nginx 学习笔记（三） auth_request 和 access_by_lua 受权

时间 2019-11-17
标签 nginx 学习笔记 auth request access lua 受权栏目 Nginx 繁體版
原文原文链接
http {
   #lua 脚本配置
   lua_package_path "/usr/local/src/nginx/conf/waf/?.lua";
   lua_shared_dict limit 10m;
   init_by_lua_file /usr/local/src/nginx/conf/waf/init.lua;
   access_by_lua_file /usr/local/src/nginx/conf/waf/waf.lua;

  # nginx 自带的受权，只支持http、https
   server {
       listen       81;
       server_name  nginx.test1.com;
       
       location /test {
         auth_request /auth;
         proxy_pass http://192.168.40.26:8080/cloud/wapi/v1.0/hello;
         
		}
		
       	location /auth {
			proxy_pass http://192.168..40.26:8080/cloud/wapi/v1.0/auth/;
			#proxy_pass_request_body off;
			#proxy_set_header Content-Length "";
			#proxy_set_header X-Original-URI $request_uri;
		}
   }

    server {
        listen       80;
        server_name  localhost;
        
        #charset koi8-r;

        #access_log  logs/host.access.log  main;

          proxy_set_header   Host   $host;
	      proxy_set_header   Referer $http_referer;
	      proxy_set_header   Cookie $http_cookie;
	      proxy_set_header   X-Real-IP  $remote_addr;
	      proxy_set_header   X-Forwarded-For              $proxy_add_x_forwarded_for;


        #利用lua脚本鉴权，支持http、https，注意如何利用lua脚本的话，能够参考学习笔记（一），须要再http节点中配置http节点中lua 脚本配置，先访问auth方法，而后此方法response.status == 200的话，继续代理http://192.168.40.119:8888/server;

        location /test2 {
         access_by_lua 'local res = ngx.location.capture("/cloud/wapi/v1.0/auth")
			if res.status == ngx.HTTP_OK then
			return
			end
			if res.status == ngx.HTTP_FORBIDDEN then
			ngx.exit(res.status)
			end
			ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
			';
         proxy_pass http://192.168.40.119:8888/server;
		}
  
      location ~ /cloud/wapi/v1.0/(.*) {
            internal;
            proxy_pass http://192.168.40.26:8080;
         }
        

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        
    }

}