dev

README.md

@@ -32,6 +32,9 @@ yum install -y \
 	zlib zlib-devel
 ```
 
+> nginx 最终安装在 `/home/jsproxy/openresty` 下，不会和系统已有的冲突。
+
+
 ## 测试
 
 启动服务：

api.conf

@@ -15,7 +15,7 @@ location = /preflight {
   internal;
   more_set_headers
     'access-control-allow-origin: *'
-    'access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS'
+    'access-control-allow-methods: GET,POST,PUT,PATCH,TRACE,DELETE,HEAD,OPTIONS'
     'access-control-allow-headers: --url,--referer,--cookie,--origin,--ext,--aceh,--ver,accept,accept-charset,accept-encoding,accept-language,accept-datetime,authorization,cache-control,content-length,content-type,date,if-match,if-modified-since,if-none-match,if-range,if-unmodified-since,max-forwards,pragma,range,te,upgrade,upgrade-insecure-requests,x-requested-with,chrome-proxy'
     'access-control-max-age: 1728000'
   ;
@@ -29,40 +29,7 @@ location = /http {
     rewrite           ^   /preflight;
   }
 
-  # decode req headers
-  access_by_lua_block {
-    local hdrs, err = ngx.req.get_headers()
-    local extHdrs
-
-    for k, v in pairs(hdrs) do
-      if k:sub(1, 2) ~= '--' then
-        goto continue
-      end
-
-      ngx.req.clear_header(k)
-      k = k:sub(3)
-
-      if k == 'url' then
-        ngx.var._url = v
-      elseif k == 'ver' then
-        ngx.var._ver = v
-      elseif k == 'aceh' then
-        ngx.ctx._aceh = 1
-      elseif k == 'ext' then
-        extHdrs = require('cjson').decode(v)
-      else
-        ngx.req.set_header(k, v)
-      end
-
-      ::continue::
-    end
-
-    if extHdrs then
-      for k, v in pairs(extHdrs) do
-        ngx.req.set_header(k, v)
-      end
-    end
-  }
+  access_by_lua_file    ../lua/http-dec-req-hdr.lua;
 
   proxy_cache           my_cache;
   proxy_pass            $_url;
@@ -73,89 +40,23 @@ location = /http {
     'content-security-policy-report-only'
     'x-frame-options'
   ;
-
-  # encode res headers
-  header_filter_by_lua_block {
-    local expose = '*'
-    local detail = (ngx.ctx._aceh == 1)
-    local vary = '--url'
-
-    local h, err = ngx.resp.get_headers()
-    for k, v in pairs(h) do
-      if
-        -- headers to escape --
-        k == 'access-control-allow-origin' or
-        k == 'access-control-expose-headers' or
-        k == 'location' or
-        k == 'set-cookie'
-      then
-        if type(v) == 'table' then
-          for i = 1, #v do
-            local x = i .. '-' .. k
-            ngx.header[x] = v[i]
-
-            if detail then
-              expose = expose .. ',' .. x
-            end
-          end
-        else
-          local x = '--' .. k
-          ngx.header[x] = v
-
-          if detail then
-            expose = expose .. ',' .. x
-          end
-        end
-        ngx.header[k] = nil
-
-      elseif k == 'vary' then
-        if type(v) == 'table' then
-          vary = vary .. ', ' .. table.concat(v, ', ')
-        else
-          vary = vary .. ', ' .. v
-        end
-
-      elseif detail and
-        -- not simple header --
-        k ~= 'cache-control' and
-        k ~= 'cache-language' and
-        k ~= 'content-type' and
-        k ~= 'expires' and
-        k ~= 'last-modified' and
-        k ~= 'pragma'
-      then
-        expose = expose .. ',' .. k
-      end
-    end
-
-    if detail then
-      expose = expose .. ',--s'
-      ngx.header['--t'] = '1'
-    end
-
-    ngx.header['access-control-expose-headers'] = expose
-    ngx.header['access-control-allow-origin'] = '*'
-    ngx.header['vary'] = vary
-    ngx.header['--s'] = ngx.status
-    ngx.status = 200
-  }
+  header_filter_by_lua_file  ../lua/http-enc-res-hdr.lua;
 }
 
 
 # WebSocket Proxy
 location = /ws {
-  access_by_lua_block {
-    local query, err = ngx.req.get_uri_args()
