Using variables on configuration (map?) for regex

mostolog at gmail.com mostolog at gmail.com
Fri Jul 22 06:22:18 UTC 2016


Hi

I'm trying to /clean/ up a config file and I'm having a headache trying 
to do it.

Consider the following scenario:

  * Users from group gfoo must be allowed to GET URL foo, while adminfoo
    must be able to POST
  * Users from group gbar must be allowed to GET URL bar, while adminbar
    must be able to POST
  * ...and so on for ~50 groups.

The configuration at this moment is similar to:

    server {
         listen 80;
         server_name foo.domain.com;
         location ~ /content/foo {
             if ($denied_foo) {
                 return 403 "Forbidden";
             }
             ...
         }
         location ~ /page/bar/action...and ~10 locations more per server...
    }
    server {
         listen 80;
         server_name bar.domain.com;
         location ~ /content/bar {
             if ($denied_bar) {
                 return 403 "Forbidden";
             }
             ...
         }
         location ~ /page/bar/action...and ~10 locations more per server...
    }
    ...~200 whatever.domain.com servers more
    map $request_method:$request_uri:$http_groups $denied_foo {
         default 1;
    ~^GET:/content/foo:gfoo 0;
         ~^POST:/content/foo:adminfoo 0;
    }
    map $request_method:$request_uri:$http_groups $denied_bar {
         default 1;
    ~^GET:/content/bar:gbat 0;
    ~^POST:/content/bar:adminbar 0;
    }
    ...lots of map directives


I'll like to be able to simplify it doing something like:

         server_name (?<myvar>.*)\.domain\.com;
    ...
    map $request_method:$request_uri:$http_groups $denied {
         default 1;
         ~^GET:/content/$myvar:g$myvar 0;
         ~^POST:/content/$myvar:admin$myvar 0;
    }

I have even tried using an auxiliary map this way:

    map $servername $myvar {
    ~^(?<v>.*)\.domain\.com $v;
    }

    map $request_method:$request_uri:$http_groups $denied {
         default 1;
         ~^GET:/content/$myvar:g$myvar 0;
         ~^POST:/content/$myvar:admin$myvar 0;
    }

But I haven't succeeded so far. Could you help me?

Having ~200 configuration files doesn't seem a good option, so omit 
"on-build config with script parameters"

Thanks in advance,

Regards.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160722/8960aec4/attachment.html>


More information about the nginx mailing list