vpn-p2p/ops/cookbooks/vendor/t42-common/templates/openresty/010-proxy.conf.erb

map $http_upgrade $connection_upgrade {
  default Upgrade;
  '' close;
}

server {
  listen 80;

  include autossl.conf;

  set_real_ip_from 192.168.1.0/24;
  real_ip_header X-Real-IP;
  real_ip_recursive on;

  location / {

        set $target '';
        set $target_scheme 'http';
        set $target_port '';
        set $header_host $host;

        access_by_lua '
                local host = ngx.var.host
                local uri = ngx.var.uri
                local scheme = ngx.var.scheme

                if not host then
                        ngx.log(ngx.ERR, "no host header found")
                        return ngx.exit(499)
                end

                local redis = require "resty.redis"
                local red = redis:new()

                red:set_timeout(1000) -- 1 second

                local ok, err = red:connect("127.0.0.1", 6379)
                if not ok then
                        ngx.log(ngx.ERR, "failed to connect to redis: ", err)
                        return ngx.exit(598)
                end

                local res, err = red:hgetall("proxy_host_"..host)
                local res = red:array_to_hash(res)

                if not res["ip"] then
                        ngx.log(ngx.ERR, "no host found for key ", host)
                        return ngx.exit(406)
                end

                if scheme == "http" then
                        if res["forcessl"] == "true" then
                                return ngx.redirect("https://"..host..uri, 301)
                        end
                end

                if res["targetssl"] == "true" then
                        ngx.var.target_scheme = "https"
                end

                if res["host-pass-though"] == "false" then
                        ngx.var.header_host = res["ip"]
                end
          
                ngx.var.target = res["ip"]
                ngx.var.target_port = res["targetPort"]
        ';


        resolver 192.168.1.1 ipv6=off;  #8.8.4.4;  # use Google's open DNS server

        proxy_http_version 1.1;
        proxy_pass_request_headers on;
        proxy_pass $target_scheme://$target:$target_port;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_ssl_session_reuse on;
        proxy_intercept_errors off;

        proxy_set_header Host $header_host;
        add_header X-Target-Host $target;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $target_scheme;
        proxy_set_header Referer $target_scheme://$header_host;
        proxy_set_header Accept-Language $http_accept_language;
        proxy_set_header User-Agent $http_user_agent;

        sub_filter $target $host;
        sub_filter_once off;
  }
}