Yichun suggested yesterday that my correctly configured nginx binary was not the one being run. That may have been the case, since I am not longer getting runtime errors in error.log. However, something must be wrong with the way I am writing the directives in nginx.conf, since they aren't actually replacing secrets like I would expect. My json responses are still coming back unaltered. Is there a way to see if a directive is being triggered?
Thanks,
Austin W.
On Thursday, January 19, 2017 at 11:04:55 AM UTC-5, Austin Whipple wrote:
Hi Yichun,
I brought the email over to the board, and looked into your advice. Haven't had much luck yet.
Nginx is being run from /opt/nginx:
$ ps -ef | grep nginx
root 28458 28448 0 15:38 ? 00:00:00 sh -c /opt/nginx
root 28459 28458 0 15:38 ? 00:00:00 nginx: master process /opt/nginx
www-data 28460 28459 0 15:38 ? 00:00:00 nginx: worker process
www-data 28461 28459 0 15:38 ? 00:00:00 nginx: worker process
www-data 28462 28459 0 15:38 ? 00:00:00 nginx: worker process
www-data 28463 28459 0 15:38 ? 00:00:00 nginx: worker process
$ ls -la /opt/
...
-rwxr-xr-x 1 root root 6273959 Jan 18 22:00 nginx
drwxr-xr-x 9 root root 12288 Jan 18 21:30 pcre-8.40
drwxrwxr-x 5 root root 4096 Oct 28 2013 replace-filter-nginx-module-0.01rc5
drwxr-xr-x 14 root root 4096 Jan 18 21:30 zlib-1.2.11
nginx -V gives:
$ /opt/nginx -V
nginx version: nginx/1.10.2
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3)
built with OpenSSL 1.0.1f 6 Jan 2014
TLS SNI support enabled
configure arguments: --sbin-path=/opt/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --with-http_ssl_module --with-pcre=/opt/pcre-8.40/ --with-zlib=/opt/zlib-1.2.11/ --with-stream --add-module=/opt/replace-filter-nginx-module-0.01rc5 --with-ld-opt=-Wl,-rpath,/usr/local/lib
Nginx builds just fine, and loads the config just fine, but I get these messages:
2017/01/18 21:32:15 [emerg] 23895#0: unknown directive "replace_filter_types" in /etc/nginx/nginx.conf:197
2017/01/18 22:00:17 [emerg] 23895#0: unknown directive "replace_filter_types" in /etc/nginx/nginx.conf:197
2017/01/18 22:03:30 [emerg] 23895#0: unknown directive "replace_filter" in /etc/nginx/nginx.conf:198
2017/01/18 22:15:49 [emerg] 23895#0: unknown directive "replace_filter" in /etc/nginx/nginx.conf:198
2017/01/18 22:16:25 [emerg] 23895#0: unknown directive "replace_filter_types" in /etc/nginx/nginx.conf:197
In my nginx.conf:
location /marathon-test/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
replace_filter_types application/json;
replace_filter VAULT_PASSWORD=[\w\d]+ VAULT_PASSWORD=SECRET ig;
replace_filter DOCKER_PASSWORD=[\w\d]+ DOCKER_PASSWORD=SECRET ig;
replace_filter JDBC_PASSWORD=[\w\d]+ JDBC_PASSWORD=SECRET ig;
replace_filter LOGSTASH_SSL_CRT=[-\w\d\s\\\/=+]+ LOGSTASH_SSL_CRT=SECRET ig;
Really confused on this one. Everything looks like it should work, but it is not working. Any ideas?
Regards,
Austin W.