How to inject location directive into Kong - api

I'm trying to inject a nginx location directive into kong but it's not working as expected
In kong.conf I have
nginx_proxy_include = /u01/nginx/custom-nginx.conf
In custom-nginx.conf I have location /doc { alias /some/path; }
Yet it's not being injected into nginx-kong.conf which remains untouched:
# .......
# injected nginx_admin_* directives
location / {
default_type application/json;
content_by_lua_block {
Kong.admin_content()
}
header_filter_by_lua_block {
Kong.admin_header_filter()
}
}
location /nginx_status {
internal;
access_log off;
stub_status;
}
location /robots.txt {
return 200 'User-agent: *\nDisallow: /';
}

Related

NGINX Redirct All traffic www and non-www http TO https://example.com?

my problem is i want to redirect all traffic https and http , www and non-www TO https://example.com but if I go to my website at https://example.com I get 'your connection is insecure'.
I followed this answer NGINX: redirect non-www https to https://www but it redirects only from http to https and non www to www !
How do I redirect all to https://?
server
{
listen :80;
server_name example.com www.example.com ;
access_log /var/log/nginx/domains/example.com.log;
access_log /var/log/nginx/domains/example.com.bytes bytes;
error_log /var/log/nginx/domains/example.com.error.log;
root /home/admin/domains/example.com/public_html;
index index.php index.html index.htm;
include /usr/local/directadmin/data/users/admin/nginx_php.conf;
include /etc/nginx/webapps.conf;
return 301 https://$host$request_uri;
}
server
{
listen :443 ssl http2;
server_name example.com www.example.com ;
access_log /var/log/nginx/domains/example.com.log;
access_log /var/log/nginx/domains/example.com.bytes bytes;
error_log /var/log/nginx/domains/example.com.error.log;
root /home/admin/domains/example.com/private_html;
index index.php index.html index.htm;
ssl_certificate
/usr/local/directadmin/data/users/admin/domains/example.com.cert.combined;
ssl_certificate_key
/usr/local/directadmin/data/users/admin/domains/example.com.key;
include /usr/local/directadmin/data/users/admin/nginx_php.conf;
include /etc/nginx/webapps.ssl.conf;
add_header Strict-Transport-Security "max-age=3411" always;
open_file_cache max=200000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
client_header_timeout 3m;
client_body_timeout 10;
send_timeout 2;
client_header_buffer_size 1k;
large_client_header_buffers 4 4k;
gzip on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-
javascript application/json application/xml;
gzip_disable msie6;
output_buffers 1 32k;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
send_lowat 12000;
keepalive_timeout 65;
keepalive_requests 100000;
reset_timedout_connection on;
server_tokens off;
client_body_buffer_size 128k;
client_max_body_size 10m;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
location ~* ^/.well-known/ {
allow all;
}
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri /index.php?$query_string; # For Drupal >= 7
if ($allowed_country = no) {
return 443;
}
}
location #rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
include fastcgi_params;
fastcgi_param HTTP_PROXY "";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_intercept_errors on;
#fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
try_files $uri #rewrite;
}
location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri #rewrite;
expires max;
log_not_found off;
}
}
you're redirects looks fine but are you sure you have valid ssl certificate for example.com and it is installed properly on your host? the 'your connection is insecure' message usually does not have anything to do with the redirects it is because of certificate problems.
instead of using this:
return 301 https://$host$request_uri;
use:
return 301 https://$server_name$request_uri;

