Created
April 9, 2020 12:21
-
-
Save dafanasiev/7eb5da26b76c3aeec4f9d4a8cc74a935 to your computer and use it in GitHub Desktop.
nginx-time_wait
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function validate(r){ | |
| r.subrequest("/javascript-auth-cb", r.variables.args, function(res){ | |
| if(res.status == 200) { | |
| r.variables.auth_userId = res.headersOut['X-EFTR-UserId']; | |
| r.variables.auth_sessionId = res.headersOut['X-EFTR-SessionId']; | |
| } | |
| r.return(res.status); | |
| return; | |
| }); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1) start run.sh | |
| 2) make query: curl -v http://localhost:5000/ | |
| 3) check TIME_WAIT: netstat -ano4 |grep 500[01] | |
| tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN off (0.00/0/0) | |
| tcp 0 0 0.0.0.0:5001 0.0.0.0:* LISTEN off (0.00/0/0) | |
| !!! ====> tcp 0 0 127.0.0.1:47342 127.0.0.1:5000 TIME_WAIT timewait (57,10/0/0) | |
| tcp 0 0 127.0.0.1:5001 127.0.0.1:47366 ESTABLISHED off (0.00/0/0) | |
| tcp 0 0 127.0.0.1:47366 127.0.0.1:5001 ESTABLISHED off (0.00/0/0) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| worker_processes 4; | |
| error_log log/error-auth.log warn; | |
| pid log/nginx-auth.pid; | |
| events { | |
| multi_accept on; | |
| worker_connections 32000; | |
| use epoll; | |
| } | |
| worker_rlimit_nofile 65535; | |
| http { | |
| include mime.types; | |
| default_type application/octet-stream; | |
| access_log off; | |
| sendfile on; | |
| #tcp_nopush on; | |
| tcp_nodelay on; | |
| keepalive_timeout 120; | |
| server { | |
| listen 5001; | |
| server_name localhost; | |
| location / { | |
| add_header X-Debug GK always; | |
| add_header X-EFTR-UserId dev always; | |
| add_header X-EFTR-SessionId 02 always; | |
| return 200; | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| worker_processes 4; | |
| error_log log/error.log warn; | |
| pid log/nginx-auth.pid; | |
| events { | |
| multi_accept on; | |
| worker_connections 32000; | |
| use epoll; | |
| } | |
| worker_rlimit_nofile 65535; | |
| http { | |
| include mime.types; | |
| default_type application/octet-stream; | |
| js_include auth.js; | |
| upstream up-gk { | |
| server 127.0.0.1:5001; | |
| keepalive 1000; | |
| keepalive_requests 1000000; | |
| keepalive_timeout 300s; | |
| } | |
| access_log off; | |
| sendfile on; | |
| #tcp_nopush on; | |
| #tcp_nodelay on; | |
| keepalive_timeout 120; | |
| server { | |
| listen 5000; | |
| server_name localhost; | |
| location / { | |
| add_header X-Debug SL always; | |
| set $auth_userId ''; | |
| set $auth_sessionId ''; | |
| proxy_set_header Connection ""; | |
| proxy_http_version 1.1; | |
| proxy_set_header Accept-Encoding ""; | |
| proxy_pass_request_body off; | |
| proxy_set_header Content-Length ""; | |
| auth_request /javascript-auth; | |
| add_header X-EFTR-UserId $auth_userId always; | |
| add_header X-EFTR-SessionId $auth_sessionId always; | |
| } | |
| location /javascript-auth { | |
| internal; | |
| proxy_set_header Connection ""; | |
| proxy_http_version 1.1; | |
| proxy_set_header Accept-Encoding ""; | |
| proxy_pass_request_body off; | |
| proxy_set_header Content-Length ""; | |
| js_content validate; | |
| } | |
| location /javascript-auth-cb { | |
| proxy_set_header Connection ""; | |
| proxy_http_version 1.1; | |
| proxy_set_header Accept-Encoding ""; | |
| proxy_pass_request_body off; | |
| proxy_set_header Content-Length ""; | |
| proxy_pass http://up-gk/; | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| sudo killall -9 nginx || true | |
| sleep 2 | |
| ## setup YOU locations | |
| sudo ./nginx -c $PWD/conf/nginx-auth.conf | |
| sudo ./nginx -c $PWD/conf/nginx.conf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment