server { listen 127.0.0.1:8880; server_name plesk-site-preview.local; location ~ ^/plesk-site-preview/(?P.*?)/(?Phttps?)/(?P.*?)/(?P.*)$ { # Validate parts of uri to avoid injections if ($internal_host !~ "^[A-Za-z0-9]([A-Za-z0-9\-]{0,61}[A-Za-z0-9]){0,1}(\.[A-Za-z0-9]([A-Za-z0-9\-]{0,61}[A-Za-z0-9]){0,1}){1,}$") { return 400; } if ($internal_ip !~ "^[A-Fa-f0-9\.\:\[\]]+$") { return 400; } if ($internal_uri ~ "^server-status(/.*)?$") { return 400; } set $dst_path "/plesk-site-preview/$internal_host/$internal_scheme/$internal_ip/"; set $public_scheme "http"; if ($http_x_forwarded_proto = 'https') { set $public_scheme "https"; } set $public_ip ""; access_by_lua ' local ip_map = io.open("/etc/sw-cp-server/conf.d/ip_mapping.inc") if (ip_map == nil) then ip_map = io.open("/etc/sw-cp-server/conf.d/trusted_ips.inc") end if (ip_map == nil) then ngx.log(ngx.ERR, "Could not find IP map file") ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) end function filter_plesk_cookie() local headers = ngx.req.get_headers() if headers == nil or headers["Cookie"] == nil then return end local cookie = headers["Cookie"] local black_list = {"PLESKSESSID[^=]*", "SBSESSION", "phpMyAdmin", "PPA_ID", "plesk%-[^=]*"} for k, v in pairs(black_list) do cookie = cookie:gsub("%s?" .. v .. "=[^;]*;?", ""):gsub("^%s*(.-);?$", "%1") end ngx.req.set_header("Cookie", cookie) end for ips in ip_map:lines() do local internal_ip, public_ip = ips:match("([^,]*),?([^,]*)") if internal_ip == ngx.var.internal_ip then ngx.var.public_ip = public_ip ~= "" and public_ip or internal_ip ip_map:close() filter_plesk_cookie() return end end ip_map:close() ngx.log(ngx.ERR, "Forbidden for IP: " .. ngx.var.internal_ip) ngx.exit(ngx.HTTP_FORBIDDEN) '; rewrite ^/(.*)$ /$internal_uri break; proxy_pass $internal_scheme://$internal_ip; proxy_redirect http://$internal_host/ $public_scheme://$public_ip$dst_path; proxy_redirect https://$internal_host/ $public_scheme://$public_ip/plesk-site-preview/$internal_host/https/$internal_ip/; proxy_redirect https://$internal_host:443/ $public_scheme://$public_ip/plesk-site-preview/$internal_host/https/$internal_ip/; proxy_redirect http://www.$internal_host/ $public_scheme://$public_ip/plesk-site-preview/www.$internal_host/http/$internal_ip/; proxy_redirect https://www.$internal_host/ $public_scheme://$public_ip/plesk-site-preview/www.$internal_host/https/$internal_ip/; proxy_redirect https://www.$internal_host:443/ $public_scheme://$public_ip/plesk-site-preview/www.$internal_host/https/$internal_ip/; proxy_cookie_domain ~^.*$ $host; proxy_cookie_path / $dst_path; proxy_set_header Host $internal_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Accept-Encoding ""; proxy_set_header Is-SitePreview "1"; add_header X-Robots-Tag "noindex,nofollow"; header_filter_by_lua 'ngx.header.content_length = nil'; body_filter_by_lua ' local response_body = ngx.arg[1] local src_address = "https?://" .. ngx.var.internal_host:gsub("[%-%.%+%[%]%(%)%$%^%%%?%*]", "%%%1") .. "/?" local dst_address = ngx.var.public_scheme .. "://" .. ngx.var.public_ip .. ngx.var.dst_path response_body = response_body:gsub(src_address, dst_address) response_body = response_body:gsub("(src%s*=%s*[\\"\']?)/([^/])", "%1" .. ngx.var.dst_path .. "%2") response_body = response_body:gsub("(href%s*=%s*[\\"\']?)/([^/])", "%1" .. ngx.var.dst_path .. "%2") response_body = response_body:gsub("(action%s*=%s*[\\"\']?)/([^/])", "%1" .. ngx.var.dst_path .. "%2") response_body = response_body:gsub("(url%(%s*[\\"\']?)/([^/])", "%1" .. ngx.var.dst_path .. "%2") response_body = response_body:gsub("(url%(%s*")/([^/])", "%1" .. ngx.var.dst_path .. "%2") response_body = response_body:gsub("(srcset%s*=%s*[\\"\']?)/", "data-plesk-site-preview-ignore-%1/") ngx.arg[1] = response_body '; } location ~ ^/plesk-site-preview/(.*?)/(.*?)/(.*?)$ { rewrite ^ $uri/ last; } }