-APIkey, Authorization";
      }

      satisfy any;
      auth_request /authorize;

      # Change example.com with your node's IP and Port that you would normally use to connect to
      proxy_pass  http://example.com/;
    }
  }
}