Last active
November 15, 2022 05:48
-
-
Save danydodson/b4568f9ae54ad11be351c2e0b399dc1f to your computer and use it in GitHub Desktop.
nginx cookies
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function sendFastest(r) { | |
var n = 0 | |
function done(reply) { // Callback for completed subrequests | |
if (n++ == 0) { | |
r.log("WINNER is " + reply.uri) | |
r.return(reply.status, reply.body) | |
} | |
} | |
r.subrequest("/server_one", r.variables.args, done) | |
r.subrequest("/server_two", r.variables.args, done) | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
# Ensure that HTTP/2 is enabled for the server | |
listen 443 ssl http2; | |
ssl_certificate ssl/certificate.pem; | |
ssl_certificate_key ssl/key.pem; | |
root /var/www/html; | |
# when a client requests demo.html, also push | |
# /style.css, /image1.jpg and /image2.jpg | |
location = /demo.html { | |
http2_push /style.css; | |
http2_push /image1.jpg; | |
http2_push /image2.jpg; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 443 ssl http2; | |
ssl_certificate ssl/certificate.pem; | |
ssl_certificate_key ssl/key.pem; | |
root /var/www/html; | |
http2_push_preload on; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
log_format timing '$remote_addr - $remote_user [$time_local] "$request" $status ' | |
'$body_bytes_sent "$http_referer" "$http_user_agent" ' | |
'$request_time $upstream_queue_time $upstream_response_time'; | |
upstream my_backend { | |
zone my_backend 64k; | |
server backends.example.com resolve max_conns=250; | |
queue 20 timeout=5s; # Queue up to 20 requests when no backends available | |
} | |
server { | |
listen 80; | |
location / { | |
proxy_pass http://my_backend; | |
access_log /var/log/nginx/access.log timing; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
js_include cookie_signing.js | |
js_set $signature_error validateCookieSignature; | |
js_set $signed_cookie signCookie; | |
server { | |
listen 80; | |
set $cookie_name "session"; # The cookie name to be signature-checked | |
location / { | |
if ($signature_error) { | |
return 403; # Unauthorized | |
} | |
proxy_pass http://my_backend; | |
add_header Set-Cookie $signed_cookie; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
js_include fastest_wins.js; | |
server { | |
listen 80; | |
location / { | |
js_content sendFastest; | |
} | |
location /server_one { | |
proxy_pass http://10.0.0.1$request_uri; # Pass the original URI | |
} | |
location /server_two { | |
proxy_pass http://10.0.0.2$request_uri; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stream { | |
map $ssl_preread_alpn_protocols $upstream { | |
"xmpp-client" xmpp_backend; | |
"~\bh2\b" grpc_backend; # 'h2' appears within word boundaries (\b) | |
default http_backend; # Treat all other clients as HTTP | |
} | |
upstream xmpp_backend { | |
#... | |
} | |
upstream grpc_backend { | |
#... | |
} | |
upstream http_backend { | |
#... | |
} | |
server { | |
listen 443 ssl; | |
# Set ssl_certificate and ciphers here | |
ssl_preread on; | |
proxy_pass $upstream; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stream { | |
resolver 10.0.0.53 valid=20s; | |
server { | |
listen 9000; | |
zone_sync; | |
zone_sync_server nginx-cluster.example.com:9000 resolve; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stream { | |
resolver 10.0.0.53 valid=20s; | |
server { | |
zone_sync; | |
zone_sync_server nginx-cluster.example.com:9000 resolve; | |
# Listen on internal IP address, require TLS | |
listen 10.0.0.1:9000 ssl; | |
ssl_certificate_key /etc/ssl/nginx-1.example.com.key.pem; | |
ssl_certificate /etc/ssl/nginx-1.example.com.server_cert.pem; | |
allow 10.0.0.0/24; # Only accept connections from internal network | |
deny all; | |
zone_sync_ssl_verify on; # Peers must connect with client cert | |
zone_sync_ssl_trusted_certificate /etc/ssl/ca_chain.crt.pem; | |
zone_sync_ssl_verify_depth 2; | |
zone_sync_ssl on; # Connect to peers with TLS, offer client cert | |
zone_sync_ssl_certificate /etc/ssl/nginx-1.example.com.client_cert.pem; | |
zone_sync_ssl_certificate_key /etc/ssl/nginx-1.example.com.key.pem; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
upstream my_backend { | |
zone my_backend 64k; | |
server backends.example.com resolve; | |
sticky learn zone=sessions:1m | |
create=$upstream_cookie_session | |
lookup=$cookie_session | |
sync; | |
} | |
server { | |
listen 80; | |
location / { | |
proxy_pass http://my_backend; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment