Skip to content

Instantly share code, notes, and snippets.

@bsingr

bsingr/nginx.conf

Last active October 23, 2023 05:46
Show Gist options
  • Star 11 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bsingr/7107a5074c6390d5ef70 to your computer and use it in GitHub Desktop.
Save bsingr/7107a5074c6390d5ef70 to your computer and use it in GitHub Desktop.
Download ZIP
Shadow traffic duplication reverse proxy
Raw
nginx.conf
daemon off;
error_log /dev/stderr warn;
worker_processes 4;
events {
worker_connections 1024;
multi_accept on;
}
http {
access_log /dev/stdout;
server {
listen 443;
ssl_certificate /path/to/tls.cert;
ssl_certificate_key /path/to/tls.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 300;
proxy_pass https://production-backend.de:443;
post_action @traffic_replay;
}
location @traffic_replay {
proxy_pass https://testing-backend:443;
}
}
}
@ptflp
Copy link

ptflp commented May 30, 2020 

daemon off;

error_log /dev/stderr warn;

worker_processes 4;

events {
  worker_connections 1024;
  multi_accept on;
}

http {
  access_log /dev/stdout;

  server {
    listen 443;

    ssl_certificate           /path/to/tls.cert;
    ssl_certificate_key       /path/to/tls.key;

    ssl                       on;
    ssl_session_cache         builtin:1000  shared:SSL:10m;
    ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers               HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    location / {
      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;
      proxy_read_timeout      300;

      proxy_pass             https://production-backend.de:443;

      mirror /mirror;
    }

    location = /mirror {
       internal;
       proxy_pass http://test_backend$request_uri;
    }
  }
}

Second variant

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment