It's like codepen for nginx -- you paste in an nginx config, and then a server starts nginx for you and runs any curl or http command you want against
that nginx server.
Yes. Every time you hit "run", it'll start an instance of nginx 1.21.
There's a forked version of go-httpbin running on port 7777. It responds to every request by echoing back the method, headers, URL, and body as JSON.
There's no validation on what kinds of nginx configs you can use, and I'm sure there's some way to you run arbitrary code. Please don't do anything too malicious, I guess? The frontend is a static site, so all you can do is compromise a mostly stateless backend API server.
Your nginx runs in a separate network namespace that's disconnected from the host, so it's not able to make requests to the outside world.
I wouldn't paste anything extremely sensitive into this site, but you probably shouldn't be pasting sensitive things into random internet websites anyway :)
Here's the Github repository. The backend is in api/ and the frontend is in static/.