Skip to main content

Using an Ad-Hoc Nginx Server to Catch-Web Requests

Set up Custom Logging

sudo apt install -y libnginx-mod-http-lua

Install Nginx LUA libraries

sudo nano /etc/nginx/nginx.conf

Edit the Nginx configuration file

http {

# ...
# ...
# ...

  
    log_format custom  'Time: $time_local'

                      '
'
                      'Remote Addr: $remote_addr'
                      '
'
                      'Request: $request'
                      '
'
                      'Request Headers: $request_headers'
                      '
'
                      'Body: $request_body'
                      '
'
                      'Status: $status'
                      '
'
                      '-----';

# ...
# ...
# ...
  
}

Add a custom logging format using LUA script

Define an Ad-Hoc Server

sudo nano /etc/nginx/sites-available/ad-hoc.conf

Create a configuration file for the ad-hoc server

server {
    # Replace listener_ip_goes_here with the IP you wish to listen on
    server_name listener_ip_goes_here;
    listen 80;
    
    root /tmp/ad-hoc;
    index index.html;
    # Uncomment to allow directory listing
    # autoindex on;
    
    ##
    # LUA Advanced Logging
    ##
  
    # Lua script to scrape and format the headers
    set_by_lua_block $request_headers {
        local h = ngx.req.get_headers()
        local request_headers_all = ""
        for k, v in pairs(h) do
            request_headers_all = request_headers_all .. ""..k..": "..v..";"
        end
        return request_headers_all
    }
    
    access_log /tmp/ad-hoc/access_verbose.log custom;
    
    location / {
        try_files $uri $uri/ =404;
    }
}

ad-hoc.conf

Enable the Configuration

mkdir /tmp/ad-hoc
sudo ln -s /etc/nginx/sites-available/ad-hoc.conf /etc/nginx/sites-enabled/ad-hoc.conf
sudo nginx -t && sudo systemctl restart nginx

Making any changes to ad-hoc.conf should be done on /etc/nginx/sites-available/ad-hoc.confDO NOT edit the symbolically linked file.

Making any changes will also require a service restart using sudo systemctl restart nginx.

tail -fn 0 /tmp/ad-hoc/access_verbose.log

Monitor the verbose access logs as they come in

You could even add this to your local shell rc file -- like .bashrc or .zshrc

function start_nginx_adhoc () {

  if ! [ -d /tmp/ad-hoc ] ; then
    mkdir /tmp/ad-hoc
  fi
  if ! [ -f /etc/nginx/sites-enabled/ad-hoc.conf ] ; then
    sudo ln -s /etc/nginx/sites-available/ad-hoc.conf /etc/nginx/sites-enabled/ad-hoc.conf
  fi
  sudo nginx -t && sudo systemctl restart nginx

}

If you've just added this function to your rc file, it will require you log out and log back in, or run the command source ~/.zshrc for example

# Invoke the function
start_nginx_adhoc

 

 

Disable the Configuration

sudo systemctl stop nginx
sudo unlink /etc/nginx/etc/sites-enabled/ad-hoc.conf
rm -rf /tmp/ad-hoc

Again with the automation example using your rc file

function stop_nginx_adhoc () {

  sudo systemctl stop nginx
  if [ -d /tmp/ad-hoc ] ; then
     rm -rf /tmp/ad-hoc
  fi
  if [ -f /etc/nginx/sites-enabled/ad-hoc.conf ] ; then
    sudo unlink /etc/nginx/sites-enabled/ad-hoc.conf
  fi

}