Conditional rule

Igor Sysoev igor at sysoev.ru
Thu May 13 00:41:14 MSD 2010


On Wed, May 12, 2010 at 10:29:52PM +0200, Vincent MAUGE wrote:

> 2010/5/12 Igor Sysoev <igor at sysoev.ru>:
> > On Wed, May 12, 2010 at 10:01:12PM +0200, Vincent MAUGE wrote:
> >
> >> 2010/5/12 Igor Sysoev <igor at sysoev.ru>:
> >> > On Wed, May 12, 2010 at 07:13:00PM +0200, Vincent MAUGE wrote:
> >> >
> >> >> Sorry for the previous partial email.
> >> >>
> >> >> Hey,
> >> >>
> >> >> I need to add conditional rule with more than one test.
> >> >> I need something like :
> >> >> if ($remote_addr != "aa.bb.cc.dd" && $request_uri !~  ^/XXXXX$)
> >> >> {
> >> >>    rewrite ...
> >> >> }
> >> >> else{
> >> >>   proxy_pass ...
> >> >> }
> >> >>
> >> >> I don't find the good nginx syntax to obtain a such behaviour.
> >> >> I try :
> >> >> if ( )  {
> >> >>    if () {
> >> >>   }
> >> >> }
> >> >> without success
> >> >>
> >> >> What is the proper way to do such condition ?
> >> >
> >> > nginx does not support such syntax.
> >> > However, the proper way is to not use "if"s at all.
> >> > nginx should be configured using locations but not if/rewrites.
> >> >
> >> > Instead of backward logic:
> >> >
> >> >  if ($request_uri !~ ^/XXXXX$) {
> >> >      part A
> >> >  }
> >> >
> >> > you should use clear logic:
> >> >
> >> >    location / {
> >> >        part A
> >> >    }
> >> >
> >> >    location /XXXXXX {
> >> >        part B
> >> >    }
> >> >
> >> > What do you want to configure ?
> >> >
> >>
> >> My nginx is configure as a reverse proxy (http and https).
> >> I want to allow some ip to access both for example 10.10.10.10.
> >> Others are allow to access only https and get a permanent redirect on
> >> http to https except for specific url where I allow http/https for
> >> exemple directory /documentation.
> >>
> >> Whar is the best way ? to configure 2 location ?
> >
> > http {
> >     geo $https_only {
> >         default      1;
> >         10.10.10.10  0;
> >         10.10.10.20  0;
> >         ...
> >     }
> >
> >     server {
> >          listen 80;
> >
> >          root  ..
> >
> >          location / {
> >              if ($https_only) {
> >                  rewrite ^ https://site.com$request_uri?  permanent;
> >              }
> >              proxy_pass ...
> >          }
> >
> >          location /XXXX {
> >              proxy_pass ...
> >          }
> >     }
> >
> >     server {
> >          listen 443;
> >
> >          ssl stuff
> >
> >          root  ..
> >
> >          location / {
> >              proxy_pass ...
> >          }
> >     }
> >
> >
> > --
> > Igor Sysoev
> > http://sysoev.ru/en/
> >
> 
> Thanks Igor. This match exactly my need. I didn't notice geo Module until now.

"root .." is surplus here, since you use only proxying.

The other way to say

          location / {
              if ($https_only) {
                  rewrite ^ https://site.com$request_uri?  permanent;
              }
              proxy_pass ...
          }

is

          location / {
              allow 10.10.10.10;
              allow 10.10.10.20;
              deny  all;

              error_page  403  https://site.com$request_uri;

              proxy_pass ...
          }

Although in this case redirect will be with 302 status code.


-- 
Igor Sysoev
http://sysoev.ru/en/



More information about the nginx mailing list