Skip to content

Instantly share code, notes, and snippets.

@koseki

koseki/README.md

Last active April 29, 2023 09:13
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save koseki/78f26b337e2802bd8ec9 to your computer and use it in GitHub Desktop.
Save koseki/78f26b337e2802bd8ec9 to your computer and use it in GitHub Desktop.
Download ZIP
Nginx: proxy_ignore_headers Set-Cookie is dangerous (vagrant-layout example)
Raw
README.md

Nginx proxy_ignore_headers example

This is configuration of vagrant-layout plugin. Based on php layout.

Nginx proxy_ignore_headers Set-Cookie; cache Cookies. The directive has irrelevant name, when using with Set-Cookie header. 💀

Installation

$ vagrant plugin install vagrant-layout
$ mkdir nginx-example && cd nginx-example
$ vagrant layout init https://gist.github.com/koseki/78f26b337e2802bd8ec9

Double click sandbox/osx/manage/start.command or start.bat. Wait a while, and access http://localhost:8080/.

Feel free to fork and create your own layout.

base: https://github.com/koseki/vagrant-layout/commit/2de0a66fd45b08d0d7ed4b66b8e1b394523e4547

Raw
patch
diff --git a/sandbox/config/nginx.conf.src b/sandbox/config/nginx.conf.src
index 32695c3..816282d 100644
--- a/sandbox/config/nginx.conf.src
+++ b/sandbox/config/nginx.conf.src
@@ -25,25 +25,72 @@ http {
uwsgi_temp_path logs/tmp;
scgi_temp_path logs/tmp;
+ proxy_cache_path /usr/share/nginx/cache levels=1 keys_zone=zone1:1m inactive=10m max_size=10m;
+
+ upstream backend {
+ server 127.0.0.1:8088;
+ }
+
+ #
+ # Front-end
+ #
server {
- listen 8080;
- server_name project.local;
- client_max_body_size 8M;
- index index.html index.htm index.php;
+ listen 8080;
+ server_name localhost;
location / {
root PROJECT_ROOT/static/htdocs;
- location ~ \.php$ {
- fastcgi_pass 127.0.0.1:9000;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- include fastcgi_params;
- }
+ index index.html index.htm index.php;
+ }
+
+ location ~ \.php$ {
+ proxy_pass http://backend;
+
+ proxy_cache zone1;
+ proxy_cache_key $scheme://$host$uri$is_args$args;
+ proxy_cache_valid 200 10s;
+
+ #
+ # Front-end ---> Client (add_header)
+ #
+ add_header X-Cache $upstream_cache_status;
+ # add_header Set-Cookie ""; # This doesn't work.
+
+ #
+ # Front-end ---> Back-end (proxy_set_header)
+ #
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ # proxy_set_header Cookie ""; # Erase Cookie request header.
+
+ #
+ # Back-end ---> Front-end (proxy_pass_header / proxy_hide_header)
+ #
+ # proxy_hide_header Set-Cookie; # Erase Set-Cookie response header.
+
+ #
+ # Back-end ---> Cache (proxy_ignore_header)
+ #
+ proxy_ignore_headers Set-Cookie; # !!! DANGER !!! THIS CACHES COOKIES.
}
+ }
+
+ #
+ # Back-end
+ #
+ server {
+ listen 8088;
+
+ root PROJECT_ROOT/static/htdocs;
+ index index.html index.htm index.php;
- location /favicon.ico {
- access_log off;
- log_not_found off;
+ location ~ \.php$ {
+ root PROJECT_ROOT/static/htdocs;
+ fastcgi_pass php:9000;
+ fastcgi_index index.php;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ include fastcgi_params;
}
}
}
diff --git a/static/htdocs/index.php b/static/htdocs/index.php
index 147cebc..10df55b 100644
--- a/static/htdocs/index.php
+++ b/static/htdocs/index.php
@@ -1 +1,19 @@
-<?php phpinfo(); ?>
+<?php
+
+$old = $_COOKIE["test"];
+$new = rand(0, 10000);
+setcookie("test", $new);
+
+?>
+<code>
+old: <?php echo $old; ?><br>
+new: <?php echo $new; ?>
+<hr>
+
+<?php
+foreach ($_SERVER as $name => $value) {
+ echo "$name: $value<br>";
+}
+?>
+
+</code>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment