99 lines
4.2 KiB
Plaintext
99 lines
4.2 KiB
Plaintext
server {
|
|
listen 127.0.0.1:8880;
|
|
server_name plesk-site-preview.local;
|
|
|
|
location ~ ^/plesk-site-preview/(?P<internal_host>.*?)/(?P<internal_scheme>https?)/(?P<internal_ip>.*?)/(?P<internal_uri>.*)$ {
|
|
# Validate parts of uri to avoid injections
|
|
if ($internal_host !~ "^[A-Za-z0-9]([A-Za-z0-9\-]{0,61}[A-Za-z0-9]){0,1}(\.[A-Za-z0-9]([A-Za-z0-9\-]{0,61}[A-Za-z0-9]){0,1}){1,}$") {
|
|
return 400;
|
|
}
|
|
if ($internal_ip !~ "^[A-Fa-f0-9\.\:\[\]]+$") {
|
|
return 400;
|
|
}
|
|
if ($internal_uri ~ "^server-status(/.*)?$") {
|
|
return 400;
|
|
}
|
|
|
|
set $dst_path "/plesk-site-preview/$internal_host/$internal_scheme/$internal_ip/";
|
|
set $public_scheme "http";
|
|
if ($http_x_forwarded_proto = 'https') {
|
|
set $public_scheme "https";
|
|
}
|
|
set $public_ip "";
|
|
|
|
access_by_lua '
|
|
local ip_map = io.open("/etc/sw-cp-server/conf.d/ip_mapping.inc")
|
|
if (ip_map == nil) then
|
|
ip_map = io.open("/etc/sw-cp-server/conf.d/trusted_ips.inc")
|
|
end
|
|
if (ip_map == nil) then
|
|
ngx.log(ngx.ERR, "Could not find IP map file")
|
|
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
|
|
end
|
|
|
|
function filter_plesk_cookie()
|
|
local headers = ngx.req.get_headers()
|
|
if headers == nil or headers["Cookie"] == nil then
|
|
return
|
|
end
|
|
local cookie = headers["Cookie"]
|
|
local black_list = {"PLESKSESSID[^=]*", "SBSESSION", "phpMyAdmin", "PPA_ID", "plesk%-[^=]*"}
|
|
for k, v in pairs(black_list) do
|
|
cookie = cookie:gsub("%s?" .. v .. "=[^;]*;?", ""):gsub("^%s*(.-);?$", "%1")
|
|
end
|
|
ngx.req.set_header("Cookie", cookie)
|
|
end
|
|
|
|
for ips in ip_map:lines() do
|
|
local internal_ip, public_ip = ips:match("([^,]*),?([^,]*)")
|
|
if internal_ip == ngx.var.internal_ip then
|
|
ngx.var.public_ip = public_ip ~= "" and public_ip or internal_ip
|
|
ip_map:close()
|
|
filter_plesk_cookie()
|
|
return
|
|
end
|
|
end
|
|
ip_map:close()
|
|
ngx.log(ngx.ERR, "Forbidden for IP: " .. ngx.var.internal_ip)
|
|
ngx.exit(ngx.HTTP_FORBIDDEN)
|
|
';
|
|
|
|
rewrite ^/(.*)$ /$internal_uri break;
|
|
proxy_pass $internal_scheme://$internal_ip;
|
|
proxy_redirect http://$internal_host/ $public_scheme://$public_ip$dst_path;
|
|
proxy_redirect https://$internal_host/ $public_scheme://$public_ip/plesk-site-preview/$internal_host/https/$internal_ip/;
|
|
proxy_redirect https://$internal_host:443/ $public_scheme://$public_ip/plesk-site-preview/$internal_host/https/$internal_ip/;
|
|
proxy_redirect http://www.$internal_host/ $public_scheme://$public_ip/plesk-site-preview/www.$internal_host/http/$internal_ip/;
|
|
proxy_redirect https://www.$internal_host/ $public_scheme://$public_ip/plesk-site-preview/www.$internal_host/https/$internal_ip/;
|
|
proxy_redirect https://www.$internal_host:443/ $public_scheme://$public_ip/plesk-site-preview/www.$internal_host/https/$internal_ip/;
|
|
proxy_cookie_domain ~^.*$ $host;
|
|
proxy_cookie_path / $dst_path;
|
|
proxy_set_header Host $internal_host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header Accept-Encoding "";
|
|
proxy_set_header Is-SitePreview "1";
|
|
add_header X-Robots-Tag "noindex,nofollow";
|
|
header_filter_by_lua 'ngx.header.content_length = nil';
|
|
|
|
body_filter_by_lua '
|
|
local response_body = ngx.arg[1]
|
|
local src_address = "https?://" .. ngx.var.internal_host:gsub("[%-%.%+%[%]%(%)%$%^%%%?%*]", "%%%1") .. "/?"
|
|
local dst_address = ngx.var.public_scheme .. "://" .. ngx.var.public_ip .. ngx.var.dst_path
|
|
response_body = response_body:gsub(src_address, dst_address)
|
|
response_body = response_body:gsub("(src%s*=%s*[\\"\']?)/([^/])", "%1" .. ngx.var.dst_path .. "%2")
|
|
response_body = response_body:gsub("(href%s*=%s*[\\"\']?)/([^/])", "%1" .. ngx.var.dst_path .. "%2")
|
|
response_body = response_body:gsub("(action%s*=%s*[\\"\']?)/([^/])", "%1" .. ngx.var.dst_path .. "%2")
|
|
response_body = response_body:gsub("(url%(%s*[\\"\']?)/([^/])", "%1" .. ngx.var.dst_path .. "%2")
|
|
response_body = response_body:gsub("(url%(%s*")/([^/])", "%1" .. ngx.var.dst_path .. "%2")
|
|
response_body = response_body:gsub("(srcset%s*=%s*[\\"\']?)/", "data-plesk-site-preview-ignore-%1/")
|
|
ngx.arg[1] = response_body
|
|
';
|
|
}
|
|
|
|
location ~ ^/plesk-site-preview/(.*?)/(.*?)/(.*?)$ {
|
|
rewrite ^ $uri/ last;
|
|
}
|
|
|
|
}
|