OpenResty : Response

I want to capture http response body and send it to another endpoint using resty.http . Here is my config , I am not able to get the body inside the content_by_lua_block (it is null). The response body is printed in access.log but is not present inside the content_by_lua_block. Any pointers appreciated . I am new to openresty and links appreciated.
--- nginx.conf --- start
worker_processes 1;
error_log /tmp/error.log debug;
events {
worker_connections 128;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
lua_package_path "/usr/local/Cellar/openresty/1.13.6.2/lualib/resty/?.lua;;";
lua_need_request_body on;
log_format bodylog '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" $request_time '
'<"$request_body" >"$response_body"';
server {
listen 8081 ;
server_name 127.0.0.1;
set $response_body "";
location /posts/1 {
mirror /mirror;
mirror_request_body on;
proxy_pass http://localhost:3000/posts/1;
access_log /tmp/access.log bodylog;
}
location = /mirror { // mirror traffic for requests
internal;
proxy_pass http://127.0.0.1:8080/analyzeservlet-1.0.0/analyzeservlet;
content_by_lua_block {
if ngx.var.resp_body ~= "" then
local http = require "resty.http"
local httpc = http.new()
local res, err = httpc:request_uri("<uri", {
method = "POST",
body = ngx.var.resp_body,
headers = {
["Content-Type"] = "application/x-www-form-urlencoded",
} })
end
}
}
}
client_body_buffer_size 16k;
client_max_body_size 16k;
body_filter_by_lua_block {
local response_body = string.sub(ngx.arg[1], 1, 1000)
ngx.ctx.buffered = (ngx.ctx.buffered or "") .. response_body
if ngx.arg[2] then
ngx.var.response_body = ngx.ctx.buffered
end
}
include servers/*;
}
You can read body data using ngx.req.get_body_data. More information available here: https://github.com/openresty/lua-nginx-module/#ngxreqget_body_data

Nginx separate Access Log for each domain

I use Nginx in combination with Typo3. My Typo3 installation has about 8 domains. Everything works like a charm. Now I have the problem that I want to use AWStats working for each domain but I don't know how can I separate the Access Log for every domain. In the following you can see how my configuration is actually running:
Config file inside sites-available:
server {
listen 127.0.0.1:80;
server_name www.domain1.de
www.domain2.de
www.domain3.de
root "/var/www/oz/htdocs/";
disable_symlinks if_not_owner;
location ~ /\.ht {
deny all;
}
location ~ ^/cgi-bin/ {
deny all;
}
# PHP is enabled
index index.php index.html index.htm;
location ~ \.php(/|$) {
try_files $fastcgi_script_name =404;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include /etc/nginx/fastcgi_params;
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
fastcgi_pass unix:/var/www/oz/conf/sockets/nginx-php-fcgi.sock;
fastcgi_read_timeout 300;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
}
location = / {
error_page 403 /.errorFiles/coming-soon.html;
}
location /.errorFiles/ {
alias /usr/share/liveconfig/html/;
}
#### NGINX Typo3 Config - Start #####
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
client_max_body_size 200M;
location ~ /\.(js|css)$ {
expires 604800s;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
if (!-e $request_filename){
rewrite ^/(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ /$1.$3 last;
}
location ~* ^/fileadmin/(.*/)?_recycler_/ {
deny all;
}
location ~* ^/fileadmin/templates/.*(\.txt|\.ts)$ {
deny all;
}
location ~* ^/typo3conf/ext/[^/]+/Resources/Private/ {
deny all;
}
location ~* ^/(typo3/|fileadmin/|typo3conf/|typo3temp/|uploads/|favicon\.ico) {
}
location / {
if ($query_string ~ ".+") {
return 405;
}
if ($http_cookie ~ 'nc_staticfilecache|be_typo_user|fe_typo_user' ) {
return 405;
} # pass POST requests to PHP
if ($request_method !~ ^(GET|HEAD)$ ) {
return 405;
}
if ($http_pragma = 'no-cache') {
return 405;
}
if ($http_cache_control = 'no-cache') {
return 405;
}
error_page 405 = #nocache;
try_files /typo3temp/tx_ncstaticfilecache/$host${request_uri}index.html #nocache;
}
location #nocache {
try_files $uri $uri/ /index.php$is_args$args;
}
#### NGINX Typo3 Config - End #####
}
server {
listen 127.0.0.1:80;
server_name domain1.de;
rewrite ^/(.*)$ "http://www.domain1.de/$1" permanent;
}
server {
listen 127.0.0.1:80;
server_name domain2.de;
rewrite ^/(.*)$ "http://www.domain2.de/$1" permanent;
}
server {
listen 127.0.0.1:80;
server_name domain3.de;
rewrite ^/(.*)$ "http://www.domain3.de/$1" permanent;
}
nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 5000;
multi_accept on;
use epoll;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
# ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
I tried to separate it inside the server-blocks. But I don't get it working. Anybody here who can help me or have some hints?
Each server can override it's own access log location:
server {
listen 127.0.0.1:80;
server_name domain1.de;
access_log /var/log/nginx/domain1-access.log;
error_log /var/log/nginx/domain1-error.log;
rewrite ^/(.*)$ "http://www.domain1.de/$1" permanent;
}
server {
listen 127.0.0.1:80;
server_name domain2.de;
access_log /var/log/nginx/domain2-access.log;
error_log /var/log/nginx/domain2-error.log;
rewrite ^/(.*)$ "http://www.domain2.de/$1" permanent;
}
server {
listen 127.0.0.1:80;
server_name domain3.de;
access_log /var/log/nginx/domain3-access.log;
error_log /var/log/nginx/domain3-error.log;
rewrite ^/(.*)$ "http://www.domain3.de/$1" permanent;
}

