JavaUser asked:
We are running two jetty containers in different host(Host-P, Host-Q). One of the container is deployed with few applications(App-A,App-B,App-C). Another container which is also having few applications(App-X,App-Y,App-Z).
Host-P => App-A,App-B,App-C
Host-Q => App-X,App-Y,App-Z
myapp.test.com is the primary host accessible by web client. My web client is aware of the application which needs to invoke. I am passing this app type in URL param . The URL will be like
http://myapp.test.com/?=appType=App-A
http://myapp.test.com/?=appType=App-B
http://myapp.test.com/?=appType=App-Y
http://myapp.test.com/?=appType=App-X
Where I need to configure the routing logic based on URL param. Can I have tomcat/nginx running in myapp.test.com host that will do only routing? Which configuration file I need to lookup?
My answer:
If the query parameter refers to a container that you can address directly, you can just pass that to proxy_pass directly, e.g.:
proxy_pass http://$arg_appType;
But that’s using untrusted input and is also a massive security hole. Consider ?appType=www.google.com. I show this as an example of what not to do.
Instead, use a map to map query parameters to destinations:
map $arg_appType $destination {
App-A http://container1:8443;
App-B http://container2:5000;
App-X http://container24:9001;
App-X https://some.remote.host;
}
Now you can proxy_pass directly to it.
proxy_pass $destination;
But you should also intercept the situation in which an unknown or no appType was given.
if ($destination = "") {
return 403; # or do something else appropriate
}
If you have a specific container to handle that scenario, you can use default in the map to send to it instead.
map $arg_appType $destination {
....
default http://error-handler-container:8000;
}
View the full question and any other answers on Server Fault.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.