-
-    for k, v in pairs(query) do
-      if k == 'url__' then
-        ngx.var._url = v
-      elseif k == 'ver__' then
-        ngx.var._ver = v
-      else
-        ngx.req.set_header(k, v)
-      end
-    end
-  }
+  access_by_lua_file    ../lua/ws-dec-req-hdr.lua;
   proxy_pass            $_url;
 }
+
+
+location = /traff {
+  content_by_lua_block {
+    ngx.say(ngx.shared.traff:get('stat'))
+  }
+  more_set_headers
+    'access-control-allow-origin: *'
+    'cache-control: no-cache'
+  ;
+}

log-svc/README.md

@@ -0,0 +1,21 @@
+nginx 日志备份服务
+
+## 说明
+
+nginx 长时间运行会导致日志文件过大，该服务定期备份日志到 `backup` 目录，并进行压缩。
+
+
+## 依赖
+
+用到了 `brotli` 压缩工具，执行 `setup-brotli.sh` 安装。
+
+最终安装在 `/home/jsproxy/tools/brotli`。
+
+
+## 启动
+
+```bash
+./svc.sh &
+```
+
+使用 `jsproxy` 用户运行，无需 `root`。

log-svc/backup.sh

@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+# 功能：备份 nginx 日志到 backup 目录
+
+SVC_DIR=/home/jsproxy/server
+LOG_DIR=$SVC_DIR/nginx/logs
+
+LOG_FILE=$LOG_DIR/proxy.log
+LOG_SIZE=$(( 32 * 1024 * 1024 ))
+
+ERR_FILE=$LOG_DIR/error.log
+ERR_SIZE=$(( 1 * 1024 * 1024 * 1024 ))
+
+
+# error.log 达到 ERR_SIZE，开始备份（目前只清理）
+errsize=$(stat --printf=%s $ERR_FILE)
+if (( $errsize >= $ERR_SIZE )); then
+  echo > $ERR_FILE
+fi
+
+# proxy.log 达到 LOG_SIZE，开始备份
+logsize=$(stat --printf=%s $LOG_FILE)
+if (( $logsize < $LOG_SIZE )); then
+  exit
+fi
+
+logtime=$(date "+%Y-%m-%d-%H-%M-%S")
+logfile=$SVC_DIR/log-svc/backup/$logtime.log
+
+#
+# 先移走日志文件，然后创建新的日志文件，通知 nginx 重新打开
+# https://www.nginx.com/resources/wiki/start/topics/examples/logrotation/
+#
+mv $LOG_FILE $logfile
+touch $LOG_FILE
+kill -USR1 $(< $LOG_DIR/nginx.pid)
+sleep 1
+
+#
+# 日志压缩
+# 根据实际情况调整策略，在不影响系统的前提下，充分利用剩余 CPU
+# 可尝试其他工具（例如 7z），在开销和效果之间找一个平衡点
+#
+echo "compress $logtime ($logsize bytes)"
+
+if (( $logsize > 100 * 1024 * 1024 )); then
+  # 日志较大，使用快速压缩
+  nice -n 19 \
+    gzip $logfile
+else
+  # 日志不大，使用高强度压缩
+  nice -n 19 \
+    ~/tools/brotli $logfile --rm
+fi
+
+echo "done"

log-svc/backup/README.md

@@ -0,0 +1 @@
+该目录存放临时备份的日志。

log-svc/setup-brotli.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+# 功能：安装 brotli 压缩工具
+# 依赖：cmake（yum install -y cmake）
+
+git clone --depth 1 https://github.com/google/brotli.git
+cd brotli
+
+./configure-cmake
+make
+
+mkdir -p ~/tools
+mv brotli ~/tools
+
+cd ..
+rm -rf brotli

log-svc/svc.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+# 功能：定时调用 backup.sh
+
+echo "log svc running"
+
+# 也可用 crontab
+while true
+do
+  ./backup.sh
+  sleep 60
+done

lua/g.lua

@@ -0,0 +1,37 @@
+local _M = {}
+local traff = ngx.shared.traff
+
+local nReq = 0
+
+
+function _M.inc()
+  nReq = nReq + 1
+end
+
+function _M.syn()
+  traff:incr('nReq', nReq)
+  nReq = 0
+end
+
+function _M.update()
+  local nReq = traff:get('nReq')
+  traff:set('nReq', 0)
+  return nReq
+end
+
+function _M.getStat()
+  return traff:get('stat')
+end
+
+function _M.setStat(stat)
+  return traff:set('stat', stat)
+end
+
+function _M.reset()
+  if traff:get('nReq') == nil then
+    traff:add('nReq', 0)
+    traff:add('stat', '')
+  end
+end
+
+return _M

lua/http-dec-req-hdr.lua

@@ -0,0 +1,34 @@
+-- 功能：还原 HTTP 请求头
+-- 阶段：access_by_lua
+
+local hdrs, err = ngx.req.get_headers()
+local extHdrs
+
+for k, v in pairs(hdrs) do
+  if k:sub(1, 2) ~= '--' then
+    goto continue
+  end
+
+  ngx.req.clear_header(k)
+  k = k:sub(3)
+
+  if k == 'url' then
+    ngx.var._url = v
+  elseif k == 'ver' then
+    ngx.var._ver = v
+  elseif k == 'aceh' then
+    ngx.ctx._aceh = 1
+  elseif k == 'ext' then
+    extHdrs = require('cjson').decode(v)
+  else
+    ngx.req.set_header(k, v)
+  end
+
+  ::continue::
+end
+
+if extHdrs then
+  for k, v in pairs(extHdrs) do
+    ngx.req.set_header(k, v)
+  end
+end