我正在尝试将 nginx 配置为代理将请求传递到另一台服务器,前提是 $request_body 变量与特定正则表达式匹配。但这对我不起作用。
server{
listen 80 default;
server_name www.applozic.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
if ($request_body ~* (.*)appId(.*)) {
proxy_pass http://apps.applozic.com;
}
}
}
请求正文是::
{
"applicationId": "appId",
"authenticationTypeId": 1,
"enableEncryption": false,
"notificationMode": 0,
"deviceType": 4,
}
我找到了解决方案。
我在 nginx(打开 Resty)配置文件中做了以下更改
upstream algoapp {
server 127.0.0.0.1:543;
}
upstream main {
server 127.0.0.1:443;
}
location /rest/ws/login {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
if ($request_method = OPTIONS ) {
proxy_pass https://127.0.0.1:543;
}
if ($request_method = POST ) {
set $upstream '';
access_by_lua '
ngx.req.read_body()
local data = ngx.req.get_body_data()
local match = ngx.re.match(ngx.var.request_body, "appId")
if match then
ngx.var.upstream = "algoapp"
else
ngx.var.upstream = "main"
end
';
proxy_pass https://$upstream;
}
}
据我所知,问题是变量
$request_body
在执行 if 语句时可能尚未读入内存。
建议的替代方案是使用 lua 支持或 使用 echo 模块编译 nginx 并运行 echo_request_body。
一个带有自动化测试的工作示例,以防对其他人有用:https://github.com/ericminio/learning-nginx/tree/master/payload_filter
配置
map $request_body $matching {
default 'not_matching';
include /etc/nginx/conf.d/matching;
}
server {
default_type text/plain;
location /ping {
return 200 'pong';
}
location / {
proxy_set_header 'X-Matching' $matching;
proxy_pass http://localhost/routing;
}
location /routing {
try_files /unknown-file-to-trigger-redirect @_$http_x_matching;
}
location @_matching {
proxy_pass http://host.docker.internal:5015;
}
location @_not_matching {
proxy_pass http://host.docker.internal:5066;
}
}
使用集成时并不那么容易,比如某些情况下你的 nginx 不允许你做额外的代理东西来改变整个设计,那么你可以尝试 nginx-if-request-body 来实现结果
http {
....
map "$uri" $forward_status {
default 100; # 100 means nothing return, continue to proxy phase
"~*.+?\.(css|js|bmp|gif|ico|jpeg|jpg|pict|png|svg|swf|tif)$" 418;
}
map "$request_body" $forward_status_by_body {
default 100;
"abc123xxx" 418;
"~*.+?\.(css|js|bmp|gif|ico|jpeg|jpg|pict|png|svg|swf|tif)$" 418;
}
server {
...
error_page 418 =200 @welcome_if_request_body;
location @welcome_if_request_body {
add_header Content-Type text/plain;
return 200 "welcome_if_request_body, you hit it";
}
location = / {
if_request_body on;
return_status_if_body_eq "ASD" 418 on;
return_status_if_body_eq "foo" 418;
return_status_if_body_eq "john" 418;
return_status_if_body_startswith "report" 418;
return_status_if_body_contains "report" 418;
return_status_if_body_regex "^[\d]+?abc" 418;
return_status_if_variable_map_to $forward_status;
return_status_if_variable_map_to $forward_status_by_body;
proxy_pass http://localhost:7777;
}
...
}
}
njs 模块的示例使用 r.internalRedirect 在 nginx 内部传递请求,以便可以填充和使用 r.requestText。 Nginx 需要在内部传递请求来填充 body 变量。