nginx rewrite rule for strip numbers from final

Can someone help me with this issue on nginx or using .htaccess?
I want to redirect an url like:
[http][www]domainName.tld/folderName/a-name-with-dashes-15-and-numbers-and-a-number-of-at-least-5-digits
Becomes
[http][www]domainName.tld/newFolderName/a-name-with-dashes-15-and-numbers
or
[http][www]domainName.tld/a-name-with-dashes-15-and-numbers
with www or without www.
a more real example (without domain):
/folderName/test-1-test-again-123456789
becomes
/newFolder/test-1-test-again
# or
/test-1-test-again
Thanks a lot
#Later Edit: Add Nginx Config from server block
listen ip:80;
server_name domain.tld www.domain.tld;
root /var/www/domain.tld/web;
if ($http_host = "www.domain.tld") {
rewrite ^ $scheme://domain.tld$request_uri? permanent;
}
index index.html index.htm index.php index.cgi index.pl index.xhtml;
error_log /var/log/domain.tld/error.log;
access_log /var/log/domain.tld/access.log combined;
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location /stats {
index index.html index.php;
auth_basic "Members Only";
auth_basic_user_file /var/www/clients/client/web/web/stats/.htpasswd_stats;
}
location ^~ /awstats-icon {
alias /usr/share/awstats/icon;
}
location ~ \.php$ {
try_files /c91e3e9dc234ca8eec5e7e5309e2fcca.htm #php;
}
location #php {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/lib/php5-fpm/web24.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
client_max_body_size 20M;
location ~* ^.+\.(css|png|ico|ttf|rss|atom|js|jpg|jpeg|gif|zip|tgz|gz|rar|bz2|doc|xls|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off;
log_not_found off;
expires max;
add_header Pragma public;
add_header Cache-Control: public;
}
location ~* ^/wp-admin/.*.(html|htm|shtml|php)$ {
client_max_body_size 30M;
}
location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php)$ {
types { }
default_type text/plain;
}
location ~* ^/static/.*.(html|htm|shtml|php)$ {
types { }
default_type text/plain;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~* (wp-comments-posts|wp-login)\.php$ {
if ($http_referer !~ ^(http://www.domain.tld) ) {
return 405;
}
}
Try something like this
location ~ '(.*)\-[0-9]{5,}$' {
return 301 $scheme://$server_name$1;
}
This should strip all trailing numbers, if the numbers at the end of the url are more than 5 numbers

Nginx $server_name in if statement

It seems like this is not working:
server_name blabla.bla;
location ~* (wp-comments-posts|wp-login)\.php$ {
if ($http_referer !~ ^(http://$servername) ) {
return 405;
}
}
While
server_name blabla.bla;
location ~* (wp-comments-posts|wp-login)\.php$ {
if ($http_referer !~ ^(http://blabla.bla) ) {
return 405;
}
}
works just fine. Is this expected and if so why? Or am I doing something wrong here?
Regular expressions are compiled while reading configuration, thus they cannot contain variables.
Also please note:
http://wiki.nginx.org/IfIsEvil
http://nginx.org/en/docs/http/ngx_http_referer_module.html
If you have the referer module you might like this one, this will ONLY allow the current server names to be valid referrers. All others will return as 405 error.
location ~* (wp-comments-post)\.php$ {
valid_referers server_names;
if ( $invalid_referer ) {
return 405;
}
### Do your stuff here
}