Skip to content

Instantly share code, notes, and snippets.

@MTN-RowinAndruscavage

MTN-RowinAndruscavage/nginx.conf.j2_openresty

Created January 18, 2018 05:42
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save MTN-RowinAndruscavage/0b63941df49d413e498d28f1106297ed to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save MTN-RowinAndruscavage/0b63941df49d413e498d28f1106297ed to your computer and use it in GitHub Desktop.
Download ZIP
Example nginx.conf for openresty with HTTP data rewrite
Raw
nginx.conf.j2_openresty
#user nobody;
worker_processes auto;
#error_log logs/error.log;
error_log logs/error.log notice;
#error_log logs/error.log info;
#error_log logs/error.log debug;
#pid logs/nginx.pid;
worker_rlimit_nofile 1024;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$request_body"';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
#lua_code_cache off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
upstream "speednet_kibana" {
## using localhost gives a 502 Bad Gateway for whatever reason
# server 127.0.0.1:5601;
server {{ ansible_default_ipv4.address }}:5601;
}
upstream "speednet_elasticsearch" {
server {{ speednet_elasticsearch }}:9200;
}
server {
listen 80;
server_name _;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name _;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_certificate_key mtnsat.io.key ;
ssl_certificate mtnsat.io.crt ;
location ~ /elasticsearch {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
proxy_set_header REMOTE_USER $remote_user;
proxy_pass http://127.0.0.1:9200;
rewrite ^/elasticsearch/(.*) /$1 break;
}
location ~ /(app/kibana|bundles) {
limit_except GET HEAD OPTIONS {
deny all;
}
proxy_pass http://speednet_kibana;
proxy_redirect off;
proxy_read_timeout 30;
}
location / {
return 301 /app/kibana/;
}
}
server {
listen 9200;
server_name _;
location ~ /_mget {
limit_except GET POST HEAD OPTIONS {
deny all;
}
proxy_pass http://speednet_elasticsearch;
proxy_redirect off;
proxy_read_timeout 30;
}
location ~ /(_m*search|_field_stats) {
limit_except GET POST HEAD OPTIONS {
deny all;
}
lua_need_request_body on;
rewrite_by_lua_block {
local postdata, n, err = ngx.re.gsub( ngx.req.get_body_data(), "logstash-", "logstash-" .. ngx.var.remote_user .. "-", "o" )
if postdata then
ngx.req.set_body_data(postdata)
else
ngx.log(ngx.ERR, "error in re : ", err)
return
end
}
proxy_pass http://speednet_elasticsearch;
proxy_redirect off;
proxy_read_timeout 30;
}
location ~ ^/logstash-(?<dateindex>(\*|\d+\.\d+\.\d+))/(?<apiuri>(.*)) {
proxy_pass http://127.0.0.1:9200;
rewrite ^/logstash-(.*) /logstash-$remote_user-$dateindex/$apiuri last;
}
location ~ ^/logstash-(?<customer>(.*))- {
if ( $remote_user != $customer ) {
return 401;
}
limit_except GET HEAD OPTIONS {
deny all;
}
proxy_pass http://speednet_elasticsearch;
proxy_redirect off;
proxy_read_timeout 30;
}
location /logstash-* {
deny all;
}
location / {
limit_except GET HEAD OPTIONS {
deny all;
}
proxy_pass http://speednet_elasticsearch;
proxy_redirect off;
proxy_read_timeout 30;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment