Having Trouble Implementing a Conditional Proxy Pass

downloadmymind · 2014-08-09T07:19:34+00:00

yepC code, we need support SSL " #if (NGX_HTTP_SSL) lua_pushcfunction(L, ngx_http_lua_socket_tcp_sslhandshake);lua_setfield(L, -2,...

Having Trouble Implementing a Conditional Proxy Pass

downloadmymind

Hi Guys,

I'm trying to implement a conditional proxy where the request comes in as a POST, I want to check for a param name of api_key and see if it's in my cache of keys. If it is in the cache, I want to pass the request, intact with it's POST params to the new server, if not, pass the request to our legacy server. This is proxying requests for a SAAS system where we want to do an incremental migration of existing users. Everything seems to be working as far as getting the value from memcache but it fails after the conditional. AlI get is a 200. I tried a few examples and as you can see there's a couple different ways I was using to try to pass the request and none have worked. I've been working on this for quite some time and am at a loss as to how I can get this done. I'm open to different approaches if this is a 'you shouldn't do that' sort of issue. Thanks for your time and help!

System details:

openresty/1.7.2.1

Ubuntu 12.04 LTS

precise

My config file is below:

user nginx;

worker_processes 1;

error_log /var/log/nginx/error.log debug;

pid /var/run/nginx.pid;

worker_rlimit_nofile 200000;

events {

worker_connections 60000;

use epoll;

multi_accept on;

}

http {

include /etc/nginx/mime.types;

default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

log_format timed_combined '$remote_addr - $remote_user [$time_local] '

'"$request" $status $body_bytes_sent '

'"$http_referer" "$http_user_agent" '

'$request_time $upstream_response_time $pipe';

log_format rt_logger '$time_local,'

'$request_time,'

'$request,'

'$upstream_response_time';

log_format postdata Remote Address: $remote_addr \n Post Data \n $request_body;

access_log /var/log/nginx/access.log main;

access_log /var/log/nginx/postdata.log postdata;

access_log on;

sendfile on;

#tcp_nopush on;

keepalive_timeout 65;

#gzip on;

# include /etc/nginx/conf.d/*.conf;

server {

location / {

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $remote_addr;

proxy_set_header Host $http_host;

resolver 8.8.8.8;

default_type 'text/plain';

set $whitelist "";

set_form_input $api_password;

content_by_lua '

local res = ngx.location.capture("/whitelist", { method = ngx.HTTP_POST, body = "api_password=" .. ngx.var.api_password});

if res.body == "1"

then

ngx.location.capture("/newserver");

else

ngx.location.capture("/legacy");

end

}

location /add {

set_form_input $api_password;

set $memc_cmd 'set';

set $memc_key '$api_password';

set $memc_value 1;

memc_pass localhost:11211;

}

location /whitelist {

set_form_input $api_password;

set $memc_cmd 'get';

set $memc_key '$api_password';

memc_pass localhost:11211;

}

location /redir {

set_form_input $whitelist;

if ($whitelist = 1) {

proxy_pass http://newserver.com$request_uri;

}

proxy_pass https://legacyserver.com$request_uri;

}

location /legacy {

# internal;

resolver 8.8.8.8;

#echo legacy;

proxy_pass https://legacyserver.com$request_uri;

}

location /newserver {

# internal;

resolver 8.8.8.8;

#echo ec;

proxy_pass http://newserver.com$request_uri;

}

agentzh

Hello!

On Fri, Aug 8, 2014 at 4:19 PM, downloadmymind wrote:
>         location / {
[...]
>                 set $whitelist "";
>                 set_form_input $api_password;
>                 content_by_lua '
>                         local res = ngx.location.capture("/whitelist", {
> method = ngx.HTTP_POST, body = "api_password=" .. ngx.var.api_password});

Instead of using ngx.location.capture() + ngx_memc (though it also
works), it's more efficient and more flexible to just use the
lua-resty-memcached library here:

    https://github.com/openresty/lua-resty-memcached

Lua-resty-memcached is also a standard library in OpenResty.

>                         if res.body == "1"
>                         then
>                             ngx.location.capture("/newserver");
>                         else
>                             ngx.location.capture("/legacy");
>                         end

Here is the mistake you're makeing: ngx.location.capture() initiates a
subrequest and *captures* its response (header and body) in its return
value. So here you just throw the return value of
ngx.location.capture(), i.e., the subrequest response, away without
outputting anything in your main request handler. Here, according to
your requirements, you should really forward the subrequest's status
code (res.status), response headers (res.headers), and response body
(res.body) to your main request (using ngx.status, ngx.header, and
ngx.print).

But instead of doing subrequests here, a more efficient approach is to
use "internal redirects". That is,

    if some_condition then
        return ngx.exec("/newserver")
    end
    return ngx.exec("/legacy")

This is way more efficient for your use case because we can avoid the
overhead of subrequests and the overhead of capturing and buffering
the whole subrequest response (which can be large) in memory.

So basically we can retire all the subrequests in your example :)

Best regards,
-agentzh

downloadmymind

Great, thank you very much! I'll work on this today and see what I can make of it. I really appreciate your help.

On Friday, August 8, 2014 6:18:36 PM UTC-7, agentzh wrote:

Hello!

On Fri, Aug 8, 2014 at 4:19 PM, downloadmymind wrote:
> location / {
[...]
> set $whitelist "";
> set_form_input $api_password;
> content_by_lua '
> local res = ngx.location.capture("/whitelist", {
> method = ngx.HTTP_POST, body = "api_password=" .. ngx.var.api_password});

Instead of using ngx.location.capture() + ngx_memc (though it also
works), it's more efficient and more flexible to just use the
lua-resty-memcached library here:

https://github.com/openresty/lua-resty-memcached

Lua-resty-memcached is also a standard library in OpenResty.

> if res.body == "1"
> then
> ngx.location.capture("/newserver");
> else
> ngx.location.capture("/legacy");
> end

Here is the mistake you're makeing: ngx.location.capture() initiates a
subrequest and *captures* its response (header and body) in its return
value. So here you just throw the return value of
ngx.location.capture(), i.e., the subrequest response, away without
outputting anything in your main request handler. Here, according to
your requirements, you should really forward the subrequest's status
code (res.status), response headers (res.headers), and response body
(res.body) to your main request (using ngx.status, ngx.header, and
ngx.print).

But instead of doing subrequests here, a more efficient approach is to
use "internal redirects". That is,

if some_condition then
return ngx.exec("/newserver")
end
return ngx.exec("/legacy")

This is way more efficient for your use case because we can avoid the
overhead of subrequests and the overhead of capturing and buffering
the whole subrequest response (which can be large) in memory.

So basically we can retire all the subrequests in your example :)

Best regards,
-agentzh