Nginx相关

Nginx常见问题总结

1、解决跨域问题：

1. 前端代码设置base_api

	VUE_APP_BASE_API = '/api'

2. 网站访问域名nginx配置

   server {
       listen 443 http2 ssl;
       listen [::]:443 http2 ssl;
   
       server_name mgmt-web.sxyd.cc;
   
       ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
       ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
       ssl_prefer_server_ciphers on;
       ssl_session_timeout 20m;
       ssl_session_cache shared:SSL:50m;
       ssl_buffer_size 1400;
       ssl_stapling on;
       ssl_stapling_verify on;
   
       ssl_trusted_certificate /etc/nginx/ssl/sxyd.cc.chain.pem;
       ssl_certificate /etc/nginx/ssl/sxyd.cc.pem;
       ssl_certificate_key  /etc/nginx/ssl/sxyd.cc.key;
   
   
       location / {
           root   /usr/share/nginx/html/mgmt-web/dist;
           index  index.html index.htm;
       }
   
   	## 重点是要配置/api/的映射
       location /api/ {
           proxy_pass https://mgmt.sxyd.cc/;
       }
   
       error_page   500 502 503 504  /50x.html;
       location = /50x.html {
           root   /usr/share/nginx/html;
       }
   }
   

3. 服务器域名nginx配置

   upstream mgmt {
       server 127.0.0.1:8895;
       keepalive 100;
   }
   
   server {
       listen 443 http2 ssl;
       listen [::]:443 http2 ssl;
   
       ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
       ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
       ssl_prefer_server_ciphers on;
       ssl_session_timeout 20m;
       ssl_session_cache shared:SSL:50m;
       ssl_buffer_size 1400;
       ssl_stapling on;
       ssl_stapling_verify on;
   
       ssl_trusted_certificate /etc/nginx/ssl/sxyd.cc.chain.pem;
       ssl_certificate /etc/nginx/ssl/sxyd.cc.pem;
       ssl_certificate_key  /etc/nginx/ssl/sxyd.cc.key;
       
       server_name  mgmt.sxyd.cc;
   
       
       location / {
           proxy_pass http://mgmt;
           proxy_http_version 1.1; 
           add_header Strict-Transport-Security max-age=15768000;
           ##重点是配置下面三行 允许访问域名跨域
           add_header Access-Control-Allow-Origin "https://mgmt-web.sxyd.cc/";
           add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE";
           add_header Access-Control-Allow-Headers "Authorization, Content-Type, Origin";
           proxy_set_header Host $http_host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header Upgrade $http_upgrade;  
           proxy_set_header Connection "upgrade"; 
           if ($request_filename ~* ^.*?\.(css|js|svg|gif|jpg|jpeg|png|bmp|swf)$){
                   expires      30d;
           }      
       }
   }
   

   docker

   
   
   sudo docker run -d \
     --name nginx \
     --network host \
     -v /data/nginx/nginx.conf:/etc/nginx/nginx.conf \
     -v /data/nginx/conf.d:/etc/nginx/conf.d \
     -v /data/nginx/ssl:/etc/nginx/ssl \
     -v /data/nginx/data:/usr/share/nginx \
     -v /etc/localtime:/etc/localtime \
     nginx:alpine