Nginx 配置反向代理 add_header 不生效的原因及解决办法 作者: Chuwen 时间: 2021-04-30 分类: Nginx 评论 ## 背景 因同事用 Hyperf 搭建的接口,然后用 Vue.js 写的前端去调用,出现跨域问题 ## 无效原因 > Nginx `add_header` 只对 `200,201,204,206,301,302,303,304,307` 这些状态码生效,对于 401 405 403 这些状态码是不生效的。 恰好我测试的时候就随便访问了个链接,返回的状态码是 **404** 的,结果一直刷新都不出来添加的 `header` ## 解决办法 在末尾加一个 `always` 即可,即: ```conf add_header Access-Control-Allow-Origin * always; ``` 此外还引出一个问题,就是如果你将 **Access-Control-Allow-Origin** 头的值设置为 `*`,那么前端进行请求时,不出意外的话浏览器控制台就会提示这个错误:  > Access to XMLHttpRequest at 'http://api.xxxxxxx.com/v1/userinfo from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute. > > **机翻成中文:** > > 通过CORS策略已阻止从来源 “http://localhost:8080” 访问 “http://api.xxxxxxx.com/v1/userinfo” 处的XMLHttpRequest:对预检请求的响应未通过访问 控制检查:当请求的凭据模式为“包括”时,响应中“访问控制允许-来源”标头的值不得为通配符“ *”。 XMLHttpRequest 发起的请求的凭据模式由 withCredentials 属性控制。 > > 相关链接:https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials ### 原因是:当前端(如 axios)配置 `withCredentials=true` 时, 后端配置 `Access-Control-Allow-Origin` 不能为 `*`, 必须是相应地址 ### axios 设置 withCredentials 为 false ```js // axios配置 axios.defaults.withCredentials = false; // 携带cookie ``` --- 更多相关跨于问题,这篇文章可以作参考:https://juejin.cn/post/6844903748288905224 以下是从上述链接渣摘抄 ### 问题 1 > 解决方案:当前端配置withCredentials=true时, 后端配置Access-Control-Allow-Origin不能为*, 必须是相应地址 ``` Access to XMLHttpRequest at 'http://127.0.0.1:8081/getInfo?t=1545900042823' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute. ``` ### 问题 2 > 解决方案:当配置withCredentials=true时, 后端需配置Access-Control-Allow-Credentials ``` Access to XMLHttpRequest at 'http://127.0.0.1:8081/getInfo?t=1545899934853' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute. ``` ### 问题 3 > 解决方案:当前端配置请求头时, 后端需要配置Access-Control-Allow-Headers为对应的请求头集合 ``` Access to XMLHttpRequest at 'http://127.0.0.1:8081/getInfo?t=1545898876243' from origin 'http://localhost:8080' has been blocked by CORS policy: Request header field x-requested-with is not allowed by Access-Control-Allow-Headers in preflight response. ```
Nginx 暴力解决使用 CDN/负载均衡后日志里记录的 IP 不是用户真实 IP | Nginx 获取真实用户 IP 作者: Chuwen 时间: 2020-04-17 分类: Nginx 评论 # 暴力配置 > 修改 `nginx.conf` 或 `vhost.conf` 之类的文件,将以下配置放在 `http` 里或 `server` 里,实现的效果请继续往下看 ``` set_real_ip_from 0.0.0.0/0; real_ip_header X-Forwarded-For; real_ip_recursive on; ``` ## 1. 放在 `http` 里,放到这里是全局的,一劳永逸 > 注意:我测试并没有什么异常,即使是加了 CDN 和没加 CDN,Nginx 日志都一样正确记录 IP(前提是你像我这样配置了) ![放在 `http` 里,放到这里是全局的,一劳永逸][1] ## 2. 放在 `server` 里,每个网站单独配置 ![放在 `server` 里,每个网站单独配置][2] # 效果 ![效果][3] [1]: https://cdn.nowtime.cc/2020/04/17/4089011037.png [2]: https://cdn.nowtime.cc/2020/04/17/2020278309.png [3]: https://cdn.nowtime.cc/2020/04/17/4204025706.png
Nginx/Tengine 添加模块(非覆盖安装) 作者: Chuwen 时间: 2020-04-06 分类: Nginx 评论 > 假设我要添加 [nginx-http-concat][1] 这个模块 # 查看原来的编译参数 ``` nginx -V ``` 返回结果 ``` root@Chuwen:~/tengine-2.3.2# nginx -V Tengine version: Tengine/2.3.2 nginx version: nginx/1.17.3 built by gcc 6.3.0 20170516 (Debian 6.3.0-18+deb9u1) built with OpenSSL 1.1.1b 26 Feb 2019 TLS SNI support enabled configure arguments: --user=www --group=www --prefix=/www/server/nginx --add-module=/www/server/nginx/src/ngx_devel_kit --add-module=/www/server/nginx/src/lua_nginx_module --add-module=/www/server/nginx/src/ngx_cache_purge --add-module=/www/server/nginx/src/nginx-sticky-module --with-openssl=/www/server/nginx/src/openssl --with-pcre=pcre-8.43 --with-http_v2_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_stub_status_module --with-http_ssl_module --with-http_image_filter_module --with-http_gzip_static_module --with-http_gunzip_module --with-ipv6 --with-http_sub_module --with-http_flv_module --with-http_addition_module --with-http_realip_module --with-http_mp4_module --with-ld-opt=-Wl,-E --with-cc-opt=-Wno-error --with-http_dav_module --add-module=/www/server/nginx/src/nginx-dav-ext-module ``` # 添加需要的模块 ``` --add-module=/root/nginx-http-concat-master ``` # 重新编译配置 > 加上之前的参数与新增的参数 ``` # 进入源码目录,假设你没有删除 cd /www/server/nginx ./configure --user=www --group=www --prefix=/www/server/nginx --add-module=/root/ngx_devel_kit --add-module=/www/server/nginx/src/lua_nginx_module --add-module=/www/server/nginx/src/ngx_cache_purge --add-module=/www/server/nginx/src/nginx-sticky-module --with-openssl=/www/server/nginx/src/openssl --with-pcre=pcre-8.43 --with-http_v2_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_stub_status_module --with-http_ssl_module --with-http_image_filter_module --with-http_gzip_static_module --with-http_gunzip_module --with-ipv6 --with-http_sub_module --with-http_flv_module --with-http_addition_module --with-http_realip_module --with-http_mp4_module --with-ld-opt=-Wl,-E --with-cc-opt=-Wno-error --with-http_dav_module --add-module=/www/server/nginx/src/nginx-dav-ext-module \ --add-module=/root/nginx-http-concat-master # 添加模块 ``` # 执行编译,但不安装 ``` make ``` # 查看下编译好的二进制文件 ``` ldd objs/nginx |grep lua ``` # 替换 nginx 二进制文件 ``` mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx_back_2020.04.06 cp ./objs/nginx /www/server/nginx/sbin/nginx ``` --- 参考自:https://blog.linuxhub.cn/?p=3220 [1]: https://github.com/alibaba/nginx-http-concat
Nginx如何配置跨域(多个域名) 作者: Chuwen 时间: 2020-03-17 分类: Nginx 评论 ### 设需要允许来源为 `localhost` 或 `*.example.com` 下所有二级域名的访问,在 nginx 中只需要类似这样配置即可: ``` location / { set $match ""; # 支持http及https if ($http_origin ~* 'https?://(localhost|.*\.example\.com)') { set $match "true"; } if ($match = "true") { add_header Access-Control-Allow-Origin "$http_origin"; add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; add_header Access-Control-Allow-Methods GET,POST,OPTIONS,DELETE; add_header Access-Control-Allow-Credentials true; } # 处理OPTIONS请求 if ($request_method = 'OPTIONS') { return 204; } } ———————————————— ``` --- 原文链接:https://blog.csdn.net/moxiaomomo/article/details/82970004
ThinkPHP 5.1 开启了 app_debug,但访问不存在的模块依旧是 nginx 默认 404 页面 解决办法 作者: Chuwen 时间: 2019-01-08 分类: Nginx 评论 ## 只需要在 nginx.conf 加上下面代码即可: ``` fastcgi_intercept_errors on; ```