I have an Nginx and I need to allow access to Specific Methods for Specific URLs, what's more, is that these URLs contain Regex.

The requirements are as below:

/bill/<SOME_NUMBER_THAT_CHANGES>/verify --> GET & POST only

/bill/ipn/<SOME_STRING_THAT_CHANGES> --> POST only

My current configurations that don't work are as below:

server {
    server_name             foo.example.com;

    location ~ ^/bill/([0-9] )/verify { 
        limit_except GET POST {
           deny all;
        }
        proxy_pass http://app:<PORT>/$1;
        proxy_set_header X-Real-IP $remote_addr;
    }

    location ~ ^/bill/ipn/([A-Za-z0-9] ) { 
        limit_except POST {
           deny all;
        }
        proxy_pass http://app:<PORT>/$1;
        proxy_set_header X-Real-IP $remote_addr;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/foo.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/foo.example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

For instance, whenever I try to curl foo.example.com/bill/540/verify, it returns 404 not found.

I've used the following links to create the above config:

• "proxy_pass" cannot have URI part in location given by regular expression
• Nginx to allow only POST requests for certain URL's
• https://nginx.org/en/docs/http/ngx_http_core_module.html#limit_except

Question: Any idea how to achieve this?

Any help is appreciated, thanks in advance.

CodePudding user response：

Okay, I figured it out:

server {
    server_name             foo.example.com;

    location ~ ([0-9] )\/verify(\?status=.*)* {
        rewrite ([0-9] )\/verify(\?status=.*)* /bill/$1/verify$2 break;
        proxy_pass http://app:<PORT>;
        proxy_set_header X-Real-IP $remote_addr;

        limit_except GET POST {
           deny all;
        }
    }

    location /bill/ipn {
        limit_except POST {
           deny all;
        }
        proxy_pass http://app:<PORT>;
        proxy_set_header X-Real-IP $remote_addr;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/foo.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/foo.example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

The trick was capturing the parts I wanted and then passing them as variables such as $1, $2, ... in the rewrite section.

I used This regex builder in PCRE flavor since it was mentioned in Nginx docs to make sure my regex is correct.