http/https cache proxy and request forwarding processing Signed-off-by: cuiyili <2268260388@qq.com> --- container/openresty-proxy-cache/nginx.conf | 118 +++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100755 container/openresty-proxy-cache/nginx.conf diff --git a/container/openresty-proxy-cache/nginx.conf b/container/openresty-proxy-cache/nginx.conf new file mode 100755 index 0000000..2e83286 --- /dev/null +++ b/container/openresty-proxy-cache/nginx.conf @@ -0,0 +1,118 @@ +# For more information on configuration, see: +# * Official English Documentation: http://nginx.org/en/docs/ + +user nobody; +worker_processes auto; +pid /run/nginx.pid; + +events {} + +http { + proxy_cache_path /nginx_cache levels=1:2 keys_zone=my_cache:10m max_size=10g + inactive=6000m use_temp_path=off; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for" ' + '"$upstream_cache_status" $body_bytes_sent'; + access_log /tmp/access.log main; + error_log /tmp/error.log; + + resolver 8.8.8.8; + client_max_body_size 700m; + server_tokens off; + + proxy_cache my_cache; + proxy_ignore_headers Set-Cookie Cache-Control Expires; + proxy_cache_valid 200 1440m; + proxy_cache_valid 301 302 5m; + proxy_set_header X-Real-Ip $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + add_header X-Cache $upstream_cache_status; + add_header X-Via $server_addr; + + server { + listen 443 ssl; + ssl_certificate /cert/ca.crt; + ssl_certificate_key /cert/ca.key; + proxy_connect; + proxy_connect_allow 443; + + location / { + allow all; + proxy_ssl_server_name on; + set_by_lua_block $cur_ups { + uri = ngx.var.request_uri + host = ngx.var.http_host + + path_file = "/srv/initrd/tar/"..uri + local f = io.open(path_file) + if f then + return "/127.0.0.1:443/tar/"..uri + end + return uri + } + proxy_pass $scheme:/$cur_ups; + } + + location /tar { + allow all; + root /srv/initrd; + autoindex on; + autoindex_exact_size off; + } + + } + server { + listen 80; + proxy_connect; + proxy_connect_allow 443; + + location / { + allow all; + + content_by_lua_block { + local http = require "resty.http" + local httpc = http.new() + uri = ngx.var.request_uri + host = ngx.var.http_host + if string.find(host, "11333") then + h="" + else + h="/"..host + end + path_file = "/srv/initrd/tar/"..h..uri + + local f = io.open(path_file) + if f then + url_forward = "http://127.0.0.1:80/tar/"..h..uri + else + url_forward = "http:/"..h..uri + end + + res, error = httpc:request_uri(url_forward) + if res then + ngx.status = res.status + for k, v in pairs(res.headers) do + if k ~= "Transfer-Encoding" and k ~= "Connection" then + ngx.header[k] = v + end + end + ngx.say(res.body) + else + ngx.exit(ngx.HTTP_FORBIDDEN) + end + httpc:close() + + } + } + + location /tar { + allow all; + root /srv/initrd; + autoindex on; + autoindex_exact_size off; + } + + } +} -- 2.23.0