what ever cookie response is coming from my backend Server. I want to change PATH value in cookie request.
After learing from nginx, i was asked to use proxy_cookie_path directive
So I have been trying to use proxy_cookie_path directive field in my nginx configuration.
Here is response from nginx back to client.
Trying to change value of PATH from / to /abc/xyz/120
HTTP/1.1 201 CREATED
Server: nginx
Date: Thu, 31 Aug 2017 12:16:10 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Cookie
X-Frame-Options: SAMEORIGIN
Allow: POST, OPTIONS
Set-Cookie: expires=Thu, 30-Aug-2018 12:19:09 GMT; Max-Age=31449600; Path=/
Strict-Transport-Security: max-age=15768000
And here are nginx rules
# proxy needed for auth to work
location /tron/api/v1/ {
proxy_ssl_session_reuse off;
# End of extra settings
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
# End of extra settings
proxy_set_header X-Scheme $scheme;
location ~ ^/tron/api/v1/(.*) {
if ($cookie_VD_TYPE = "XYZ") {
proxy_pass https://10.132.250.$cookie_XYZ/tron/api/v1/$1$is_args$args;
proxy_cookie_path off;
proxy_cookie_path / /abc/xyz/120;
}
proxy_pass https://10.132.250.$cookie_ABC/tron/api/v1/$1$is_args$args;
}
}
So Problem is when i added
proxy_cookie_path off;
proxy_cookie_path / /abc/xyz/120;
Using this directive gives me error
"proxy_cookie_path" directive is not allowed here in /etc/nginx/sites-enabled/default
I have checked my nginx -V to know if it installed.
So my question here is :-
-
Is it correct approach i.e. proxy_cookie_path is solution ?
-
If proxy_cookie_path is solution then i am not placing it on correct place. Correct me if i am wrong.
nginx/1.10.1 built with OpenSSL 1.0.1f 6 Jan 2014 TLS SNI support
enabled configure arguments: –with-cc-opt='-g -O2 -fstack-protector
–param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' –with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' –prefix=/usr/share/nginx –conf-path=/etc/nginx/nginx.conf –http-log-path=/var/log/nginx/access.log –error-log-path=/var/log/nginx/error.log –lock-path=/var/lock/nginx.lock –pid-path=/run/nginx.pid –modules-path=/usr/lib/nginx/modules –http-client-body-temp-path=/var/lib/nginx/body –http-fastcgi-temp-path=/var/lib/nginx/fastcgi –http-proxy-temp-path=/var/lib/nginx/proxy –http-scgi-temp-path=/var/lib/nginx/scgi –http-uwsgi-temp-path=/var/lib/nginx/uwsgi –with-debug –with-pcre-jit –with-ipv6 –with-http_ssl_module –with-http_stub_status_module –with-http_realip_module –with-http_auth_request_module –with-http_v2_module –with-http_dav_module –with-http_slice_module –with-threads –with-http_addition_module –with-http_flv_module –with-http_geoip_module=dynamic –with-http_gunzip_module –with-http_gzip_static_module –with-http_image_filter_module=dynamic –with-http_mp4_module –with-http_perl_module=dynamic –with-http_random_index_module –with-http_secure_link_module –with-http_sub_module –with-http_xslt_module=dynamic –with-mail=dynamic –with-mail_ssl_module –with-stream=dynamic –with-stream_ssl_module –add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/headers-more-nginx-module
–add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/nginx-auth-pam –add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/nginx-cache-purge
–add-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/nginx-dav-ext-module
–add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/nginx-development-kit –add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/nginx-echo
–add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/ngx-fancyindex –add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/nchan
–add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/nginx-lua
–add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/nginx-upload-progress –add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/nginx-upstream-fair
–add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/ngx_http_substitutions_filter_module
Best Answer
You need to use
proxy_cookie_path
outside of if block.proxy_cookie_path
is only allowed inhttp, server, location
. So you can use it inside a if block inside location.Edit-1
If for some reason still need to do this. Try below config
Read If is Evil to know more about issues with IF