I am trying to build a reverse proxy service with nginx that would first validate a session cookie and proxy to the requested backend resource if valdation was successful.
I have this config ...
# upstream services
upstream backend_production {
#ip_hash;
server cumulonimbus.foo.com:81;
}
map $mycookie $mybackend {
_SESSION_COOKIE http://backend_production/session.php;
}
# session server
server {
listen *:80;
server_name devcumulonimbus cumulonimbus.foo.com;
error_log /var/log/nginx/session.error.log;
access_log /var/log/nginx/session.access.log;
#access_log off; # turn access_log off for speed
root /var/www/;
location = /favicon.ico {
return 204;
access_log off;
log_not_found off;
}
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_cache off;
# does cookie exist?
if ($http_cookie ~* "_SESSION_COOKIE")
{
set $mycookie '_SESSION_COOKIE';
proxy_pass $mybackend;
error_page 400 403 404 500 = /denied;
post_action /reader.php;
break;
}
# no cookie
rewrite ^(.*)$ http://cumulonimbus.foo.co开发者_运维问答m:81/login.php;
}
location =/reader.php {
internal;
proxy_pass http://backend_production/reader.php;
}
location /denied/ {
internal;
rewrite ^(.*)$ http://cumulonimbus.foo.com:81/login.php;
}
}
I set _SESSION_COOKIE in login.php, update the cookie value in session.php and pop a page in reader.php. The problem is that I do not see the page emitted by reader.php eventhough syslog tells me it was hit (only the session.php page is displayed). nginx is the front-end, apache is the backend runnning the php services (this ienvironment is used for prototyping only).
==> /var/log/apache2/error.log <==
session_manager[4350]: CONNECTED TO SESSION MANAGER
==> /var/log/syslog <==
Jul 12 19:41:06 devcumulonimbus session_manager[4350]: CONNECTED TO SESSION MANAGER
==> /var/log/apache2/access.log <==
10.10.11.113 - - [12/Jul/2011:19:41:06 -0700] "GET /session.php HTTP/1.0" 200 454 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0"
==> /var/log/apache2/error.log <==
web_reader[4352]: CONNECTED TO WEB READER
==> /var/log/syslog <==
Jul 12 19:41:06 devcumulonimbus web_reader[4352]: CONNECTED TO WEB READER
If I hit memcache first I can see the page.
I would also like to be able to capture the output response of the first request (first proxy_pass)? should I use the nginx lua module.
精彩评论