a-vasyliev · March 25, 2015 11:42
diff --git a/example.com.conf b/example.com.conf
 server {
        listen       443;
        server_name  example.com;

        error_log    /var/log/nginx/example_com_error.log warn;

        ssl                    on;
        ssl_certificate        /etc/nginx/ssl/your.crt; #certificate chains
        ssl_certificate_key    /etc/nginx/ssl/your.key; #private key
        
        # enable compressing if needed
        gzip on;
        gzip_disable "msie6";

        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 6;
        gzip_buffers 16 8k;
        gzip_http_version 1.1;

        root /var/www/your/root;

        # most interesting part
        # here I remove utm_source, utm_content, utm_term, utm_campaign, utm_medium query parameters
        set $c_uri $args; # e.g. "param1=true&param4=false"
        
        if ($c_uri ~ (.*)(?:&|^)utm_source=[^&]*(.*)) {
           set $c_uri $1$2;
        }

        if ($c_uri ~ (.*)(?:&|^)utm_term=[^&]*(.*)) {
           set $c_uri $1$2;
        }
        
        if ($c_uri ~ (.*)(?:&|^)utm_campaign=[^&]*(.*)) {
           set $c_uri $1$2;
        }        

        if ($c_uri ~ (.*)(?:&|^)utm_medium=[^&]*(.*)) {
           set $c_uri $1$2;
        }

        if ($c_uri ~ (.*)(?:&|^)utm_content=[^&]*(.*)) {
           set $c_uri $1$2;
        }

        if ($c_uri ~ ^&(.*)) {
           set $c_uri $1;
        }

        set $c_uri $is_args$c_uri;

        if ($c_uri ~ ^\?$) {
           set $c_uri "";
        }
   
        # finally we have stripped out utms and has nice cache key
        set $c_uri $uri$c_uri;

        # my injected script, hosted on frontend (nginx)
        location /hack.js {
            
        }

        # never cache /checkout/*
        location /checkout/ {
            proxy_pass     http://backend-server.com:80/checkout/;
            include        proxy.conf;
            proxy_no_cache 1;
        }

        # cache every page and static file
        location / {
            # I'm using "cleaned_uri" ($c_uri) for backend also
            proxy_pass http://backend-server.com:80$c_uri;
            # our proxy config
            include    proxy.conf;
            # for debugging, just to ensure that $c_uri is correct
            add_header X-CACHE-KEY $c_uri;
            # set $c_uri as cache_key
            proxy_cache_key $c_uri;
        }
 }

 # server to force http -> https redirect
 server {
    listen      80;
    server_name example.com;

    return 301 https://example.com$request_uri;
 }

 # server to remove www
 server {
    listen      80;
    server_name www.example.com;

    return 301 https://example.com$request_uri;
 }
diff --git a/nginx.conf b/nginx.conf
 ### ....   ###
 # Enable cache in /etc/nginx/nginx.conf
 proxy_cache_path /usr/data/nginx/cache levels=1:2 keys_zone=cache:8m max_size=1000m inactive=180m;
 proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args";
 proxy_cache_valid 404 1m;
 proxy_cache_valid 200 360m;
 ### ....   ###
diff --git a/proxy.conf b/proxy.conf
 # change backend redirects (http -> https) 
 proxy_redirect     http://example.com https://example.com;

 # proxy host, real IP address, etc. for backend
 # Accept-Encoding is set to "" because in my case content is gzipped, but I need to apply subs_filter directives
 proxy_set_header   Host             $host;
 proxy_set_header   X-Real-IP        $remote_addr;
 proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
 proxy_set_header   Accept-Encoding  "";

 proxy_buffering    on;
 proxy_buffer_size  128k;
 proxy_buffers 100  128k;

 # replace content received from backend
 # I'm replacing all http: to https:
 subs_filter_types application/json; # to replace json also
 subs_filter "http:" "https:" gi;
 # inject some Javascript, for example
 subs_filter "</body>" "<script type=\"text/javascript\" src=\"//example.com/hack.js\"></script></body>";
 # output cache status element, I'm hidding it afterwards, but my injected Javascript uses this data
 subs_filter "</body>" "<div id='cache-status'>$upstream_cache_status</div></body>";

