<div dir="ltr"><div>I am still having issues with the config, can you take a look at my short config and see where my confusion lies ? Changed the stream block to http and think I did the rest correct but still complains about log_format and not sure if my proxy_pass or any of the rest of it is bad.<br><br></div>Joel<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Apr 25, 2017 at 2:00 PM, Robert Paprocki <span dir="ltr"><<a href="mailto:rpaprocki@fearnothingproductions.net" target="_blank">rpaprocki@fearnothingproductions.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Just set up a server {} block that accepts TLS connections. This is exactly what proxy_pass is for :) You can log whatever HTTP data you need via Nginx (just as your log_format and content_by_lua block does), and then proxy_pass that traffic to your upstream as normal. Stream blocks are for arbitrary TCP/UDP streams; they have no knowledge of layer 7 HTTP data.<br><br>BTW it's very bad practice to buffer the whole request body like that ;)<div><div class="h5"><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Apr 25, 2017 at 11:52 AM, Joel Parker <span dir="ltr"><<a href="mailto:joel.parker.gm@gmail.com" target="_blank">joel.parker.gm@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>What I am trying to do is create an open proxy that listens to TLS from many servers and de-crypts the traffic with the appropriate keys, log the de-crytped request / response then re-encrypt with different certs and send to an upstream server. My thought was theat a stream block would help me accomplish this.<br><br></div>Joel<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Apr 25, 2017 at 1:49 PM, Robert Paprocki <span dir="ltr"><<a href="mailto:rpaprocki@fearnothingproductions.net" target="_blank">rpaprocki@fearnothingproducti<wbr>ons.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">No. stream {} and http {} blocks are mutually exclusive.<br><div><br></div><div>What exactly are you trying to accomplish with stream?</div></div><div class="m_-8121848465467038981m_-4196197591881536393m_-8949519561476493694HOEnZb"><div class="m_-8121848465467038981m_-4196197591881536393m_-8949519561476493694h5"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Apr 25, 2017 at 11:46 AM, Joel Parker <span dir="ltr"><<a href="mailto:joel.parker.gm@gmail.com" target="_blank">joel.parker.gm@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>so can I have a hierarchy like this ?<br><br></div>http {<br></div><div>Â Â Â Â Â // log format<br></div>Â Â Â stream {<br></div>Â Â Â Â Â Â Â Â Â server {<br></div>Â Â Â Â Â Â Â Â Â Â Â Â // access log<br><div>Â Â Â Â Â Â Â Â }<br><div>Â Â Â }<br><div>}<br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Apr 25, 2017 at 1:38 PM, Robert Paprocki <span dir="ltr"><<a href="mailto:rpaprocki@fearnothingproductions.net" target="_blank">rpaprocki@fearnothingproducti<wbr>ons.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>What you're doing doesn't quite make sense. You're trying to log HTTP data inside a stream block. That doesn't work. There's no such concept of $status, $http_referer, etc, inside a stream {} block.</div><div><br></div>Have a read of the log_format docs:Â <a href="http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format" target="_blank">http://nginx.org/en/docs<wbr>/http/ngx_http_log_module.html<wbr>#log_format</a><br><br><br class="m_-8121848465467038981m_-4196197591881536393m_-8949519561476493694m_-5797128594644303429m_-472930783172187996m_7396095321503525620gmail-Apple-interchange-newline"><table style="color:rgb(0,0,0);font-family:sans-serif;font-size:medium" cellspacing="0"><tbody><tr><th style="padding-left:0px;padding-right:0.5em;vertical-align:baseline;text-align:left;font-weight:normal">Syntax:</th><td style="vertical-align:baseline"><code><strong>log_format</strong>Â <code><i>name</i></code>Â [<code>escape</code>=<code>defaul<wbr>t</code>|<code>json</code>]Â <code><i>string</i></code>Â ...;</code><br></td></tr><tr><th style="padding-left:0px;padding-right:0.5em;vertical-align:baseline;text-align:left;font-weight:normal">Default:</th><td style="vertical-align:baseline"><pre style="padding:0px;margin-top:0px;margin-bottom:0px">log_format combined "...";</pre></td></tr><tr><th style="padding-left:0px;padding-right:0.5em;vertical-align:baseline;text-align:left;font-weight:normal">Context:</th><td style="vertical-align:baseline"><code>http<br><br><br></code></td></tr></tbody></table></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="m_-8121848465467038981m_-4196197591881536393m_-8949519561476493694m_-5797128594644303429m_-472930783172187996h5">On Tue, Apr 25, 2017 at 11:32 AM, Joel Parker <span dir="ltr"><<a href="mailto:joel.parker.gm@gmail.com" target="_blank">joel.parker.gm@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="m_-8121848465467038981m_-4196197591881536393m_-8949519561476493694m_-5797128594644303429m_-472930783172187996h5"><div dir="ltr">I am trying to log all request / response in a stream with a lua script I found in git hub and am having issues figuring out where to put the log_format directive. Here is what I currently have :<br><br>stream {<br><br>Â Â Â log_format bodylog '$remote_addr - $remote_user [$time_local] '<br>Â Â Â Â Â '"$request" $status $body_bytes_sent '<br>Â Â Â Â Â '"$http_referer" "$http_user_agent" $request_time '<br>Â Â Â Â Â '<"$request_body" >"$resp_body"';<br><br>Â Â Â Â lua_need_request_body on;<br><br>Â Â Â Â set $resp_body "";<br>Â Â Â Â body_filter_by_lua '<br>Â Â Â Â Â Â Â local resp_body = ngx.arg[1]<br>Â Â Â Â Â Â Â ngx.ctx.buffered = (ngx.ctx.buffered or "") .. resp_body<br>Â Â Â Â Â Â Â if ngx.arg[2] then<br>Â Â Â Â Â Â Â Â Â Â ngx.var.resp_body = ngx.ctx.buffered<br>Â Â Â Â Â Â Â end<br>Â Â Â Â Â Â ';<br><br>......<br><br>}<br></div>
<br></div></div>______________________________<wbr>_________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailm<wbr>an/listinfo/nginx</a><br></blockquote></div><br></div>
<br>______________________________<wbr>_________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailm<wbr>an/listinfo/nginx</a><br></blockquote></div><br></div>
<br>______________________________<wbr>_________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailm<wbr>an/listinfo/nginx</a><br></blockquote></div><br></div>
</div></div><br>______________________________<wbr>_________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailm<wbr>an/listinfo/nginx</a><br></blockquote></div><br></div>
<br>______________________________<wbr>_________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailm<wbr>an/listinfo/nginx</a><br></blockquote></div><br></div></div></div></div>
<br>______________________________<wbr>_________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx</a><br></blockquote></div><br></div>