Skip to content

Instantly share code, notes, and snippets.

@chazer
Last active May 3, 2020 03:14
Show Gist options
  • Save chazer/537595bcfd60615f4c0d389a37803d2f to your computer and use it in GitHub Desktop.
Save chazer/537595bcfd60615f4c0d389a37803d2f to your computer and use it in GitHub Desktop.
Web proxy with Query String patch
version: "3.7"
services:
#service:
# . . .
# networks:
# default:
# fakesite:
# volumes:
# - ./proxy/certs:/certs
# entrypoint: /bin/sh
# command:
# - -c
# - |
# cp /certs/server.crt /usr/local/share/ca-certificates/ && update-ca-certificates
# exec sh /entrypoint.sh
patch-proxy:
image: nginx:alpine
networks:
fakesite:
aliases:
- api.example.com
expose:
- 80
- 443
volumes:
- ./proxy.conf:/etc/nginx/conf.d/default.conf
- ./certs/api.example.com.crt:/etc/nginx/certs/server.crt
- ./certs/api.example.com.key:/etc/nginx/certs/server.key
networks:
fakesite:
#!/usr/bin/env sh
openssl req -x509 \
-newkey rsa:2048 -nodes -keyout api.example.com.key \
-days 365 -out api.example.com.crt \
-subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=api.example.com"
map $request_uri $new_req_uri {
default "$uri$is_args$args";
~^(.*[&?])multipart-manifest(?:&|=&|=[^&\s]*&?)(\S*)$ "$1$2";
}
# use real resolver for connect to real upstream
resolver 8.8.8.8 ipv6=off;
log_format patch '$remote_addr - $remote_user [$time_local] "$request" -> "$new_req_uri" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log patch;
server {
listen 80;
listen 443 default_server ssl;
ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key;
location / {
set $target $scheme://$host$new_req_uri;
proxy_pass $target;
proxy_pass_request_headers on;
}
}

Example, how to remove argument from http request.

Replace requests like:

DELETE /v1/path/FILE?multipart-manifest=delete HTTP/1.1"

with:

DELETE /v1/path/FILE?

(Openstack Swift API example)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment