nginx配置

跨域配置
单域名跨域

# 允许所有来源的跨域请求
    add_header 'Access-Control-Allow-Origin' 'https://test.test.com';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,token,Authorization';
    
    # 设置预检请求的有效期
    add_header 'Access-Control-Max-Age' 1728000;
    
    # 允许携带身份凭证（例如，cookie）
    add_header 'Access-Control-Allow-Credentials' 'true';
    
    # 处理预检请求（OPTIONS请求）
    if ($request_method = 'OPTIONS') {
        return 204;
    }
多域名跨域

# 在http块中定义一个map，将请求的Origin映射到允许的Origin
        map $http_origin $allowed_origin {
              "~^(https://test1.test.com|https://test2.test.com|https://test3.test.com)$" $http_origin;
              default "";
          }
        server {
            listen 80;
        	listen 443 ssl http2;
            server_name test.test.com;
            index index.html index.htm index.php;
            charset utf-8;
            error_log  /var/log/nginx/test.test.com-error.log error;
                 #SSL-START SSL相关配置，请勿删除或修改下一行带注释的404规则
            #error_page 404/404.html;
            #HTTP_TO_HTTPS_START
            if ($server_port !~ 443){
                rewrite ^(/.*)$ https://$host$1 permanent;
            }
            #HTTP_TO_HTTPS_END
            ssl_certificate    /etc/nginx/ssl/test.test.com/test.test.com_cert_chain.pem;
            ssl_certificate_key    /etc/nginx/ssl/test.test.com/test.test.com_key.key;
            ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
            ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
            ssl_prefer_server_ciphers on;
            ssl_session_cache shared:SSL:10m;
            ssl_session_timeout 10m;
            add_header Strict-Transport-Security "max-age=31536000";
            error_page 497  https://$host$request_uri;
        
            #SSL-END
        
            location ^~ / {
                # 设置CORS的响应头
                if ($allowed_origin != "") {
                    add_header 'Access-Control-Allow-Origin' $allowed_origin;
                    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,token';
                    add_header 'Access-Control-Max-Age' 1728000;
                    add_header 'Access-Control-Allow-Credentials' 'true';
                }
        
                # 处理预检请求（OPTIONS请求）
                if ($request_method = 'OPTIONS') {
                    add_header 'Access-Control-Allow-Origin' $allowed_origin;
                    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,token';
                    add_header 'Access-Control-Max-Age' 1728000;
                    add_header 'Access-Control-Allow-Credentials' 'true';
                    return 204;
                }
                
                proxy_pass http://127.0.0.1:9000/;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header REMOTE-HOST $remote_addr;
                proxy_set_header Upgrade $http_upgrade;
                proxy_http_version 1.1;
            }
        }

LiuYuan's Blog

Navigation

Recent Posts