So we have an RPC endpoint that queries an application which is setup behind nginx (as a reverse proxy)
Internet sending POST JSON RPC -> Nginx at :443 ... proxies to -> Web Application at :8080
The application accepts jsonrpc POST requests coming from the internet, e.g.
{"jsonrpc": "2.0", "method": "subtract", "params": {"subtrahend": 23, "minuend": 42}, "id": 3}
Nginx is used to terminate SSL, do basic load-balancing and add required headers.
A vast majority of requests coming to the RPC endpoint from the internet are the same and the response changes relatively rarely, so we'd like to use a kind of cache to lower the load on the application.
Is it possible to configure nginx to read the body of jsonrpc POST request, extract the value of "method" and route the request based on that value either to application or to the caching service?
Internet sending POST JSON RPC -> Nginx at :443 reads "method" from POST body ...
-> if method == "getCounter" ... proxies to -> Caching service
-> if method != "getCounter" ... proxies to -> Application at :8080
Related
I want to set up a custom proxy that proxies connections to some destinations (inside a network) but not other destinations (in the global internet). Is there any HTTP response the proxy server can send to make the browser connect directly to the requested destination?
For example, I request redirection to Google to my proxy server. The proxy server decides not to proxy, so I get this HTTP response, and my browser connects directly to Google.
You could send a redirect http response code like 302 to redirect the client directly to the website. See: https://moz.com/learn/seo/redirection
I want to redirect all HTTP traffic intercepted by mitmproxy to a particular HTTP server, regardless of where the HTTP traffic was destined too.
I know how to set an upstream proxy server for mitmserver, but in this case I don't want another proxy server, but a (destination) HTTP server instead.
Any ideas?
One way to do this would be inject a python script that overwrites the destination of every request. You add a -s script.py parameter to the mitmproxy/mitmdump command (or call master.addons.add(script.Script('script.py')) if you are using mitmproxy library) and add for example the following into your script:
from mitmproxy import http
def request(self, flow: http.HTTPFlow) -> None:
flow.request.host = 'google.com'
flow.request.path = '/'
... further customize request method, cookies, etc etc as needed
I have a gateway where a request comes from a browser that makes a request for a microservice. Microservice makes a request after back to the gateway.
All this communication takes place within the framework of one connection. In all this communication, the same Authorization header.
Schematically there is the following chain of calls:
Browser -> API Gateway -> Microservice
|
-> API Gateway (from microservice)
nginx gives me 400 bad request, in the logs the following error:
2018/06/20 23:05:15 [info] 22615#22615: *35468 client sent duplicate header line: "Authorization: Access-Token: 123213213213213", previous value: "Authorization: Access-Token: 123213213213213" while reading client request headers
I mean some sort of check for the uniqueness of the headers ... But does it really take into account the subquery application that goes back from the service to the Gateway API in the first NGINX session with the Gateway API?
Imagine a webbrowser that makes an HTTP request to a remote server, such as site.example.com
If the browser is then configured to use a proxy server, let's call it proxy.example.com using port 8080, in which ways are the request now different?
Obviously the request is now sent to proxy.example.com:8080, but there must surely be other changes to enable the proxy to make a request to the original url?
RFC 7230 - Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing, Section 5.3.2. absolute-form:
When making a request to a proxy, other than a CONNECT or server-wide
OPTIONS request (as detailed below), a client MUST send the target
URI in absolute-form as the request-target.
absolute-form = absolute-URI
The proxy is requested to either service that request from a valid
cache, if possible, or make the same request on the client's behalf
to either the next inbound proxy server or directly to the origin
server indicated by the request-target. Requirements on such
"forwarding" of messages are defined in Section 5.7.
An example absolute-form of request-line would be:
GET http://www.example.org/pub/WWW/TheProject.html HTTP/1.1
So, without proxy, the connection is made to www.example.org:80:
GET /pub/WWW/TheProject.html HTTP/1.1
Host: www.example.org
With proxy it is made to proxy.example.com:8080:
GET http://www.example.org/pub/WWW/TheProject.html HTTP/1.1
Host: www.example.org
Where in the latter case the Host header is optional (for HTTP/1.0 clients), and must be recalculated by the proxy anyway.
The proxy simply makes the request on behalf of the original client. Hence the name "proxy", the same meaning as in legalese. The browser sends their request to the proxy, the proxy makes a request to the requested server (or not, depending on whether the proxy wants to forward this request or deny it), the server returns a response to the proxy, the proxy returns the response to the original client. There's no fundamental difference in what the server will see, except for the fact that the originating client will appear to be the proxy server. The proxy may or may not alter the request, and it may or may not cache it; meaning the server may not receive a request at all if the proxy decides to deliver a cached version instead.
I have a few legacy clients that don't "speak" HTTPS which I've connected to an upstream server serving content only over HTTPS using nginx as a reverse proxy. This is the flow:
(1) client -> (2) nginx:80 redirects to https -> (3) upstream server
The problem now is in front of (3) there is a forwarding proxy I have to go through, proxy which does HTTPS over HTTP Connect and I have a hard time finding a way to somehow bridge (or replace completely) nginx over HTTP Connect:
(1) client -> (2) nginx:80 redirects to https -> (3) proxy HTTP CONNECT -> (4) upstream
Any ideas what should go in or instead of the bold component ?
I've looked at tinyproxy but that expects HTTP Connect directly (which nginx does not support) and squid which I cannot figure out how to configure to do HTTPS over HTTP CONNECT.
I am essentially looking for a way to bridge http to https through a proxy, please ignore any product names and feel free to suggest anything - including code samples. The clients as well as the server are part of my application.