Forum: NGINX Authorizing HTTP proxy develop

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Ccc727ab2c080fc05e9cac0503d2d179?d=identicon&s=25 Yan Cheng (yan)
on 2008-11-26 10:27
Hi all

I am now developing a HTTP proxy based on nginx.
My HTTP proxy works as followed:


        Authorizing Server
               ^     |        +-(authorized)----> go straightly
       1      2|    3V      4 |
client -> HTTP proxy (nginx)--+
                              |
                              +-(un-authorized)-> go to another web
server


The steps are:
1. client sends a request to nginx
2. nginx sends the client's request to a authorizing server by socket
3. nginx waits to receive the response from authorizing server
   the authorizing server will tell nginx whether the client have right
to visit the web
   if the client have no right, the authorizing server will give another
website for redirecting.
4. nginx delivers the original client's request to the web server
according to the authorizing server's response.

This means nginx has to do two socket communication.
The first is with authorizing server.
The second is with real web server.

The key is it should not be blocked by any steps.
So these two socket communication should be done by module.
I can't create socket and read/write it myself. It will pull down the
nginx's performance.

But *how to create a two socket communication module* or *how to mount
two modules(one for authorizing, one for real server) to the same
location to deal with one request*. This is what bothers me long time.
Does anybody have good idea?

Best
Abbd9d5312c5d54114a96a35dc94fdb1?d=identicon&s=25 unknown (Guest)
on 2008-11-27 06:17
(Received via mailing list)
You can make a subrequest on authorization phase. Recently I've made a
test and that worked.

----- Original Message -----
From: "Yan Cheng" <lists@ruby-forum.com>
To: nginx@sysoev.ru
Sent: Wednesday, November 26, 2008 10:27:00 AM GMT +01:00 Amsterdam /
Berlin / Bern / Rome / Stockholm / Vienna
Subject: Authorizing HTTP proxy develop

Hi all

I am now developing a HTTP proxy based on nginx.
My HTTP proxy works as followed:


        Authorizing Server
               ^     |        +-(authorized)----> go straightly
       1      2|    3V      4 |
client -> HTTP proxy (nginx)--+
                              |
                              +-(un-authorized)-> go to another web
server


The steps are:
1. client sends a request to nginx
2. nginx sends the client's request to a authorizing server by socket
3. nginx waits to receive the response from authorizing server
   the authorizing server will tell nginx whether the client have right
to visit the web
   if the client have no right, the authorizing server will give another
website for redirecting.
4. nginx delivers the original client's request to the web server
according to the authorizing server's response.

This means nginx has to do two socket communication.
The first is with authorizing server.
The second is with real web server.

The key is it should not be blocked by any steps.
So these two socket communication should be done by module.
I can't create socket and read/write it myself. It will pull down the
nginx's performance.

But *how to create a two socket communication module* or *how to mount
two modules(one for authorizing, one for real server) to the same
location to deal with one request*. This is what bothers me long time.
Does anybody have good idea?

Best
Ccc727ab2c080fc05e9cac0503d2d179?d=identicon&s=25 Yan Cheng (yan)
on 2008-12-02 07:28
I made a subrequest. but it does not follow my step
nginx send a request to subrequest uri and then send the reqeust(from
client) to the website.

what i want is nginx receive the response of subrequest before sending
the main request(the client's request, which is to website he/she wants
to visit)
Cause the main request may be rewrote based on the response message of
subrequest.

If the client does not have the right to visit the website, need payment
for example but the client has not paid yet, authorizing server will
give nginx a another web for making the payment. nginx will rewrite the
client's request, request-line and http header, and sends it to the
pay-site.

So I have to get the response from subrequest first.

Someone has ideas?
Thanks so much.

unknown wrote:
> You can make a subrequest on authorization phase. Recently I've made a
> test and that worked.
>
> ----- Original Message -----
This topic is locked and can not be replied to.