Last active
November 11, 2022 00:01
-
-
Save nginx-gists/956f2dfce142c7924b95ec3aaaee0621 to your computer and use it in GitHub Desktop.
Announcing NGINX Plus R21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
keyval_zone zone=grpc-greeter:128K type=ip timeout=48h; | |
keyval $remote_addr $greeter_upstream zone=grpc-greeter; | |
server { | |
listen 50052 ssl http2; | |
ssl_certificate /etc/ssl/certificate.crt; | |
ssl_certificate_key /etc/ssl/privateKey.key; | |
location /helloworld.Greeter { | |
grpc_pass grpc://$greeter_upstream; #TLS termination | |
} | |
} | |
server { | |
listen 127.0.0.1:8080; | |
location /api { | |
api write=on; | |
} | |
} | |
upstream grpc-servers-greeter-debug { | |
server grpc-upstream-greeter-debug-1:50051; | |
} | |
upstream grpc-servers-greeter-prod { | |
server grpc-upstream-greeter-prod-1:50051; | |
} | |
# vim: syntax=nginx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http { | |
js_import siem.js; | |
js_set $is_large siem.siemCheck; | |
log_format siem '$remote_addr - $remote_user [$time_local] "$request" ' | |
'$status $body_bytes_sent "$http_referer" ' | |
'"$http_user_agent" $is_large'; | |
access_log /var/log/nginx/access.log siem; | |
# ... | |
} | |
# vim: syntax=nginx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function siemCheck(r) { | |
if (r.variables.bytes_received + r.variables.upstream_bytes_sent > 1024*1024) { | |
var headers = {}; | |
for (var h in r.headersIn) { | |
headers[h] = r.headersIn[h]; | |
} | |
var req = { "client": r.variables.remote_addr, "port": Number(r.variables.server_port), "host": r.variables.host, "method": r.variables.request_method, "uri": r.variables.request_uri, "headers": headers, "body": r.variables.request_body } | |
var subreqOptions = { | |
method: "POST", | |
body: JSON.stringify(req), | |
detached: true | |
} | |
r.subrequest('/_send_to_siem', subreqOptions); | |
} | |
} | |
export default { siemCheck } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function process(r) { | |
r.subrequest('/auth') | |
.then(reply => JSON.parse(reply.responseBody)) | |
.then(response => { | |
if (!response['token']) { | |
throw new Error("token is not available"); | |
} | |
return response['token']; | |
}) | |
.then(token => { | |
r.subrequest('/backend', `token=${token}`) | |
.then(reply => r.return(reply.status, reply.responseBody)); | |
}) | |
.catch(e => r.return(500, e)); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For a discussion of these files, see Announcing NGINX Plus R21