server {
listen 443 ssl;
listen [::]:443 ssl;
server_name localhost;
ssl_certificate cert/server.crt;
ssl_certificate_key cert/server.key;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location /authSignature {
internal; # 只允许内部调用,外部调用报404
proxy_pass $auth_request_uri;
proxy_pass_request_body off; # 不向上游发送包体
proxy_set_header Content-Length ""; # 同上,看情况加或不加
proxy_set_header X-Original-URI $request_uri; # 传递真实请求路径
proxy_set_header X-Original-Remote-Addr $remote_addr; # 传递真实访问者地址
proxy_set_header X-Original-Host $host; # 传递真实请求地址
}
location /archive/file/ {
auth_request /authSignature;
set $auth_request_uri "http://192.168.50.106:32000/auth/signature?$query_string";
#auth_request_set $user $upstream_http_x_forwarded_user;
#proxy_set_header X-User $user; # 可以传递Header
#add_header Set-Cookie $user; # 可以传递Cookie
add_header X-Frame-Options SAMEORIGIN;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
if ($request_method = 'OPTIONS') {
return 204;
}
proxy_pass http://192.168.50.106:31200/;
proxy_read_timeout 1800;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
location /archive/oss/ {
auth_request /authSignature;
set $auth_request_uri "http://192.168.50.106:32000/auth/signature?$query_string";
#auth_request_set $user $upstream_http_x_forwarded_user;
#proxy_set_header X-User $user; # 可以传递Header
#add_header Set-Cookie $user; # 可以传递Cookie
add_header X-Frame-Options SAMEORIGIN;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
if ($request_method = 'OPTIONS') {
return 204;
}
if ($args ~* (.*&|^)X-REQUEST-ID=[^&]*(.*)) {
set $args $1;
}
rewrite ^/archive/oss/(.*)$ /$1?$args break;
proxy_pass http://192.168.50.112:48080/;
proxy_read_timeout 1800;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name localhost;
ssl_certificate cert/server.crt;
ssl_certificate_key cert/server.key;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location /authSignature {
internal; # 只允许内部调用,外部调用报404
proxy_pass $auth_request_uri;
proxy_pass_request_body off; # 不向上游发送包体
proxy_set_header Content-Length ""; # 同上,看情况加或不加
proxy_set_header X-Original-URI $request_uri; # 传递真实请求路径
proxy_set_header X-Original-Remote-Addr $remote_addr; # 传递真实访问者地址
proxy_set_header X-Original-Host $host; # 传递真实请求地址
}
location /archive/file/ {
auth_request /authSignature;
set $auth_request_uri "http://192.168.50.106:32000/auth/signature?$query_string";
#auth_request_set $user $upstream_http_x_forwarded_user;
#proxy_set_header X-User $user; # 可以传递Header
#add_header Set-Cookie $user; # 可以传递Cookie
add_header X-Frame-Options SAMEORIGIN;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
if ($request_method = 'OPTIONS') {
return 204;
}
if ($args ~* (.*&|^)(&)X-REQUEST-ID=[^&]*(.*)) {
set $args $1;
}
rewrite ^/archive/file/(.*)$ /$1?$args break;
proxy_pass http://192.168.50.106:31200/;
proxy_read_timeout 1800;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
location /archive/oss/ {
auth_request /authSignature;
set $auth_request_uri "http://192.168.50.106:32000/auth/signature?$query_string";
#auth_request_set $user $upstream_http_x_forwarded_user;
#proxy_set_header X-User $user; # 可以传递Header
#add_header Set-Cookie $user; # 可以传递Cookie
add_header X-Frame-Options SAMEORIGIN;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
if ($request_method = 'OPTIONS') {
return 204;
}
if ($args ~* (.*&|^)(&)X-REQUEST-ID=[^&]*(.*)) {
set $args $1;
}
rewrite ^/archive/oss/(.*)$ /$1?$args break;
proxy_pass http://192.168.50.112:48080/;
proxy_read_timeout 1800;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
浙公网安备 33010602011771号