ngx_lua location capture issue

Tue Oct 18 17:28:27 UTC 2011

On 18 October 2011 19:55, Nginx User <nginx at nginxuser.net> wrote:
> I tried to create the following scenario:
>
> 1. Request test_page.php
> 2. lua exec to @checkpoint
> 3. @checkpoint does capture location to test_loc (future phpids)
> 4. test_loc/index.php returns either 200 or 403 status
> 5. @checkpoint continues or halts request accordingly
>
> # GET /test_page.php
> server {
>        listen 80;
>        server_name testsite.com;
>        root /home/user/testsite.com/public_html;
>        location @checkpoint {
>        access_by_lua '
>            local res = ngx.location.capture("/test_loc")
>
>            if res.status == ngx.HTTP_OK then
>                return
>            end
>
>            if res.status == ngx.HTTP_FORBIDDEN then
>                ngx.exit(res.status)
>            end
>
>            ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
>        ';
>    }
>        location @proxy {
>                include /etc/nginx/firewall.default;
>
>                # Block IPs in Spamhaus drop list
>                if ($block = 1) {
>                        return 444;
>                }
>
>                proxy_pass http://127.0.0.1:8080;
>                ...
>        }
>        location /error_docs {
>                internal;
>                alias /home/user/$host/error_docs;
>        }
>        location /test_loc {
>                internal;
>                alias /usr/share/test_loc/;
>                rewrite_by_lua 'ngx.exec("@proxy");';
>        }
>        location / {
>                try_files $uri $uri/ @proxy;
>        }
>        location ~ .+\.php$ {
>                location ~ ^/test_page\.php$ {
>                        rewrite_by_lua 'ngx.exec("@checkpoint");';
>                }
>
>                rewrite_by_lua 'ngx.exec("@proxy");';
>        }
> }
>
> Result is "the http output chain is empty while connecting to
> upstream" blah blah blah and output is equivalent to issuing "return
> 444". http://pastebin.com/7WisVBDU
>
> Logs seem to show "GET /test_page.php" being run a second time.
>
> Any tips on fixing?
>
> Cheers
>

A more considered read of the docs shows I had been mixingsubrequests
and internal redirections all over the place and that this works as
expected

# GET /test_page.php
server {
	listen 80;
	server_name testsite.com;
	root /home/user/testsite.com/public_html;
	location @proxy {
		include /etc/nginx/firewall.default;

		# Block IPs in Spamhaus drop list
		if ($block = 1) {
			return 444;
		}

		proxy_pass http://127.0.0.1:8080;
		...
	}
	location /error_docs {
		internal;
		alias /home/user/$host/error_docs;
	}
	location /test_loc {
		internal;
		alias /usr/share/test_loc/;
		rewrite_by_lua 'ngx.exec("@proxy");';
	}
	location / {
		try_files $uri $uri/ @proxy;
	}
	location ~ .+\.php$ {
		location ~ ^/test_page\.php$ {
			access_by_lua '
				local res = ngx.location.capture("/phpids")
				if res.status == ngx.HTTP_OK then
					ngx.exec("@proxy_no_cache")
				end
				if res.status == ngx.HTTP_FORBIDDEN then
					ngx.exit(res.status)
				end
				ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
			';
		}

		rewrite_by_lua 'ngx.exec("@proxy");';
	}
}

No need for @checkpoint. Just put the access check directly in place.

Cool beans!