ngx_lua location capture issue
Nginx User
nginx at nginxuser.net
Tue Oct 18 17:29:17 UTC 2011
On 18 October 2011 20:28, Nginx User <nginx at nginxuser.net> wrote:
> On 18 October 2011 19:55, Nginx User <nginx at nginxuser.net> wrote:
>> I tried to create the following scenario:
>>
>> 1. Request test_page.php
>> 2. lua exec to @checkpoint
>> 3. @checkpoint does capture location to test_loc (future phpids)
>> 4. test_loc/index.php returns either 200 or 403 status
>> 5. @checkpoint continues or halts request accordingly
>>
>> # GET /test_page.php
>> server {
>> listen 80;
>> server_name testsite.com;
>> root /home/user/testsite.com/public_html;
>> location @checkpoint {
>> access_by_lua '
>> local res = ngx.location.capture("/test_loc")
>>
>> if res.status == ngx.HTTP_OK then
>> return
>> end
>>
>> if res.status == ngx.HTTP_FORBIDDEN then
>> ngx.exit(res.status)
>> end
>>
>> ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
>> ';
>> }
>> location @proxy {
>> include /etc/nginx/firewall.default;
>>
>> # Block IPs in Spamhaus drop list
>> if ($block = 1) {
>> return 444;
>> }
>>
>> proxy_pass http://127.0.0.1:8080;
>> ...
>> }
>> location /error_docs {
>> internal;
>> alias /home/user/$host/error_docs;
>> }
>> location /test_loc {
>> internal;
>> alias /usr/share/test_loc/;
>> rewrite_by_lua 'ngx.exec("@proxy");';
>> }
>> location / {
>> try_files $uri $uri/ @proxy;
>> }
>> location ~ .+\.php$ {
>> location ~ ^/test_page\.php$ {
>> rewrite_by_lua 'ngx.exec("@checkpoint");';
>> }
>>
>> rewrite_by_lua 'ngx.exec("@proxy");';
>> }
>> }
>>
>> Result is "the http output chain is empty while connecting to
>> upstream" blah blah blah and output is equivalent to issuing "return
>> 444". http://pastebin.com/7WisVBDU
>>
>> Logs seem to show "GET /test_page.php" being run a second time.
>>
>> Any tips on fixing?
>>
>> Cheers
>>
>
>
> A more considered read of the docs shows I had been mixingsubrequests
> and internal redirections all over the place and that this works as
> expected
>
>
> # GET /test_page.php
> server {
> listen 80;
> server_name testsite.com;
> root /home/user/testsite.com/public_html;
> location @proxy {
> include /etc/nginx/firewall.default;
>
> # Block IPs in Spamhaus drop list
> if ($block = 1) {
> return 444;
> }
>
> proxy_pass http://127.0.0.1:8080;
> ...
> }
> location /error_docs {
> internal;
> alias /home/user/$host/error_docs;
> }
> location /test_loc {
> internal;
> alias /usr/share/test_loc/;
> rewrite_by_lua 'ngx.exec("@proxy");';
> }
> location / {
> try_files $uri $uri/ @proxy;
> }
> location ~ .+\.php$ {
> location ~ ^/test_page\.php$ {
> access_by_lua '
> local res = ngx.location.capture("/phpids")
> if res.status == ngx.HTTP_OK then
> ngx.exec("@proxy_no_cache")
> end
> if res.status == ngx.HTTP_FORBIDDEN then
> ngx.exit(res.status)
> end
> ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
> ';
> }
>
> rewrite_by_lua 'ngx.exec("@proxy");';
> }
> }
>
>
> No need for @checkpoint. Just put the access check directly in place.
>
> Cool beans!
>
"@proxy_no_cache" = "@proxy"
More information about the nginx
mailing list