Proxy Cookies on Nginx using the lua-nginx module

I already wrote about how to transform content on the fly using Nginx. Since the publication of the article based on the described method, a real ecommerce project has been launched and developed. In addition to translation and transformation, SEO rewrite is also implemented according to the precepts of the Google beginner's guide .

However, until the complete victory of the product of Russian programmers over foreign content, one small, but very important thing was missing - proxying Cookies .
')

What is the problem?

The problem is that any normal application server always exposes a cookie, for example, in order to save a client session or shopping cart with its product. If this server (or rather its administrator) is concerned with maintaining a certain level of security, then it puts a domain and path in the body of the cookie, for example domain = backend.org; path = / path1 . Our Nginx running in Reverse Proxy mode remarkably changes all the links in the document body from backend.org to frontend.org , but does not do this for cookies! This means that the client browser will reject such cookies.

For a long time this question has been worrying the minds of nginx administrators, it pops up on mailings 1-2 times a year. Most of the questioners, apparently, solved their problems by twisting the logic of the backend , but not me! After the next update of the original site, it became clear that the crutch with PHP + Curl can no longer be pulled and you should definitely find a solution using Nginx!

I returned the topic to the newsletter, going through the options from the ngx_http_perl_module and the $ upstream_http_set_cookie variable, even looked into the wilds of the sorts with a ghostly hope to write the module myself. But all was unsuccessful until one fine day I received a letter from Mikhail Mazursky , who gave valuable advice. Thanks to this advice, I not only solved the cookie proxying problem with ease, but also received a new tool with which you can create version 2.0 of your project.

Decision

The name of this tool is lua-nginx-module , which is written by another Chinese nugget with roots from Taobao . From the title it is easy to understand that we are talking about the Lua scripting language embedded in Nginx - but this is more than just an interpreter! These guys created a completely non-blocking implementation with a performance of tens of thousands of operations per second, which has hooks to all the events inside Nginx. The fact that before it was possible to implement only by writing your own module in C, you can now make a few lines on Lua. Interested?

Installation

To get started, download the latest version of Nginx yourself you know where . Suddenly, who forgot?

Then we download the latest version of lua-nginx-module from the project page .

Libraries will be required:

apt-get install libpcre3 libpcre3-dev libperl-dev lua5.1 liblua5.1-dev

How to collect Nginx should already know by heart, looking at the speed of release of new releases. I will result a config from my kukbuk:

./configure --with-cc-opt="-I /usr/include" --with-ld-opt="-L /usr/lib" --with-http_sub_module --with-http_ssl_module --prefix=/home/nginx/data --user=nginx --group=nginx --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/ --add-module=../substitutions4nginx/ --add-module=../chaoslawful-lua-nginx-module-*


Configuration

After make install, do not forget to restart nginx. And look what happened? And it turned out such a great thing: http://wiki.nginx.org/HttpLuaModule , which, according to its creators on an average desktop PC, pulls 25 thousand requests per second. Having carefully studied the documentation, it becomes clear that all events and Nginx internal handlers are available in the Lua runtime. Specifically for our task, we will use the directive header_filter_by_lua . Open the configuration file, select the desired location and add simple code:

 header_filter_by_lua ' local headers = ngx.header["Set-Cookie"] if headers then if type(headers) == "string" then headers = {headers} end for i, header in ipairs(headers) do local cookie = ngx.re.match(header, "JSESSIONID=([^;]+);", "io") if cookie then headers[i] = "JSESSIONID=" .. cookie[1] .. "; domain=.frontend.com; path=/newpath;" end end ngx.header["Set-Cookie"] = headers end '; 

Here is the simplest version of the handler - the first code on lua that I saw in my life. You can and should write a universal Set-Cookie parser, the country is already waiting for its hero in the comments!

What's next?

When the problem is solved, and even in such a simple way, I immediately want to set a new goal. What ideas did I have for applying a new tool?

1. Visitor counter. The counter inside the web server itself will be free from a lot of software code due to direct access to the desired variables. If you connect a NoSQL system like Redis directly to Nginx, then we will get rid of a lot of SQL code. It will be completely invisible and damn fast counter!
2. Anti-DDoS. With the help of the language in which the AI ​​of most modern games is written, it is easy to make an intelligent filter of unwanted requests to the web server.
3. Automatic SEO generator revrayt. Instead of manually setting the rules and adding meta tags, we write a script that generates meta tags on the fly, for example, as in the module for livestreet .
4. And, of course, translation-2.0, with elements of recognition of html blocks and selective content filtering.

And what did you come up with, dear habraiser?

PS Boring post, no pictures at all. As an announcement, I’ll add a picture of how SEO rewriting with Nginx changed the position in Google search. Need an article about this?