It's like codepen for nginx -- you paste in an nginx config, and then a server starts nginx for you and runs any
http command you want against
that nginx server.
Yes. Every time you hit "run", it'll start an instance of nginx 1.21.
There's no validation on what kinds of nginx configs you can use, and I'm sure there's some way to you run arbitrary code. Please don't do anything too malicious, I guess? The frontend is a static site, so all you can do is compromise a mostly stateless backend API server.
Your nginx runs in a separate network namespace that's disconnected from the host, so it's not able to make requests to the outside world.
I wouldn't paste anything extremely sensitive into this site, but you probably shouldn't be pasting sensitive things into random internet websites anyway :)
I haven't open sourced it yet but here's a gist of the main server code, so you can see basically what it does. It probably has a lot of bugs right now. It's running on fly.io.