-
Notifications
You must be signed in to change notification settings - Fork 110
/
nginx.sample.conf
119 lines (95 loc) · 3.91 KB
/
nginx.sample.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
## The below contents and nginx_3scale_access.lua are created by 3Scale by
## following the steps here:
## https://support.3scale.net/howtos/api-configuration/nginx-proxy
##
## A few minor modifications are necessary to get the generated config
## to work on Heroku. Search for 'HEROKU CHANGE:' in this file and make the same
## changes to your nginx.conf file
## Note that 3Scale puts their own CHANGE markers in the generated file,
## so you will see some of those below too.
## NEED CHANGE (defines the user of the nginx workers)
# user user group;
## THIS PARAMETERS BE SAFELY OVER RIDDEN BY YOUR DEFAULT NGINX CONF
worker_processes 2;
error_log logs/error.log warn;
## HEROKU CHANGE: Add this "daemon off" line to your file so that it runs as a
## normal process rather than a daemon
daemon off;
events {
worker_connections 256;
}
http {
lua_shared_dict api_keys 10m;
upstream backend_api-sentiment.3scale.net {
# service name: API ;
server api-sentiment.3scale.net:80 max_fails=5 fail_timeout=30;
}
upstream threescale_backend {
server su1.3scale.net:80; #su1.3scale.net:80; #
}
server {
## HEROKU CHANGE: Heroku assigns a different port every time, so use this
## placeholder instead of hardcoding it:
listen ${{PORT}};
## CHANGE YOUR SERVER_NAME TO YOUR CUSTOM DOMAIN OR COMMENT IT OUT IF ONLY HAVE ONE
#server_name api-proxy-3scale-heroku.herokuapp.com;
underscores_in_headers on;
location = /threescale_authrep {
internal;
## HEROKU CHANGE: (OPTIONAL)
## 3Scale normally hardcodes the provider_key here, but if you want to avoid
## checking that into source code, you can create a Heroku config
## environment variable called "3SCALE_PROVIDER_KEY" like so:
## $ heroku config:set 3SCALE_PROVIDER_KEY=1239832745abcde
## Then, you can uncomment the following line.
#set $provider_key "${{3SCALE_PROVIDER_KEY}}";
set $provider_key "hardcoded_secret_3scale_providerkey";
proxy_pass http://threescale_backend/transactions/authrep.xml?provider_key=$provider_key&service_id=$service_id&$usage&$credentials;
proxy_set_header Host su1.3scale.net;
}
location = /out_of_band_authrep_action {
internal;
proxy_pass_request_headers off;
##needs to be in both places, better not to have it on location / for potential security issues, req. are internal
## HEROKU CHANGE: (OPTIONAL) (see note above)
#set $provider_key "${{3SCALE_PROVIDER_KEY}}";
set $provider_key "hardcoded_secret_3scale_providerkey";
content_by_lua '
if ngx.var.cached_key ~= nil then
local res1 = ngx.location.capture("/threescale_authrep", { share_all_vars = true })
if res1.status ~= 200 then
local api_keys = ngx.shared.api_keys
api_keys:delete(ngx.var.cached_key)
end
ngx.status = 200
ngx.header.content_length = 0
ngx.exit(ngx.HTTP_OK)
else
ngx.status = 200
ngx.header.content_length = 0
ngx.exit(ngx.HTTP_OK)
end
';
}
location / {
set $provider_key null;
set $cached_key null;
set $credentials null;
set $usage null;
set $service_id 1234567890;
set $proxy_pass null;
set $secret_token null;
proxy_ignore_client_abort on;
## HEROKU CHANGE: Make sure you rename the generated .lua file to
## nginx_3scale_access.lua so that this line works:
access_by_lua_file nginx_3scale_access.lua;
proxy_pass $proxy_pass ;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-3scale-proxy-secret-token $secret_token;
##This line should only be added to debug the secret token because the header will be seen by the api caller.
##add_header X-3scale-proxy-secret-token $secret_token;
post_action /out_of_band_authrep_action;
}
}
}