I am trying to figure out the best way to tackle the following issue:
Cookies are used by many of the applications aggragated behind and NGINX reverse proxy.
sample current config
location ^~ /jobs/searchresult/ {
rewrite /jobs/searchresult(.*) /jobs/searchresult$1 break;
proxy_set_header Host ineternalhost.domain.com;
proxy_cookie_domain ineternalhost.domain.com $host;
proxy_cookie_path / /jobs/searchresult/;
proxy_pass http://f5loadbalancerhostname.gtm.domain.com;
proxy_redirect default;
}
This works great until that cookie needs to be used by an application in another location.
When this is the case, the cookie sent from the source server is just tagged a root domain
so in this case ".domain.com"
Why is that done you ask? Well our legacy infrastructure applications were all on separate hostnames.
So:
login.domain.com
jobsearch.domain.com
www.domain.com
So a few applications would use the empty domain root cookie to share data between them, like a an id GUID that would be used for backend session management. ( if you are curious that pii is held in a memory based cache)
Here is my question ( thank you for coming along for the ride so far):
Is it possible to detect the cookie domain written by the source server at the nginx server and then if a specific string( or regex ) is sent, choose if you want to write the cookie folder path to the client cookie?
Would that be a location , server or http level item? ( I currently have 36 "server"
Is conditional logic in the configuration even a good idea when you have the potential for millions of hits in a day that would need to be evaluated?
Follow up question , and yes I can google this one but I figgered I would just tag it in here,
I know you can write more than one domain into a cookie. Can you write more than one folder path? ( I will actually go test that while you read my mess )
Thanks in advance
.manny
Cookies are used by many of the applications aggragated behind and NGINX reverse proxy.
sample current config
location ^~ /jobs/searchresult/ {
rewrite /jobs/searchresult(.*) /jobs/searchresult$1 break;
proxy_set_header Host ineternalhost.domain.com;
proxy_cookie_domain ineternalhost.domain.com $host;
proxy_cookie_path / /jobs/searchresult/;
proxy_pass http://f5loadbalancerhostname.gtm.domain.com;
proxy_redirect default;
}
This works great until that cookie needs to be used by an application in another location.
When this is the case, the cookie sent from the source server is just tagged a root domain
so in this case ".domain.com"
Why is that done you ask? Well our legacy infrastructure applications were all on separate hostnames.
So:
login.domain.com
jobsearch.domain.com
www.domain.com
So a few applications would use the empty domain root cookie to share data between them, like a an id GUID that would be used for backend session management. ( if you are curious that pii is held in a memory based cache)
Here is my question ( thank you for coming along for the ride so far):
Is it possible to detect the cookie domain written by the source server at the nginx server and then if a specific string( or regex ) is sent, choose if you want to write the cookie folder path to the client cookie?
Would that be a location , server or http level item? ( I currently have 36 "server"
Is conditional logic in the configuration even a good idea when you have the potential for millions of hits in a day that would need to be evaluated?
Follow up question , and yes I can google this one but I figgered I would just tag it in here,
I know you can write more than one domain into a cookie. Can you write more than one folder path? ( I will actually go test that while you read my mess )
Thanks in advance
.manny