-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathnginx.conf
134 lines (117 loc) · 4.13 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
user nginx;
worker_processes auto;
worker_rlimit_nofile 65535;
pid /var/run/nginx.pid;
events {
use epoll;
multi_accept on;
worker_connections 102400;
}
http {
include mime.types;
default_type application/octet-stream;
server_tokens off;
error_log /dev/stderr;
access_log /dev/stdout;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format json escape=json '{'
'"@timestamp": "$time_iso8601", '
'"user_id": "$user_id", '
'"client_ip": "$remote_addr", '
'"xff": "$http_x_forwarded_for", '
'"server_ip": "$server_addr", '
'"method": "$request_method", '
'"uri": "$request_uri", '
'"http_protocol": "$server_protocol", '
'"response_code": "$status", '
'"request_length": "$request_length", '
'"request_body": "$request_body", '
'"sent": "$bytes_sent", '
'"body_bytes_sent": "$body_bytes_sent", '
'"upstream_status": "$upstream_status", '
'"upstream_response_time": "$upstream_response_time", '
'"upstream_connect_time": "$upstream_connect_time", '
'"upstream_header_time": "$upstream_header_time", '
'"referer": "$http_referer", '
'"agent": "$http_user_agent", '
'"connection": "$connection", '
'"pipe": "$pipe", '
'"connection_requests": "$connection_requests"'
'}';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
gzip on;
gzip_min_length 1024;
gzip_comp_level 2;
gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml application/x-httpd-php image/jpeg image/gif image/png font/ttf font/otf image/svg+xml;
gzip_vary on;
gzip_disable "msie6";
types_hash_max_size 2048;
client_max_body_size 20M;
client_body_buffer_size 128k;
lua_code_cache off;
lua_need_request_body on;
lua_shared_dict waf 32k;
lua_shared_dict list 10m;
lua_shared_dict limiter 10m;
lua_shared_dict counter 10m;
lua_shared_dict sampler 10m;
lua_package_path "${prefix}lua/?.lua;;";
init_worker_by_lua_block {
if ngx.worker.id() == 0 then
ngx.timer.at(0, require("resty.waf").init)
-- local delay = 30
-- local shared = require("shared")
-- ngx.timer.at(0, shared.reload_config)
-- ngx.timer.at(0, shared.reload_list)
-- local ok, err = ngx.timer.every(delay, shared.reload_config)
-- if not ok then
-- ngx.log(ngx.ERR, "failed to create the timer: ", err)
-- return
-- end
end
}
access_by_lua_block {
local waf = require("resty.waf")
waf.run({
"filter",
"limiter",
"counter",
"sampler",
"manager",
})
}
charset UTF-8;
server {
listen 80;
server_name localhost;
sendfile off;
error_log /dev/stderr;
access_log /data/access.log json;
root /data/public;
index index.html index.htm;
location / {
set $user_id 0;
log_by_lua_block {
local jwt = require "resty.jwt"
local jwt_token = nil
local auth_header = ngx.var.http_Authorization
if auth_header then
_, _, jwt_token = string.find(auth_header, "Bearer%s+(.+)")
end
local jwt_obj = (jwt_token ~= nil and jwt:load_jwt(jwt_token) or nil)
if jwt_obj ~= nil and jwt_obj.payload ~= nil and type(jwt_obj.payload) == 'number' then
ngx.var.user_id = jwt_obj.payload
elseif jwt_obj ~= nil and jwt_obj.payload ~= nil and jwt_obj.payload.sub ~= nil then
ngx.var.user_id = jwt_obj.payload.sub
else
ngx.var.user_id = 0
end
}
}
}
}