Hi
I’m trying to /clean/ up a config file and I’m having a headache trying
to do it.
Consider the following scenario:
- Users from group gfoo must be allowed to GET URL foo, while adminfoo
must be able to POST - Users from group gbar must be allowed to GET URL bar, while adminbar
must be able to POST - …and so on for ~50 groups.
The configuration at this moment is similar to:
server {
listen 80;
server_name foo.domain.com;
location ~ /content/foo {
if ($denied_foo) {
return 403 "Forbidden";
}
...
}
location ~ /page/bar/action...and ~10 locations more per
server…
}
server {
listen 80;
server_name bar.domain.com;
location ~ /content/bar {
if ($denied_bar) {
return 403 “Forbidden”;
}
…
}
location ~ /page/bar/action…and ~10 locations more per
server…
}
…~200 whatever.domain.com servers more
map $request_method:$request_uri:$http_groups $denied_foo {
default 1;
~^GET:/content/foo:gfoo 0;
~^POST:/content/foo:adminfoo 0;
}
map $request_method:$request_uri:$http_groups $denied_bar {
default 1;
~^GET:/content/bar:gbat 0;
~^POST:/content/bar:adminbar 0;
}
…lots of map directives
I’ll like to be able to simplify it doing something like:
server_name (?<myvar>.*)\.domain\.com;
...
map $request_method:$request_uri:$http_groups $denied {
default 1;
~^GET:/content/$myvar:g$myvar 0;
~^POST:/content/$myvar:admin$myvar 0;
}
I have even tried using an auxiliary map this way:
map $servername $myvar {
~^(?<v>.*)\.domain\.com $v;
}
map $request_method:$request_uri:$http_groups $denied {
default 1;
~^GET:/content/$myvar:g$myvar 0;
~^POST:/content/$myvar:admin$myvar 0;
}
But I haven’t succeeded so far. Could you help me?
Having ~200 configuration files doesn’t seem a good option, so omit
“on-build config with script parameters”
Thanks in advance,
Regards.