The problem is that Set-Cookie response headers contain
“;Domain=backend.int”, because the backend does not know it is being
reverse proxied. Therefore the users’ browsers dutifully reject such bad
cookies.
How can I rewrite the content of the Set-Cookie response headers,
replacing “;Domain=backend.int” with “;Domain=external.domain.com”?
Unfortunately passing the Host header unchanged and reconfiguring the
virtual host table of the backend is not an option in this case.
The problem is that Set-Cookie response headers contain
“;Domain=backend.int”, because the backend does not know it is being
reverse proxied. Therefore the users’ browsers dutifully reject such
bad cookies.
How can I rewrite the content of the Set-Cookie response headers,
replacing “;Domain=backend.int” with “;Domain=external.domain.com”?
HttpHeadersMoreModule doesn’t seem to let me replace parts of headers.
Lua doesn’t seem to have it either:
Reading values from ngx.header.HEADER is not
implemented yet, and usually you shouldn’t need it.
I think you need to read the headers you get back from ngx.location.capture
in Lua (retrieve the backend response), then set the outbound headers
with
ngx.HEADER, so you should be able to do this in Lua.
So your content_by_lua block calls ngx.location.capture to get the
backend
response, reads the headers it gets from there, then sets the outbound
headers…
I am curious when there is an output_by_lua/output_by_luafle directive in
nginx-lua module.
We will probably have header_filter_by_lua and body_filter_by_lua
directives by this Christmas
For simplicity, I’ll just borrow the mechanism used by
set_by_lua(_file) and disable subrequest support like
ngx.location.capture() in lua output filters.
Currently, if one want to set/modify response header, the
only possible way is to do a subrequest using ngx.capture.
I think this is really cumbersome compared to declarative configuration such
as: output_by_lua_file.
I am curious when there is an output_by_lua/output_by_luafle directive
in
nginx-lua module. Currently, if one want to set/modify response header,
the
only possible way is to do a subrequest using ngx.capture.
I think this is really cumbersome compared to declarative configuration
such
as: output_by_lua_file.
We will probably have header_filter_by_lua and
body_filter_by_lua directives by this Christmas
That will be great.
I still think Nginx should have plain C equivalents to Apache’s
ProxyPassReverseCookieDomain and ProxyPassReverseCookiePath. It’s a
problem that comes up fairly often when proxying legacy servers.
Nginx could even do it by default, when there is a proxy_pass with a
path component (which means: “process the request host and path”, as
opposed to a proxy_pass without trailing slash, which means “pass the
request unprocessed”)
The problem is that Set-Cookie response headers contain
“;Domain=backend.int”, because the backend does not know it is being
reverse proxied. Therefore the users’ browsers dutifully reject such bad
cookies.
How can I rewrite the content of the Set-Cookie response headers,
replacing “;Domain=backend.int” with “;Domain=external.domain.com”?
Now with the latest ngx_lua v0.3.1rc3, we can implement this with a
little inlined Lua in nginx.conf:
server_name external.domain.com;
location / {
proxy_pass http://backend.int/;
header_filter_by_lua '
local cookies = ngx.header.set_cookie
if not cookies then return end
local newcookies = {}
for i, val in ipairs(cookies) do
local newval = string.gsub(val,
“([dD]omain)=[%w_-\\.]+”,
“%1=external.domain.com”)
table.insert(newcookies, newval)
end
ngx.header.set_cookie = newcookies
';
}
We can surely make this more portable by avoiding hard-coding the
“external.domain.com” literal in our Lua code and reference
ngx.var.server_name (i.e., the nginx variable $server_name) instead
