http {
#lua 脚本配置
lua_package_path "/usr/local/src/nginx/conf/waf/?.lua";
lua_shared_dict limit 10m;
init_by_lua_file /usr/local/src/nginx/conf/waf/init.lua;
access_by_lua_file /usr/local/src/nginx/conf/waf/waf.lua;
# nginx 自带的授权,只支持http、https
server {
listen 81;
server_name nginx.test1.com;
location /test {
auth_request /auth;
proxy_pass http://192.168.40.26:8080/cloud/wapi/v1.0/hello;
}
location /auth {
proxy_pass http://192.168..40.26:8080/cloud/wapi/v1.0/auth/;
#proxy_pass_request_body off;
#proxy_set_header Content-Length "";
#proxy_set_header X-Original-URI $request_uri;
}
}
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
proxy_set_header Host $host;
proxy_set_header Referer $http_referer;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#利用lua脚本鉴权,支持http、https,注意如何利用lua脚本的话,可以参考学习笔记(一),需要再http节点中配置http节点中lua 脚本配置,先访问auth方法,然后此方法response.status == 200的话,继续代理http://192.168.40.119:8888/server;
location /test2 {
access_by_lua 'local res = ngx.location.capture("/cloud/wapi/v1.0/auth")
if res.status == ngx.HTTP_OK then
return
end
if res.status == ngx.HTTP_FORBIDDEN then
ngx.exit(res.status)
end
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
';
proxy_pass http://192.168.40.119:8888/server;
}
location ~ /cloud/wapi/v1.0/(.*) {
internal;
proxy_pass http://192.168.40.26:8080;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}