Fixed nginx conf issue

theta42 · Aug 8, 2024 · 07ff3a2 · 07ff3a2
1 parent 4c7558c
commit 07ff3a2
Showing 1 changed file with 69 additions and 11 deletions.
diff --git a/ops/nginx_conf/proxy.conf b/ops/nginx_conf/proxy.conf
@@ -19,19 +19,77 @@ server {
 	set $target_port '';
 	set $header_host $host;
 
-	access_by_lua '
-		local res = ngx.ctx.targetInfo
+	access_by_lua {
+
+		function getTargetInfo(domain, targetInfo)
+			if targetInfo then
+        ngx.log(ngx.ERR, "!!!!!!! getTargetInfo targetFound")
+
+				return targetInfo
+			end
+
+			local json = require "cjson"
+			local redis = require "resty.redis"
+			local socket = assert(require "socket.unix"())
+
+			local domain, err = ssl.server_name()
+
+			ngx.log(ngx.ERR, "!!!!!! nginx.conf request_domain !!!!!!!", domain)
+
+			local function connect(path)
+			    assert(socket:settimeout(.1))
+			    local status,err = pcall(function() assert(socket:connect(path)) end)
+			    if status then return true end
+			    return false
+			end
+
+			if not domain then
+			    ngx.log(ngx.ERR, "no host header found")
+			    ngx.exit(499)
+			    return false
+			end
+
+			local red = redis:new()
+			red:set_timeout(1000) -- 1 second
+
+			local ok, err = red:connect("127.0.0.1", 6379)
+			if not ok then
+			    ngx.log(ngx.ERR, "failed to connect to redis: ", err)
+			    return ngx.exit(598)
+			end
+
+			local res, err = red:hgetall("proxy_Host_"..domain)
+			local res = red:array_to_hash(res)
+
+			if not res["ip"] then
+			    if connect("/var/run/proxy_lookup.socket") then 
+			        assert(socket:send(json.encode({domain = domain})))
+			        while 1 do
+			            local s, status, partial = socket:receive()
+			            if partial then
+			                res = json.decode(partial)
+			                socket:close()
+			                break
+			            end
+			        end
+			    end
+			end
+
+			if not res["ip"] then
+			    ngx.say('The domain is not allowed on this server.')
+			    ngx.exit(406)
+			    return false
+			end
+
+			ngx.ctx.targetInfo = res
+			ngx.ctx.toAllow = true;
+		end
+
+
 		local host = ngx.var.host
 		local uri = ngx.var.uri
 		local scheme = ngx.var.scheme
-
-		ngx.log(ngx.ERR, "!!!!!!!!! proxy.conf !!!!!!!! ", domain)
-
-		if not res then
-			ngx.log(ngx.ERR, "This should not happen", domain)
-			ngx.exit(406)
-			return false
-		end
+		local res = getTargetInfo(host, ngx.ctx.targetInfo)
 
 
 		if scheme == "http" then
@@ -50,7 +108,7 @@ server {
 
 		ngx.var.target = res["ip"]
 		ngx.var.target_port = res["targetPort"]
-	';
+	}
 
 
 	resolver 192.168.1.1 ipv6=off;  #8.8.4.4;  # use Google's open DNS server