• nginx请求转发配置


    以下为无ssl证书配置的请求转发
    
    server {
        listen 80;
        server_name api.****.com;
        #以下为指定请求域名匹配到某一个端口
        #location ~* /union {
        #以下为全部转发到某一个端口
        location / {
          client_max_body_size   3000m;
          proxy_next_upstream http_502 http_504 error timeout invalid_header;
    
          proxy_set_header   Host $host;
          proxy_set_header   X-Real-IP $remote_addr;
          proxy_set_header   X-Real-PORT $remote_port;
          proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    
          proxy_pass http://127.0.0.1:8080;
          proxy_redirect default;
          proxy_connect_timeout 3000;
    
          if ($http_origin ~ https://(.*).****.com){
              set $allow_url $http_origin;
          }
    
          if ($request_method = OPTIONS) {
              add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, HEAD";
    #         add_header Access-Control-Allow-Origin $allow_url;
              add_header Access-Control-Allow-Origin *;
              add_header Access-Control-Allow-Headers "Cookie,Set-Cookie,Origin,X-Requested-With,token,authorization,Accept,Content-type";
              add_header Access-Control-Allow-Credentials "true";
              add_header Content-Type "text/plain; charset=utf-8";
              add_header Content-Length 0;
            return 204;
          }
        }
    }
    
    
    以下为有ssl请求转发
    
    
    server {
        listen 80;
        server_name api.****.com;
        rewrite ^(.*)$ https://${server_name}$1 permanent;
    }
    
    server {
        listen 443;
        server_name api.****.com;
        ssl on;
        ssl_certificate   /etc/nginx/cert/api.pem;
        ssl_certificate_key  /etc/nginx/cert/api.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        #以下为指定请求域名匹配到某一个端口
        #location ~* /union {
        #以下为全部转发到某一个端口
        location / {
          client_max_body_size   3000m;
          proxy_next_upstream http_502 http_504 error timeout invalid_header;
    
          proxy_set_header   Host $host;
          proxy_set_header   X-Real-IP $remote_addr;
          proxy_set_header   X-Real-PORT $remote_port;
          proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    
          proxy_pass http://127.0.0.1:8080;
          proxy_redirect default;
          proxy_connect_timeout 3000;
    
          if ($request_method = OPTIONS) {
              add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, HEAD";
              add_header Access-Control-Allow-Origin *;
              add_header Access-Control-Allow-Headers "Cookie,Set-Cookie,Origin,X-Requested-With,token,authorization,Accept,Content-type";
              add_header Access-Control-Allow-Credentials "true";
              add_header Content-Type "text/plain; charset=utf-8";
              add_header Content-Length 0;
            return 204;
          }
        }
    }
  • 相关阅读:
    android从资源文件中读取文件流显示
    Android利用Bundle实现Activity间消息的传递
    MyEclipse 9本地安装插件的方法
    XXE漏洞利用详解
    批处理编写
    初见提权
    个人对ip的理解
    业务逻辑漏洞利用
    NTFS安全权限
    Windows系统管理
  • 原文地址:https://www.cnblogs.com/hahahehexixihoho/p/10831613.html
Copyright © 2020-2023  润新知