 # setup cache zone
 proxy_cache cache;
 # cache all pages from backend, ignore headers. This headers prevents caching. Be carefull with it.
 proxy_ignore_headers Cache-Control Expires;
 # Bypass page cache if header "SECRET_HEADER 1" was sent to Nginx
 proxy_cache_bypass $http_secret_header;
 # Service information, adds header with page cache status (MISS, HIT, BYPASS, etc.)
 add_header X-Cache-Status $upstream_cache_status;
	server {
	listen 443;
	server_name example.com;

	error_log /var/log/nginx/example_com_error.log warn;

	ssl on;
	ssl_certificate /etc/nginx/ssl/your.crt; #certificate chains
	ssl_certificate_key /etc/nginx/ssl/your.key; #private key

	# enable compressing if needed
	gzip on;
	gzip_disable "msie6";

	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;

	root /var/www/your/root;

	# most interesting part
	# here I remove utm_source, utm_content, utm_term, utm_campaign, utm_medium query parameters
	set $c_uri $args; # e.g. "param1=true&param4=false"

	if ($c_uri ~ (.)(?:&\|^)utm_source=[^&](.*)) {
	set $c_uri $1$2;
	}

	if ($c_uri ~ (.)(?:&\|^)utm_term=[^&](.*)) {
	set $c_uri $1$2;
	}

	if ($c_uri ~ (.)(?:&\|^)utm_campaign=[^&](.*)) {
	set $c_uri $1$2;
	}

	if ($c_uri ~ (.)(?:&\|^)utm_medium=[^&](.*)) {
	set $c_uri $1$2;
	}

	if ($c_uri ~ (.)(?:&\|^)utm_content=[^&](.*)) {
	set $c_uri $1$2;
	}

	if ($c_uri ~ ^&(.*)) {
	set $c_uri $1;
	}

	set $c_uri $is_args$c_uri;

	if ($c_uri ~ ^\?$) {
	set $c_uri "";
	}

	# finally we have stripped out utms and has nice cache key
	set $c_uri $uri$c_uri;

	# my injected script, hosted on frontend (nginx)
	location /hack.js {

	}

	# never cache /checkout/*
	location /checkout/ {
	proxy_pass http://backend-server.com:80/checkout/;
	include proxy.conf;
	proxy_no_cache 1;
	}

	# cache every page and static file
	location / {
	# I'm using "cleaned_uri" ($c_uri) for backend also
	proxy_pass http://backend-server.com:80$c_uri;
	# our proxy config
	include proxy.conf;
	# for debugging, just to ensure that $c_uri is correct
	add_header X-CACHE-KEY $c_uri;
	# set $c_uri as cache_key
	proxy_cache_key $c_uri;
	}
	}

	# server to force http -> https redirect
	server {
	listen 80;
	server_name example.com;

	return 301 https://example.com$request_uri;
	}

	# server to remove www
	server {
	listen 80;
	server_name www.example.com;

	return 301 https://example.com$request_uri;
	}
	### .... ###
	# Enable cache in /etc/nginx/nginx.conf
	proxy_cache_path /usr/data/nginx/cache levels=1:2 keys_zone=cache:8m max_size=1000m inactive=180m;
	proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args";
	proxy_cache_valid 404 1m;
	proxy_cache_valid 200 360m;
	### .... ###
	# change backend redirects (http -> https)
	proxy_redirect http://example.com https://example.com;

	# proxy host, real IP address, etc. for backend
	# Accept-Encoding is set to "" because in my case content is gzipped, but I need to apply subs_filter directives
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Accept-Encoding "";

	proxy_buffering on;
	proxy_buffer_size 128k;
	proxy_buffers 100 128k;

	# replace content received from backend
	# I'm replacing all http: to https:
	subs_filter_types application/json; # to replace json also
	subs_filter "http:" "https:" gi;
	# inject some Javascript, for example
	subs_filter "</body>" "<script type=\"text/javascript\" src=\"//example.com/hack.js\"></script></body>";
	# output cache status element, I'm hidding it afterwards, but my injected Javascript uses this data
	subs_filter "</body>" "<div id='cache-status'>$upstream_cache_status</div></body>";

	# setup cache zone
	proxy_cache cache;
	# cache all pages from backend, ignore headers. This headers prevents caching. Be carefull with it.
	proxy_ignore_headers Cache-Control Expires;
	# Bypass page cache if header "SECRET_HEADER 1" was sent to Nginx
	proxy_cache_bypass $http_secret_header;
	# Service information, adds header with page cache status (MISS, HIT, BYPASS, etc.)
	add_header X-Cache-Status $upstream_cache_status;