How to access original request (and port) in ngnix
I have the following network configuration: F5 LB -> 2 NGNIX Nodes -> Application Server
For server-to-server calls, we sign the request based on the schema, port and uri on the originating server and compare this signature with the destination, re-signing the request again based on the same parameters. from server to server this path follows: source server → F5 LB → NGNIX → destination server.
The original request sent by the origin server is sent to https without a port, and thus signed without a port (or using the default port for that matter). LB adds a custom port to the request and passes it to NGNIX. NGNIX, in turn, is configured to send the server schema, host and port with a request to the application server:
proxy_set_header Host $host:$server_port;
proxy_set_header X-Scheme $scheme;
The destination server received a port originating from LB and not the one that was sent with the original request sent by the source server, as a result of which the signature could not be verified on the destination server. The same has been tested with Apache using ajp with proxies and the submitted request contains the original port, not the one added by LB.
After careful reading, a simple question arises: How do you access the original request (and port) in ngnix?
Here's the rest of the relevant config:
proxy.conf:
proxy_redirect off;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
proxy_buffer_size 8k;
proxy_http_version 1.0;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Configuration
log_format upstreamlog '[$time_local] $remote_addr $status "$request" $body_bytes_sent - $server_name to: $upstream_addr $upstream_response_time sec "$http_user_agent"';
server {
listen 9080;
listen 9443 ssl;
server_name myserver.com;
root html;
error_log /data/server_openresty/error.log info;
access_log /ldata/server_openresty/logs/access.log upstreamlog;
gzip on;
gzip_types text/plain text/xml text/css text/javascript application/javascript application/xhtml+xml application/xml;
ssl_certificate /data/server_openresty/nginx/certs/dev_wildCard.crt;
ssl_certificate_key /code/server_openresty/nginx/certs/dev_wildCard.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:MEDIUM:!aNULL:!MD5;
### headers passed to the proxies
proxy_set_header Host $host:$server_port;
proxy_set_header X-Scheme $scheme;
location /api/serverA{
proxy_pass http://serverA-cluster;
}
location /api/serverB{
proxy_pass http://serverB-cluster;
}
}
source to share
No one has answered this question yet
Check out similar questions: