Switch to openresty to better handle params

Fix issue where upstream only got the first query param
Strip upstream CORS
2026-01-27 13:56:00 +01:00 · 2026-01-27 13:06:41 +01:00 · 2026-01-27 12:49:58 +01:00 · 2026-01-26 15:00:55 +01:00 · 2026-01-08 14:26:53 +01:00 · 2026-01-07 21:52:09 +01:00
2 changed files with 72 additions and 16 deletions
--- a/16
+++ b/16
@@ -1,15 +1,11 @@
-FROM nginx:alpine
+FROM openresty/openresty:alpine

-# Copy nginx configuration and HTML
-COPY nginx.conf /etc/nginx/nginx.conf
+# Copy config (OpenResty uses this path)
+COPY nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
+# HTML and data dirs (config references /usr/share/nginx/html and /etc/nginx/data)
+RUN mkdir -p /usr/share/nginx/html /etc/nginx/data/cache /etc/nginx/data/temp
 COPY index.html /usr/share/nginx/html/index.html

-# Create data directories
-RUN mkdir -p /etc/nginx/data/cache /etc/nginx/data/temp && \
-    chown -R nginx:nginx /etc/nginx/data
-
-# Expose port
 EXPOSE 3000

-# Start nginx
-CMD ["nginx", "-g", "daemon off;"]
+CMD ["/usr/local/openresty/bin/openresty", "-g", "daemon off;"]
--- a/nginx.conf
+++ b/nginx.conf
@@ -12,26 +12,77 @@ http {
    proxy_cache_path /etc/nginx/data/cache levels=1:2 keys_zone=api_cache:10m max_size=100g inactive=365d;

    error_log /dev/stdout warn;
-    access_log /dev/stdout;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" cache:$upstream_cache_status';
+    access_log /dev/stdout main;

    resolver 127.0.0.11 valid=60s;

+    # Raw url= value from request (stops at next & so %26 in encoded URLs is preserved)
+    map $request_uri $url_encoded {
+        default "";
+        "~*[?&]url=((?:[^&%]|%[0-9A-Fa-f][0-9A-f])*)(?:&|$)" $1;
+    }
+
    server {
        listen 3000;

        location / {
-            # If no url parameter, serve the readme
-            if ($arg_url = "") {
-                rewrite ^ /index.html last;
+            set $backend_base "";
+            # Decode url, build upstream URL, strip our "url=". Force that URI to upstream (variable proxy_pass can send original request URI otherwise)
+            rewrite_by_lua_block {
+                local enc = ngx.var.url_encoded
+                local decoded = (enc and enc ~= "") and ngx.unescape_uri(enc) or ngx.var.arg_url or ""
+                if decoded == "" then
+                    ngx.exec("/index.html")
+                    return
+                end
+                local args = ngx.var.args or ""
+                local rest = args:gsub("^url=[^&]*&?", ""):gsub("&url=[^&]*", ""):gsub("^url=[^&]*$", "")
+                local full = decoded
+                if rest ~= "" then
+                    local sep = decoded:find("?") and "&" or "?"
+                    full = decoded .. sep .. rest
+                end
+                local scheme, host, pathquery = full:match("^(https?)://([^/]+)(.*)$")
+                if not host then
+                    ngx.status = 400
+                    ngx.say("invalid url")
+                    return ngx.exit(400)
+                end
+                if pathquery == "" then pathquery = "/" end
+                local path = pathquery:match("^([^?]*)") or "/"
+                local query = pathquery:match("%?(.*)$") or ""
+                ngx.var.backend_base = scheme .. "://" .. host
+                ngx.req.set_uri(path)
+                ngx.req.set_uri_args((query:gsub("^%?", "")))
            }
-
-            proxy_pass $arg_url;
+            proxy_pass $backend_base$uri$is_args$args;
            proxy_http_version 1.1;
            proxy_set_header Host $proxy_host;
            proxy_ssl_server_name on;

+            # Strip upstream CORS so we only send our own (duplicate = browser reject)
+            proxy_hide_header Access-Control-Allow-Origin;
+            proxy_hide_header Access-Control-Allow-Methods;
+            proxy_hide_header Access-Control-Allow-Headers;
+            proxy_hide_header Access-Control-Expose-Headers;
+            proxy_hide_header Access-Control-Max-Age;
+
+            # CORS headers — replace with our own *
+            add_header Access-Control-Allow-Origin * always;
+            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH" always;
+            add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Cache,X-NoCache,X-Status" always;
+            add_header Access-Control-Expose-Headers "X-Cache-Status" always;
+
+            # Handle preflight OPTIONS requests
+            if ($request_method = 'OPTIONS') {
+                return 204;
+            }
+
            proxy_cache api_cache;
            proxy_cache_valid 200 201 202 203 204 205 206 207 208 226 365d;
+            proxy_ignore_headers Cache-Control Expires;

            proxy_cache_bypass $http_x_nocache;
            proxy_no_cache $http_x_nocache;
@@ -43,6 +94,15 @@ http {

        location = /index.html {
            root /usr/share/nginx/html;
+            # CORS headers for HTML interface
+            add_header Access-Control-Allow-Origin * always;
+            add_header Access-Control-Allow-Methods "GET, OPTIONS" always;
+            add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" always;
+
+            # Handle preflight OPTIONS requests
+            if ($request_method = 'OPTIONS') {
+                return 204;
+            }
        }
    }
 }
Author	SHA1	Message	Date
PhatPhuckDave	07572f8e6c	Switch to openresty to better handle params	2026-01-27 13:56:00 +01:00
PhatPhuckDave	da68d078b0	Fix issue where upstream only got the first query param	2026-01-27 13:06:41 +01:00
PhatPhuckDave	9d48ce54c1	Strip upstream CORS	2026-01-27 12:49:58 +01:00
PhatPhuckDave	c120d7a164	Ignore cache control header	2026-01-26 15:00:55 +01:00
PhatPhuckDave	6aa7c63b07	Force CORS	2026-01-08 14:26:53 +01:00
PhatPhuckDave	05c4e86f4b	Add cache logs	2026-01-07 21:52:09 +01:00