map $http_upgrade $connection_upgrade { default Upgrade; '' close; } server { listen 80; include autossl.conf; set_real_ip_from 192.168.1.0/24; real_ip_header X-Real-IP; real_ip_recursive on; location / { set $target ''; set $target_scheme 'http'; set $target_port ''; set $header_host $host; access_by_lua ' local host = ngx.var.host local uri = ngx.var.uri local scheme = ngx.var.scheme if not host then ngx.log(ngx.ERR, "no host header found") return ngx.exit(499) end local redis = require "resty.redis" local red = redis:new() red:set_timeout(1000) -- 1 second local ok, err = red:connect("127.0.0.1", 6379) if not ok then ngx.log(ngx.ERR, "failed to connect to redis: ", err) return ngx.exit(598) end local res, err = red:hgetall("proxy_host_"..host) local res = red:array_to_hash(res) if not res["ip"] then ngx.log(ngx.ERR, "no host found for key ", host) return ngx.exit(406) end if scheme == "http" then if res["forcessl"] == "true" then return ngx.redirect("https://"..host..uri, 301) end end if res["targetssl"] == "true" then ngx.var.target_scheme = "https" end if res["host-pass-though"] == "false" then ngx.var.header_host = res["ip"] end ngx.var.target = res["ip"] ngx.var.target_port = res["targetPort"] '; resolver 192.168.1.1 ipv6=off; #8.8.4.4; # use Google's open DNS server proxy_http_version 1.1; proxy_pass_request_headers on; proxy_pass $target_scheme://$target:$target_port; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_ssl_session_reuse on; proxy_intercept_errors off; proxy_set_header Host $header_host; add_header X-Target-Host $target; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $target_scheme; proxy_set_header Referer $target_scheme://$header_host; proxy_set_header Accept-Language $http_accept_language; proxy_set_header User-Agent $http_user_agent; sub_filter $target $host; sub_filter_once off; } }