Last active
August 29, 2015 14:15
-
-
Save koseki/32efab35b8affe81022c to your computer and use it in GitHub Desktop.
Nginx: proxy_ignore_headers Set-Cookie is dangerous (fig example)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
php: | |
image: "php:5.6.5-fpm" | |
volumes: | |
- .:/usr/share/nginx/html | |
web: | |
image: "nginx:1.7.9" | |
ports: | |
- "8080:8080" | |
links: | |
- php | |
volumes: | |
- .:/usr/share/nginx/html | |
- ./nginx-default.conf:/etc/nginx/conf.d/default.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
$old = $_COOKIE["test"]; | |
$new = rand(0, 10000); | |
setcookie("test", $new); | |
?> | |
<code> | |
old: <?php echo $old; ?><br> | |
new: <?php echo $new; ?> | |
<hr> | |
<?php | |
foreach ($_SERVER as $name => $value) { | |
echo "$name: $value<br>"; | |
} | |
?> | |
</code> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
upstream backend { | |
server 127.0.0.1:8088; | |
} | |
proxy_cache_path /usr/share/nginx/cache levels=1 keys_zone=zone1:1m inactive=10m max_size=10m; | |
# | |
# Front-end | |
# | |
server { | |
listen 8080; | |
server_name localhost; | |
location / { | |
root /usr/share/nginx/html; | |
index index.html index.htm index.php; | |
} | |
location ~ \.php$ { | |
proxy_pass http://backend; | |
proxy_cache zone1; | |
proxy_cache_key $scheme://$host$uri$is_args$args; | |
proxy_cache_valid 200 10s; | |
# | |
# Front-end ---> Client (add_header) | |
# | |
add_header X-Cache $upstream_cache_status; | |
# add_header Set-Cookie ""; # This doesn't work. | |
# | |
# Front-end ---> Back-end (proxy_set_header) | |
# | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
# proxy_set_header Cookie ""; # Erase Cookie request header. | |
# | |
# Back-end ---> Front-end (proxy_pass_header / proxy_hide_header) | |
# | |
# proxy_hide_header Set-Cookie; # Erase Set-Cookie response header. | |
# | |
# Back-end ---> Cache (proxy_ignore_header) | |
# | |
proxy_ignore_headers Set-Cookie; # !!! DANGER !!! THIS CACHES COOKIES. | |
} | |
} | |
# | |
# Back-end | |
# | |
server { | |
listen 8088; | |
root /usr/share/nginx/html; | |
index index.html index.htm index.php; | |
location ~ \.php$ { | |
root /usr/share/nginx/html; | |
fastcgi_pass php:9000; | |
fastcgi_index index.php; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
include fastcgi_params; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment