Opened 5 years ago

Closed 5 years ago

#1669 closed defect (invalid)

Problems with map + subfilter

Reported by: jpereira@… Owned by:
Priority: critical Milestone:
Component: nginx-module Version: 1.12.x
Keywords: map subfilter Cc:
uname -a: Linux 09219196bcb5 3.10.0-862.11.6.el7.x86_64 #1 SMP Tue Aug 14 21:49:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.12.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'

Description

  1. I have tried to use the map+subfilter as the below snip.
user nginx;
worker_processes auto;

daemon off;

events {
  worker_connections  1024;
}

http {
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;

  log_format  main '$remote_addr - $remote_user [$time_local] "$request" '
                   '$status $body_bytes_sent "$http_referer" '
                   '"$http_user_agent" "$http_x_forwarded_for" '
                   '(Cache $upstream_cache_status)';

  access_log /dev/stdout main;

  sendfile on;
  keepalive_timeout 65;
  gzip on;

  # Due to we are listening only http, therefore be sure to always return http://
  map $request_uri $subfilter_allowed_content_type {
    volatile;
    default                         whatever/donothing;
    ~/artifactory/api/nuget/.*      application/atom+xml;
  }

  proxy_cache_path /var/cache/nginx/artifactory
                   levels=1:2
                   keys_zone=artifactory_cache:50m
                   max_size=50g
                   inactive=24h
                   use_temp_path=off;

  server {
    listen 80;
    server_name ~(?<repo>.+)\.artifactory.tapioca.lan;

    resolver 8.8.8.8;

    set $upstream https://artifactory.myaws.com/artifactory;

    location /artifactory/ {
      sub_filter_types $subfilter_allowed_content_type;   # the variable is filled up correctly
      #sub_filter_types "application/atom+xml";           # but, when use it hardcode. then it works fine.

      sub_filter_last_modified on;
      sub_filter "https://$host" http://$host";           # it works only when use sub_filter_types with hardcore value.
      sub_filter_once off;

      # its been filled correctly
      add_header X-Debug-subfilter-allowed-content-type "$subfilter_allowed_content_type";

      proxy_read_timeout  60s;
      proxy_pass_header   Server;
      proxy_cookie_path   ~*^/.* /;

      if ( $request_uri ~ ^/artifactory/(.*)$ ) {
        proxy_pass        $upstream/$1;
      }

      proxy_pass          $upstream;

      proxy_set_header    Host              $http_host;
      proxy_set_header    X-Forwarded-Port  $server_port;
      proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
      proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header    X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
      proxy_set_header    X-JFrog-Art-Api   $artifactory_token;
    }
  }
}

  1. I do the request like.

curl -s -H "Host: artifactory-proxy.apps.fni" "http://172.17.0.2/artifactory/api/nuget/v3/dtfni-nuget/Packages(Id='AttributeRouting.Core.Web',Version='3.5.6')"

Conclusion: the variable it been filled up correctly, but the sub_filter_types looks to not process.

Change History (1)

comment:1 by Maxim Dounin, 5 years ago

Resolution: invalid
Status: newclosed

The "sub_filter_types" directive does not support variables. Note that if a directive supports variables in a particular parameter, this is explicitly mentioned in the documentation.

Note: See TracTickets for help on using tickets.