nginx-gists/dynamic_grpc.conf

## dynamic_grpc.conf
keyval_zone zone=grpc-greeter:128K type=ip timeout=48h;
keyval $remote_addr $greeter_upstream zone=grpc-greeter;

server {
    listen 50052 ssl http2;
    ssl_certificate /etc/ssl/certificate.crt;
    ssl_certificate_key /etc/ssl/privateKey.key;

    location /helloworld.Greeter {
        grpc_pass grpc://$greeter_upstream; #TLS termination
    }
}

server {
    listen 127.0.0.1:8080;
    location /api {
         api write=on;
    }
}

upstream grpc-servers-greeter-debug {
    server grpc-upstream-greeter-debug-1:50051;
}

upstream grpc-servers-greeter-prod {
    server grpc-upstream-greeter-prod-1:50051;
}

# vim: syntax=nginx

## nginx.conf
http {
    js_import siem.js;
    js_set $is_large siem.siemCheck;
    log_format  siem  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" $is_large';
    access_log  /var/log/nginx/access.log  siem;
    # ...
}

# vim: syntax=nginx

## siem.js
function siemCheck(r) {
    if (r.variables.bytes_received + r.variables.upstream_bytes_sent > 1024*1024) {
        var headers = {};
        for (var h in r.headersIn) {
            headers[h] = r.headersIn[h];
        }

        var req = { "client": r.variables.remote_addr, "port": Number(r.variables.server_port), "host": r.variables.host, "method": r.variables.request_method, "uri": r.variables.request_uri, "headers": headers, "body": r.variables.request_body }

        var subreqOptions = {
            method: "POST",
            body: JSON.stringify(req),
            detached: true
        }

        r.subrequest('/_send_to_siem', subreqOptions);
    }
}

export default { siemCheck }

## subrequests_promises.js
function process(r) {
    r.subrequest('/auth')
        .then(reply => JSON.parse(reply.responseBody))
        .then(response => {
            if (!response['token']) {
                throw new Error("token is not available");
            }
            return response['token'];
        })
    .then(token => {
        r.subrequest('/backend', `token=${token}`)
            .then(reply => r.return(reply.status, reply.responseBody));
    })
    .catch(e => r.return(500, e));
}
	keyval_zone zone=grpc-greeter:128K type=ip timeout=48h;
	keyval $remote_addr $greeter_upstream zone=grpc-greeter;

	server {
	listen 50052 ssl http2;
	ssl_certificate /etc/ssl/certificate.crt;
	ssl_certificate_key /etc/ssl/privateKey.key;

	location /helloworld.Greeter {
	grpc_pass grpc://$greeter_upstream; #TLS termination
	}
	}

	server {
	listen 127.0.0.1:8080;
	location /api {
	api write=on;
	}
	}

	upstream grpc-servers-greeter-debug {
	server grpc-upstream-greeter-debug-1:50051;
	}

	upstream grpc-servers-greeter-prod {
	server grpc-upstream-greeter-prod-1:50051;
	}

	# vim: syntax=nginx
	http {
	js_import siem.js;
	js_set $is_large siem.siemCheck;
	log_format siem '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" $is_large';
	access_log /var/log/nginx/access.log siem;
	# ...
	}

	# vim: syntax=nginx
	function siemCheck(r) {
	if (r.variables.bytes_received + r.variables.upstream_bytes_sent > 1024*1024) {
	var headers = {};
	for (var h in r.headersIn) {
	headers[h] = r.headersIn[h];
	}

	var req = { "client": r.variables.remote_addr, "port": Number(r.variables.server_port), "host": r.variables.host, "method": r.variables.request_method, "uri": r.variables.request_uri, "headers": headers, "body": r.variables.request_body }

	var subreqOptions = {
	method: "POST",
	body: JSON.stringify(req),
	detached: true
	}

	r.subrequest('/_send_to_siem', subreqOptions);
	}
	}

	export default { siemCheck }
	function process(r) {
	r.subrequest('/auth')
	.then(reply => JSON.parse(reply.responseBody))
	.then(response => {
	if (!response['token']) {
	throw new Error("token is not available");
	}
	return response['token'];
	})
	.then(token => {
	r.subrequest('/backend', `token=${token}`)
	.then(reply => r.return(reply.status, reply.responseBody));
	})
	.catch(e => r.return(500, e));
	}