CORS的NGINX配置和正确的HTTPS重新路由
嗨,我对NGINX非常缺乏经验,我很难理解为什么事情不能按预期工作。我正在尝试测试我用docker容器制作的API,该容器使用以下命令运行:CORS的NGINX配置和正确的HTTPS重新路由,nginx,Nginx,嗨,我对NGINX非常缺乏经验,我很难理解为什么事情不能按预期工作。我正在尝试测试我用docker容器制作的API,该容器使用以下命令运行:docker run-d-v$(pwd):/app-p8080:8000--rm wiseast/yau bot 我可以在http://ffpr.isi.edu:8080/api使用POST请求,但使用javascript的AJAX上的相同请求返回一个明显频繁的请求的资源上不存在“Access Control Allow Origin”头。错误。我试图在我的
docker run-d-v$(pwd):/app-p8080:8000--rm wiseast/yau bothttp://ffpr.isi.edu:8080/api请求的资源上不存在“Access Control Allow Origin”头。add_header“Access Control Allow Origin”*,启用CORS来绕过这个问题因为我可以控制它,但它没有解决问题。同样让我烦恼的是,有了邮递员,我可以向http://ffpr.isi.edu:8080/api
但不适用于https://ffpr.isi.edu:8080/api
另外,我有一个重新路由的问题,我觉得应该是直截了当的,因为我已经读到了,但没有工作。我有一个网页正确地重新路由http://ffpr.isi.edu
至https://ffpr.isi.edu
但其余的重新路由无效。例如http://ffpr.isi.edu:5050/
不安全地通过端口80加载,并且不会重新路由到https://ffpr.isi.edu:5050/
。另一方面,https://ffpr.isi.edu:5050/
由于超时错误根本无法打开
这是我的完整nginx.conf
文件:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
upstream frontend {
server 0.0.0.0:8000;
}
upstream ased_api {
server 0.0.0.0:5000;
}
upstream ya_bot {
server 0.0.0.0:8080;
}
upstream yesand {
server 0.0.0.0:5050;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
return 301 https://$host$request_uri;
}
# Settings for a TLS enabled server.
#
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ffpr.isi.edu;
ssl_certificate "/etc/nginx/ssl/ffpr_isi_edu_cert.cer";
ssl_certificate_key "/etc/nginx/ssl/ffpr_isi_edu.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
add_header 'Access-Control-Allow-Origin' '*';
proxy_pass http://frontend;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /api {
proxy_pass http://ased_api;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /ya_bot {
proxy_pass http://ya_bot;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
location /yesand {
add_header 'Access-Control-Allow-Origin' '*';
proxy_pass http://yesand;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
root /usr/share/nginx/html;
ssl_certificate "/etc/nginx/ssl/ffpr_isi_edu_cert.cer";
ssl_certificate_key "/etc/nginx/ssl/ffpr_isi_edu.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
我已经忍受这些问题很久了,非常感谢任何指点 根据我的经验,add_标题“访问控制允许源”*;在代理计算机上未修复该问题
但是,将后端API中的“Access Control Allow Origin”头设置为响应头确实有效。例如,您可以在后端API上运行以下Go代码:
(*w).Header().Set(“Access-Control-Allow-Credentials”, “proxy-host-name”)
至于重定向问题,您不需要使用两个单独的服务器块,请在nginx.conf中尝试以下方法:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ffpr.isi.edu;
ssl_certificate "/etc/nginx/ssl/ffpr_isi_edu_cert.cer";
ssl_certificate_key "/etc/nginx/ssl/ffpr_isi_edu.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
if ($scheme != https) {
return 301 https://$host$request_uri
}
}
我希望这能有所帮助。后端必须有一个带有“选项”方法的路由来回答前端对特定路由的请求,您正在寻找NGINX上的问题,您需要修复应用程序上的问题。这是一种“不安全”的方式,可以使CORS对应用程序上的所有人开放谢谢!我已经用你的代码替换了它,现在看起来好像是重定向到同一个https链接!CORS的问题似乎尚未解决,但我正在开发后端api以添加类似的头。