N00b - logging stream request / response

Joel Parker joel.parker.gm at gmail.com
Tue Apr 25 18:52:41 UTC 2017


What I am trying to do is create an open proxy that listens to TLS from
many servers and de-crypts the traffic with the appropriate keys, log the
de-crytped request / response then re-encrypt with different certs and send
to an upstream server. My thought was theat a stream block would help me
accomplish this.

Joel

On Tue, Apr 25, 2017 at 1:49 PM, Robert Paprocki <
rpaprocki at fearnothingproductions.net> wrote:

> No. stream {} and http {} blocks are mutually exclusive.
>
> What exactly are you trying to accomplish with stream?
>
> On Tue, Apr 25, 2017 at 11:46 AM, Joel Parker <joel.parker.gm at gmail.com>
> wrote:
>
>> so can I have a hierarchy like this ?
>>
>> http {
>>       // log format
>>     stream {
>>           server {
>>              // access log
>>          }
>>     }
>> }
>>
>> On Tue, Apr 25, 2017 at 1:38 PM, Robert Paprocki <
>> rpaprocki at fearnothingproductions.net> wrote:
>>
>>> What you're doing doesn't quite make sense. You're trying to log HTTP
>>> data inside a stream block. That doesn't work. There's no such concept of
>>> $status, $http_referer, etc, inside a stream {} block.
>>>
>>> Have a read of the log_format docs: http://nginx.org/en/docs
>>> /http/ngx_http_log_module.html#log_format
>>>
>>>
>>> Syntax: *log_format* *name* [escape=default|json] *string* ...;
>>> Default:
>>>
>>> log_format combined "...";
>>>
>>> Context: http
>>>
>>>
>>>
>>> On Tue, Apr 25, 2017 at 11:32 AM, Joel Parker <joel.parker.gm at gmail.com>
>>> wrote:
>>>
>>>> I am trying to log all request / response in a stream with a lua script
>>>> I found in git hub and am having issues figuring out where to put the
>>>> log_format directive. Here is what I currently have :
>>>>
>>>> stream {
>>>>
>>>>     log_format bodylog '$remote_addr - $remote_user [$time_local] '
>>>>       '"$request" $status $body_bytes_sent '
>>>>       '"$http_referer" "$http_user_agent" $request_time '
>>>>       '<"$request_body" >"$resp_body"';
>>>>
>>>>      lua_need_request_body on;
>>>>
>>>>      set $resp_body "";
>>>>      body_filter_by_lua '
>>>>         local resp_body = ngx.arg[1]
>>>>         ngx.ctx.buffered = (ngx.ctx.buffered or "") .. resp_body
>>>>         if ngx.arg[2] then
>>>>            ngx.var.resp_body = ngx.ctx.buffered
>>>>         end
>>>>        ';
>>>>
>>>> ......
>>>>
>>>> }
>>>>
>>>> _______________________________________________
>>>> nginx mailing list
>>>> nginx at nginx.org
>>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>>
>>>
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170425/004a8807/attachment-0001.html>


More information about the nginx mailing list