mirror of
https://github.com/DepthFirstDisclosures/Nginx-Rift.git
synced 2026-05-16 11:07:44 +00:00
59 lines
1.4 KiB
Nginx Configuration File
59 lines
1.4 KiB
Nginx Configuration File
daemon off;
|
|
worker_processes 1;
|
|
error_log logs/error.log;
|
|
pid tmp/nginx.pid;
|
|
worker_rlimit_core 500M;
|
|
working_directory tmp;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
access_log off;
|
|
client_body_temp_path tmp;
|
|
proxy_temp_path tmp;
|
|
fastcgi_temp_path tmp;
|
|
uwsgi_temp_path tmp;
|
|
scgi_temp_path tmp;
|
|
|
|
upstream backend {
|
|
server 127.0.0.1:19323;
|
|
}
|
|
|
|
server {
|
|
listen 19322;
|
|
location / { return 200 "backend ok\n"; }
|
|
}
|
|
|
|
server {
|
|
listen 19321;
|
|
request_pool_size 7920;
|
|
connection_pool_size 4096;
|
|
client_header_buffer_size 2048;
|
|
|
|
# The rewrite + set combination triggers the bug:
|
|
# - rewrite sets e->is_args = 1 (due to '?' in replacement)
|
|
# - set $original_endpoint $1 allocates buffer using raw capture
|
|
# length, but copies with escape expansion (3x for '+' chars)
|
|
location ~ ^/api/(.*)$ {
|
|
rewrite ^/api/(.*)$ /internal?migrated=true;
|
|
set $original_endpoint $1;
|
|
}
|
|
|
|
location /internal {
|
|
internal;
|
|
proxy_pass http://backend;
|
|
proxy_read_timeout 60s;
|
|
}
|
|
|
|
# Spray: POST body stored in pool memory (binary data, NUL bytes allowed)
|
|
location /spray {
|
|
client_body_in_single_buffer on;
|
|
proxy_pass http://backend;
|
|
proxy_read_timeout 60s;
|
|
}
|
|
|
|
location / { return 200 "ok\n"; }
|
|
}
|
|
}
|