proxy_cookie_path not working in nginx

Question

what ever cookie response is coming from my backend Server. I want to change PATH value in cookie request.

After learing from nginx, i was asked to use proxy_cookie_path directive

So I have been trying to use proxy_cookie_path directive field in my nginx configuration.

Here is response from nginx back to client. Trying to change value of PATH from / to /abc/xyz/120

HTTP/1.1 201 CREATED
Server: nginx
Date: Thu, 31 Aug 2017 12:16:10 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Cookie
X-Frame-Options: SAMEORIGIN
Allow: POST, OPTIONS
Set-Cookie: expires=Thu, 30-Aug-2018 12:19:09 GMT; Max-Age=31449600; Path=/
Strict-Transport-Security: max-age=15768000

And here are nginx rules

 # proxy needed for auth to work
   location /tron/api/v1/ {

   proxy_ssl_session_reuse off;
  # End of extra settings
   proxy_set_header        X-Real-IP $remote_addr;
   proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

   proxy_set_header        X-Forwarded-Host $host;
   proxy_set_header        X-Forwarded-Server $host;

  # End of extra settings
    proxy_set_header        X-Scheme $scheme;

   location ~ ^/tron/api/v1/(.*) {

  if ($cookie_VD_TYPE = "XYZ") {

  proxy_pass              https://10.132.250.$cookie_XYZ/tron/api/v1/$1$is_args$args;
  proxy_cookie_path off;
  proxy_cookie_path      / /abc/xyz/120;

 }

  proxy_pass            https://10.132.250.$cookie_ABC/tron/api/v1/$1$is_args$args;
 }
}

So Problem is when i added

proxy_cookie_path off; proxy_cookie_path / /abc/xyz/120;

Using this directive gives me error

 "proxy_cookie_path" directive is not allowed here in /etc/nginx/sites-enabled/default

I have checked my nginx -V to know if it installed. So my question here is :-

1. Is it correct approach i.e. proxy_cookie_path is solution ?

2. If proxy_cookie_path is solution then i am not placing it on correct place. Correct me if i am wrong.

nginx/1.10.1 built with OpenSSL 1.0.1f 6 Jan 2014 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/headers-more-nginx-module --add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/nginx-auth-pam --add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/nginx-cache-purge --add-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/nginx-dav-ext-module --add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/nginx-development-kit --add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/nginx-echo --add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/ngx-fancyindex --add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/nchan --add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/nginx-lua --add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/nginx-upload-progress --add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/nginx-upstream-fair --add-dynamic-module=/build/nginx-JCHwcf/nginx-1.10.1/debian/modules/ngx_http_substitutions_filter_module

Answer 1

You need to use proxy_cookie_pathoutside of if block. proxy_cookie_path is only allowed in http, server, location. So you can use it inside a if block inside location.

Edit-1

If for some reason still need to do this. Try below config

location /tron/api/v1/ {
  error_page 418 = @xyz_cookie;

  recursive_error_pages on;
  proxy_ssl_session_reuse off;
  # End of extra settings
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

  proxy_set_header X-Forwarded-Host $host;
  proxy_set_header X-Forwarded-Server $host;

  # End of extra settings
  proxy_set_header X-Scheme $scheme;

  if ($cookie_VD_TYPE = "XYZ") {
    return 418;
  }

  proxy_pass https://10.132.250.$cookie_ABC/tron/api/v1/$1$is_args$args;
}

location @xyz_cookie {
  proxy_ssl_session_reuse off;
  # End of extra settings
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

  proxy_set_header X-Forwarded-Host $host;
  proxy_set_header X-Forwarded-Server $host;

  # End of extra settings
  proxy_set_header X-Scheme $scheme;

  proxy_pass   https://10.132.250.$cookie_XYZ/tron/api/v1/$1$is_args$args;
  proxy_cookie_path      / /abc/xyz/120;
}

Read If is Evil to know more about issues with IF