前言
- Nginx跨域配置
- 解决nginx不支持Websocket的问题
- Location不保留缓存配置
- 关于Nginx线上跳转线下的问题
-
Nginx跨域配置
server {
listen 80;
server_name xxxx;
access_log /niub/nginx_logs/analyst.ai/xxxxx;
error_log /niub/nginx_logs/analyst.ai/xxxxxx;
#return 301 https://$server_name$request_uri;
#公用配置一直到if结束,都属于跨域
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Headers Origin,X-Requested-With,X-Request-ID,Content-Type,Accept,Authorization;
add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS;
add_header Access-Control-Max-Age 1728000;
if ($request_method = 'OPTIONS') {
return 204;
}
location /api/ {
proxy_pass http://xxxxxx/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}
server {
listen 443 ssl;
server_name xxxxx;
access_log /niub/nginx_logs/analyst.aixxxxxx;
error_log /niub/nginx_logs/analyst.ai/xxxxx;
ssl_certificate /etc/letsencrypt/live/analyst.ai.wild/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/analyst.ai.wild/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:!ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:HIGH:!RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!CBC:!EDH:!kEDH:!PSK:!SRP:!kECDH;
#公用配置
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Headers Origin,X-Requested-With,X-Request-ID,Content-Type,Accept,Authorization;
add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS;
add_header Access-Control-Max-Age 1728000;
if ($request_method = 'OPTIONS') {
return 204;
}
location /abc {
proxy_pass http://xxxxxx:80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $proxy_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
root /niub/www/sourcecode/online-prod-analyst-bond/build;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
try_files $uri $uri/ /index.html;
index index.html;
}
}
解决nginx不支持Websocket的问题
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
location /abc {
proxy_pass http://xxxxxx:80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $proxy_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
Location不保留缓存配置
server {
listen 80;
server_name xxxxx;
access_log /niub/nginx_logs/analyst.ai/xxxxxxx_access.log abcft;
error_log /niub/nginx_logs/analyst.ai/xxxxxxx_error.log info;
return 301 https://$server_name$request_uri;
location /api {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tpa-api.analyst.ai/api;
if ($request_filename ~* .*\.(?:htm|html)$)
{
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
}
关于Nginx线上跳转线下的问题
线上配置
server {
listen 80;
server_name XXXXXXXXX;
access_log /niub/nginx_logs/analyst.ai/XXXXXXXXXXX_access.log abcft;
error_log /niub/nginx_logs/analyst.ai/XXXXXXXXXXXX_error.log info;
return 301 https://$server_name$request_uri;
#公用配置
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Headers Origin,X-Requested-With,X-Request-ID,Content-Type,Accept,Authorization;
add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS;
add_header Access-Control-Max-Age 1728000;
if ($request_method = 'OPTIONS') {
return 204;
}
location / {
root /niub/www/sourcecode/XXXXXXXXXX/build;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
try_files $uri $uri/ /index.html;
index index.html;
}
location /api/company/ {
proxy_pass http://XXXX:80/api/company/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
线上跳转的时候,一定要带着后面的路径
比如: proxy_pass http://XXXX:80/api/company/
因为跳转的时候,指挥带着主机头,不会带着路径
线下配置
server {
listen 80;
server_name bond.analyst.ai;
access_log /u-data/nginx_logs/analyst.ai/bond.analyst.ai_access.log abcft;
error_log /u-data/nginx_logs/analyst.ai/bond.analyst.ai_error.log info;
# return 301 https://$server_name$request_uri;
#公用配置
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Headers Origin,X-Requested-With,X-Request-ID,Content-Type,Accept,Authorization;
add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS;
add_header Access-Control-Max-Age 1728000;
if ($request_method = 'OPTIONS') {
return 204;
}
location /api/company/ {
proxy_pass http://company_bond_analyst_ai/company/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
